Environmental health and private sector housing privacy notice

What personal information do we collect?

The organisation collects and processes a range of information about you. This includes

  • your name, address and contact details, including email address and telephone number, date of birth etc.
  • payment card details and transactional data including payments to and from you
  • details of any business you operate, premises you occupy or vehicle you use or own
  • medical conditions and health information.

The organisation collects this information in a variety of ways. For example, data is collected through application forms, complaints and requests for service and general correspondence.

Why do we process personal data?
Processing your information is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority. We have a duty under the law to collect and process information in connection with the legislation we enforce or administrate e.g. as listed in Schedule 1 below. In some cases, we need to process data to ensure that we are complying with our legal obligations. Sensitive data is processed because it is necessary for the exercise of a function conferred on us by an enactment or rule of law or because we have a duty to protect the public against dishonesty.
Who has access to your personal data?

Where necessary your information will be shared with the parties set out below for the purposes stated above.

  • Police
  • Surrey Fire and Rescue
  • Commissioned partners
  • Central government bodies e.g. Defra, EA, FSA, HSE, HMRC
  • Public Health England
  • Other local authorities
  • Other departments or sections of Runnymede Borough Council and Council Committees
  • Local Government Ombudsman

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and data protection laws. They are also obliged to implement appropriate technical and organisational measures to ensure the security of data.

We will not transfer your data to countries outside the European Economic Area. Additionally, we are required to disclose information to the public with respect to our public registers of

  • Caravan site licence holders
  • Acupuncture practitioners registered to practice in Runnymede and the places they have registered as being premises where acupuncture is carried out
  • Tattooist, electrolysis and piercing businesses registered to carry out their business in Runnymede and registered premises where these activities may be carried out
  • Register of food business operators
  • Licensed HMO register
How do we protect personal data?
We take the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Data will only be processed by members of staff authorised by us for this purpose. Access to our systems is limited to members of the licensing and private sector housing teams whose job role requires access to the personal data.
How long do we keep your personal data?
We process many different types of information. Some information has to be retained for legal reasons and information can be kept longer to understand decisions that have been made.
Your rights

As a data subject, you have a number of rights. You can

  • access and obtain a copy of your data on request (known as a subject access request)
  • require us to change incorrect or incomplete data
  • ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing. Where possible we will seek to comply with your request, but we may be required to hold or process information to comply with a legal requirement.
  • object to the processing of your personal data in certain circumstances.

We may still be required to hold or process information if there are legitimate grounds for doing so.