Skip to main content

Privacy notice for Evidence Package Tracker

Information on the FSA's Evidence Package Tracker privacy policy, why we require data, what we do with the data and your rights.
Last updated

The Food Standards Agency (FSA) will be what is known as the ‘Controller’ of the personal data provided to us.

Why we need it

We need to collect personal data on key staff and external collaborators involved in requesting, producing, coordinating, reviewing and receiving evidence packages and their components that are uploaded to the Evidence Package Tracker. This consists of names, job titles/roles and may in some cases include work contact details.

The purpose is to enable a clear internal understanding of the key participants working on evidence packages, for example, so staff will know who to contact if they need to obtain updates, answer questions, collaborate or circulate information. It will also form part of our internal audit trail.

We do this in line with the performance of our statutory duties and the exercise of the official authorities vested in the FSA and the performance of tasks carried out in the public interest.

We will not collect any personal data from you which we do not need. 

What we do with it

We retain this personal data only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained on the Evidence Package Tracker for 10 years.

Our cloud-based services have been procured through the government framework agreements and these services have been assessed against the national cybersecurity centre cloud security principles. All the personal data we process is located on servers within the European Union.

The FSA may sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.  No third parties have access to the personal data unless the law allows them to do so.

We use or work with contractors and other third-party service providers, such as IT service providers, who may process the personal data on our behalf. These third parties can only process the personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfil our statutory obligations and tasks carried out in the public interest.

Your rights

You have a right to see the information we hold on you. If at any point you believe the information we process on you is incorrect you can request to have it corrected. You may have other rights, including the right to restrict processing and the right to object to processing. If you wish to exercise any of your rights or raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Our Data Protection Officer in the FSA is the Information Management and Security Team Leader who can be contacted at the following email address: