Privacy notice for Register a food business support service for local authorities

Information on our privacy notice for Register a Food Business Support Service for local authorities (LAs), why we require data, what we do with the data and your rights.

The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.

What information we hold

The personal information we hold on you consists of your name, department, email address and telephone number in relation to one or more of the following roles:

  • Designated LA public contact for Register a Food Business
  • Designated LA primary contact for Register a Food Business
  • Designated LA secondary contact for Register a Food Business

Where we get this information from

The Food Standards Agency obtains this information from contacting your local authority.

Why we need it

We need to collect this information for the purpose of providing and supporting the online food business registration service in partnership with local authorities in England, Wales and Northern Ireland.

We do this in line with the performance of our statutory duties to primarily fulfil statutory obligations required by Article 31 of Regulation (EC) No 882/2004. This places a requirement on competent authorities to establish procedures for registration of food businesses, drawing up and keeping up to date a list of food businesses which have been registered.

We do this in line with the exercise of official authority vested in us and the performance of a task carried out in the public interest. We will not collect any personal data about you which we do not need.

What we do with it

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for as long as you are the relevant LA’s designated contact person in relation to the support of Register a Food Business. If you notify us that you no longer hold this role, we will delete your information immediately.

All the personal data we process is located on servers within the European Union. Our cloud-based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.

No third parties have access to your personal data unless the law allows them to do so. The Food Standards Agency will sometimes share data with other government departments, public bodies, organisations which perform public functions to assist them in the performance of their statutory duties, and with these and other private organisations and persons, such as food business operators, when it is in the public interest.

In addition, we use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf.  These third parties are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfil our public task.

Your rights

You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).