Skip to main content
English Cymraeg

Privacy Notice for the Business Continuity Alerts Service

Information on our Business Continuity Alerts Service's privacy notice setting out why we require data, what we do with the data and your rights.

Last updated: 6 December 2022
See all updates
Last updated: 6 December 2022
See all updates

Why we need it

The Food Standards Agency will act as the ‘Controller’ of the personal data provided to us. We need to collect information from you, as set out in this Privacy Notice, for the purpose of sending an email or SMS to be able to notify you if there are any significant incidents that may affect Business Continuity, for example, incidents which may limit access to our premises or systems.

We also need use the information to send test communications to you from time to time in order to establish our Service is working and up to date.

We do this in order to notify staff in the event of an incident for their own safety and in order to continue to operate in accordance with our Public Task.  

In order to send you Business Continuity Alerts and test emails we primarily use your work email address and work phone number. You also have the option to provide us with your personal phone number and personal email address in order to receive Business Continuity Alerts to your personal devices. 

What we do with it

We will process your information only for the purposes set out above whilst you are in employment with us and we will store the data in accordance with our data retention schedule.

All the personal data we hold is located on servers within the European Union. Our cloud-based services have been procured through Government Framework Agreements and assessed against National Cyber Security Centre principles.

We use service, provided by the Government Digital Service (GDS), in order to send you the Alerts and in accordance with the Notify Privacy Policy

We use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf.  These third parties are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfil our public task.

No third parties have access to your personal data unless the law allows them to.

Your rights

Where you have provided us with your personal contact details in order to send you Business Continuity Alerts then it is your responsibility to tell us if they have changed, or you can ask for them to be deleted at any time by contacting We will always continue to use your work contact details for the Alerts whilst you are in employment with us.

You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we hold on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).