Privacy notice - Labelling and Standards in Northern Ireland

Information on Northern Ireland's Labelling and Standards privacy policy, why we require data, what we do with the data and your rights.
Last updated

Why we need it

The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us. 

The personal information we hold on you consists of the name and address of your business and any relevant contact details. The Food Standards Agency obtains this information from a number of sources, including directly from individuals, industry bodies, local authorities and other government departments.

We need to collect this information for the purposes of fulfilling our statutory obligations under EU and national legislation in relation to food labelling and standards, as we have a statutory obligation to consult with relevant stakeholders in the development of legislation.

This information will allow us to effectively carry out our official duties of completing a necessary task and to the required standard. It is also necessary for the performance of a task carried out in the exercise of official authority vested in us and/or will be in the public interest.

What we do with it

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. We hold different records which will have different retention periods. The individual retention periods and requirements are outlined below:

  • Enquiries: information will be retained for 5 years from receipt.
  • Briefings: information will be retained for 5 years from receipt.
  • Research projects: information will be reviewed 7 years after closure (date of last modification) and a decision will be made on whether it should be sent to the National Archives.
  • Policy: information will be reviewed 7 years after closure (date of last modification) and a decision will be made on whether it should be sent to the National Archives. 

All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.

Third parties do not have access to your personal data unless the law allows them to do so. In line with this commitment your information may be shared with other government departments, public bodies and organisations that perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.  If an enquiry or another task requires input from another government department, your information may be passed on to them, for example, the Department of Health or DAERA.

Your rights

You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).