The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
The personal data we hold on you consists of business name, the registered business address and data relating to the import of food and feed by your business.
The Food Standards Agency obtains this information from the Trade Control Expert System (TRACES) or Competent Authorities or other Government Agencies dealing with the importation of food or feed.
We need to collect this personal data for the purpose(s) of assisting Competent Authorities and other Government Agencies to mitigate risks associated with the importation of food or feed, fulfilling their obligations for conducting official controls under Regulation (EC) No 882/2004.
We do this in line with the performance of our official duties in the exercise of the official authority vested in us and in the public interest to protect public health in relation to imported food and feed. We will not collect any personal data from you which we do not need.
In order to carry out our legal powers to ensure food safety we may process your personal data obtained from publicly available sources such as websites and make use of web scraping software
We may analyse this data along with other information we hold about you and information we have obtained from public and/or private sources for the purpose of helping us evaluate risk. We do this in line with the exercise of official authority vested in us under the Food Standards Act and the performance of a task carried out in the public interest.
What we do with it
We retain personal data only for as long as necessary to carry out these functions, and in line with our retention policies.
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your data may be passed to Competent Authorities or other Government Agencies that are involved in protecting risks associated with the importation of food or feed.
In addition, the Food Standards Agency will sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest. We may also share the data as part of risk evaluation and analysis with public bodies, Competent Authorities, other organisations, such as Trading Standards and Port Health Authorities, for the same reasons.
We use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf. These third parties are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfill our public task.
You have a right to see the information we hold on you. If at any point you believe the information we process on you is incorrect, you can request to have it corrected. You may have other rights, including the right to restrict processing and the right to object to processing.
If you wish to exercise any of your rights or raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).