Privacy Notice for Users Registering for Access to FSA Dashboards
The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
Personal details we may capture when you request access include your names and contact details. Concerning your organisation, the details may include its name, the department you work for, your office address, the nature of your relationship with the organisation (e.g. employee), your roles and job title.
We may collect the following additional data about each user:
- Date on which Dashboard access was requested by the user
- Date on which user first logged in to the Dashboard
As a data controller, our primary legal basis for processing this information is that it is necessary for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in the FSA, as follows:
- To administer your access to the Dashboard
- To respond to your queries and feedback and
- For our own audit and assurance purposes
- For other purposes as described in Term and Conditions which you agree to when accessing a particular Dashboard or as we otherwise notify you.
What we do with it
We store the information that you provide on the initial email and when you register on the system (if you registered yourself) or that your organisation provides in registering you with us. We use that information to process your request for access to a Dashboard.
Where we grant you access, when you login and/or change your password, we may record further information in log files, such as the IP address used, in line with the purposes stated above. This information can help in following up any doubtful activity relating to your account. It will not be used to monitor your activity, except to allow the removal of the account when no longer used.
Who will we disclose your personal information to?
We may share personal information that users provide on registration with:
- Our staff and any subcontractors as necessary for the ongoing development and maintenance of the system
We may also share personal information about you:
- With third parties who are directly involved in dealing with any request, enquiry or correspondence submitted by you;
- Where we are legally required to do so
- In connection with criminal investigations, legal proceedings or prospective legal proceedings where necessary for our legitimate interests and permitted by law;
- Where necessary for our legitimate interests in establishing, exercising or defending our legal rights and permitted by law; and
- Where we state or inform you otherwise - for example, in Terms and Conditions associated with a particular Dashboard we may inform you that we share your information with other Accessors or Contributors.
Where we engage third parties to process data on our behalf, information is only shared for the purpose of the third-party providing services on our behalf. We will not transfer your personal information to any such third party unless we are satisfied that they are able to provide an adequate level of protection in respect of your personal information.
For financial and technical reasons, we may, on occasion, decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. However, we take steps to ensure that these organisations have in place suitable technical and organisational safeguards either through the agreements we hold with them or by confirming they operate in accordance with the EU-U.S. Privacy Shield Framework (further details of which can be accessed via www.privacyshield.gov).
You have a right to see the information we hold on you. If at any point you believe the information we process on you is incorrect, you can request to have it corrected. You may have other rights, including the right to restrict processing and the right to object to processing.
If you wish to exercise any of your rights or raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).