Skip to main content
English Cymraeg

Privacy notice for Health, Safety and Wellbeing Unit

Information on the Health, Safety and Wellbeing Unit privacy policy, why we require data, what we do with the data and your rights.

Last updated: 20 May 2022
See all updates

The Food Standards Agency will be what is known as the ‘Controller’ of the personal data provided to us.

Purpose and lawful basis for processing

The personal information we hold relates to incident reporting and includes names, contact details and information relevant to the incident. This may include sensitive personal information.

We obtain this personal information directly from individuals reporting the incident and from third parties for the purposes of carrying out an investigation into the incident and meeting our statutory reporting requirements.

We may need to contact individuals about the incident and ask for further personal information necessary for these purposes.

We need to collect this personal information in order to deliver our duty of care to protect our employees and contractors from risks to their health, safety, welfare and wellbeing and to comply with our legal obligations under health and safety legislation.  

Providing us with this information is a statutory requirement and failure to provide the information could result in the FSA failing to deliver its non-delegable duty as an employer under Health and Safety Legislation. 

We will not collect any personal information from you that we do not need. 


How and where we store your data and who we may share it with


We retain personal information only for as long as necessary to carry out these statutory functions and in line with our retention policy. This means that this information will be retained from receipt for 40 years with regards to health surveillance results data and 3 years from receipt with regards to data associated with health and safety incidents (near misses, accidents with injury, occupational disease and bullying/harassment).

We will share some of your personal information with the Health and Safety Executive when we have an obligation to do so under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR).

For more information on How and where we store your data and who we may share it with see our Personal Information Charter.

International transfers  

For more information on international transfers, please see the International transfers section in our Personal Information Charter.  

EU citizens

For more information on EU Citizens Privacy Notice, please see the EU citizens section in our Personal Information Charter.  

Your rights

For more information on your rights, please see the Your rights section in our Personal Information Charter.  

Contact us  

If you have any queries concerning this Privacy Notice, your personal information or any questions on our use of the information, please email our Data Protection Officer in the FSA, who is the