The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
We hold this information for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to food crime.
What information we hold
The personal information we hold consists of personal data provided by people or organisations reporting suspected food crime which may also include the personal data of individuals involved in suspected food crime: (Personal data and special category personal data as defined in the Data Protection Act 2018).
Where we get this information from
The Food Standards Agency obtains this information either from individuals themselves or from other third parties such as Food Business Operators, Local Authorities, Other Government Departments, other law enforcement agencies and overseas law enforcement agencies.
We do this in line with our statutory obligations under the Food Standards Act 1999, for reasons of substantial public interest and under the authority of schedule 7 of the Data Protection Act 2018.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for 7 years from receipt.
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to UK and EU law enforcement and international crime agencies.
You have a right to ask to see the information we hold on you (subject to the exemptions listed in Schedule 2 Part 1 Data Protection Act 2018) by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. You also have the right to request to have the information erased or to restrict its processing. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO). You can contact the ICO at:
Information Governance department
Information Commissioner's Office
Cheshire SK9 5AF