Privacy notice - Incidents

Information on our incidents management privacy policy, why we require data, what we do with the data and your rights.
Last updated

Why we need it

The Food Standards Agency (FSA) will be what is known as the ‘Controller’ of the personal data provided to us.

We hold this information for the purpose of managing incidents involving food and feed safety, integrity, food fraud / crime, and other emergencies, ensuring that food and feed not in compliance with food / feed safety and other legislative requirements is removed from the market.

What we do with it


The personal information we hold on you consists of: names, addresses, phone numbers and where applicable allergy or illness details, sole trader information, and other data relevant to the food incident. The personal data that we hold may also include emergency contact details for those involved in incident management (including business continuity). 

The FSA obtains this information either from individuals themselves or from other third parties including enforcement authorities, other government departments and agencies, industry bodies, the European Commission. We do this in line with the performance of our statutory duties.  We will not collect any personal data from you which we do not need. 

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for 7 years. 

All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles. 

No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to other government departments and competent authorities in EU member states including the EU Commission in addition to UK public bodies, and organisations which perform public functions to assist in the performance of their statutory duties or when it is in the public interest. 

Your rights


You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.


If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).