The Food Standards Agency will be what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
We need to collect this information for delivering our duty of care to protect our employees and contractors from risks to their health, safety and welfare/wellbeing.
We do this to comply with our legal obligation under health and safety legislation. We will not collect any personal data from you which we do not need.
Providing us with this information is a statutory requirement and failure to provide the information could result in the Agency failing to deliver its non-delegable duty as an employer under Health and Safety Legislation.
What we do with it
We retain personal information only for as long as necessary to carry out these statutory functions and in line with our retention policy. This means that this information will be retained from receipt for 40 years with regards to health surveillance results data and 3 years from receipt with regards to data associated with health and safety incidents (near misses, accidents with injury, occupational disease and bullying/harassment).
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to the Health and Safety Executive and to our Occupational Health Services Provider to allow them to execute their duties.
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).