The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
The personal data we hold on you consists of the name and address of your business. The Food Standards Agency obtains this data from your local authority.
We need to collect this data for the purposes of fulfilling our statutory obligations, under Article 31 of Regulation (EC) No 882/2004 on official controls and Articles 19(1) and 19(2) of Regulation (EC) No 183/2005 laying down requirements for feed hygiene, to make details of feed businesses available to persons enquiring about the registration and/or approval status of feed business operators. We will not collect any personal data which we do not need.
We may also analyse this data along with other information we hold about you and information we have obtained from public and/or private sources for the purpose of helping us evaluate risk. We do this in line with the exercise of official authority vested in us under the Food Standards Act and the performance of a task carried out in the public interest.
What we do with it
We retain the personal data only for as long as necessary to carry out these functions, and in line with our retention policy. This means that the data will be retained for as long as a business remains registered and/or approved as a feed business operator. Historical lists of registered and/or approved businesses are retained for 6 years.
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
The details of approved feed business establishments are published on the FSA website. The list of registered feed business establishments is held centrally by the FSA but not published.
This data may be shared with other government agencies responsible for the official control of animal feed, e.g. the Veterinary Medicines Directorate’s Inspection and Investigations Team and the Animal Health and Veterinary Laboratories Agency, other public bodies and organisations to assist them in the performance of their official duties or when it is in the public interest to do so. We may also share the data as part of risk evaluation and analysis with public bodies or private organisations, such as Trading Standards and Port Health Authorities, for the same reasons.
No third parties have access to your personal data unless the law allows them to do so.
We use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfill our statutory obligations and tasks carried out in the public interest.
You have a right to see the information we hold on you. If at any point you believe the information we process on you is incorrect you can request to have it corrected. You may have other rights, including the the right to restrict processing and the right to object to processing. If you wish to exercise any of your rights or raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer in the FSA is the Information Management and Security Team Leader who can be contacted at the following email address.