Privacy notice for external complaints made against the FSA

Information on privacy policy in respect of external complaints made against the FSA.

The Food Standards Agency (FSA) is known as the ‘Controller’ of the personal data provided to us.

Why we need it

We need to collect this information for the purposes of administering, processing and responding to complaints made against the FSA under its externally available complaints procedure.

Collecting this information is necessary for the performance of a task carried out in the exercise of official authority vested in us or in the public interest. We will not collect any personal data from you which we do not need.

A failure to provide the information could result in being unable to progress a complaint case brought against the FSA.

What we do with it

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy.  This means that this information will be retained for three years after case closure (where the case reaches up to and including the first tier of escalation at the 'central' complaint level of our complaints policy) or five years (where the case reaches the second tier of escalation at the 'central' complaint level of our complaints policy, is referred to the Parliamentary and Health Service Ombudsman or is considered to be precedent setting).

All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.

To progress a complaint investigation your identity may become known to those who the complaint is made about. This will only arise where it is otherwise impossible to prevent, or it is necessary in order to progress the case. Where applicable, we will explain this to you beforehand.

No other third parties will have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to the Parliamentary and Health Service Ombudsman.

We use or work with contractors and other third-party providers, such as IT service providers, who may process your personal data on our behalf.  These third parties are our processors and can only processs personal data on our instruction or with our agreement for a specified purpose to help us maintain, improve and provide our services to meet our statutory functions

Your rights

You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).