The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.
Why we need it
We hold this information for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to food crime.
What information we hold
The personal information we hold consists of personal data provided by people or organisations reporting suspected food crime which may also include the personal data of individuals involved in suspected food crime: (Personal data and special category personal data as defined in the Data Protection Act 2018).
Where we get this information from
In observing compliance in relation to food regulations and exercising our powers to monitor and evaluate risks we will identify specific incidents that require prompt investigation in order to protect consumers. You can find out more information on 'Monitoring and Evaluation of Risks' in our Personal Information Charter.
The Food Standards Agency obtains this information either from individuals themselves, third party individuals reporting information to us, or from third parties such as other public bodies and local authorities, both in the UK and Internationally, or through our risk monitoring and evaluation processes in accordance with broad powers provided by the Food Standards Act 1999.
We will collect whatever information is necessary in the course of these investigations for our Public Task. We do this in line with our statutory obligations under food hygiene, food safety and animal welfare legislation, for reasons of substantial public interest and under the authority of schedule 7 of the Data Protection Act 2018 and UK GDPR.
Where it becomes apparent to us either, through our own investigations or through information supplied to us, that criminal activity is suspected, our National Food Crime Unit (NFCU) will collect and use personal information in accordance with Part 3 of Data Protection Act 2018. NFCU is a dedicated law enforcement function of the Food Standards Agency (FSA) and therefore has wide-ranging powers in the collection and use of information. The unit provides leadership on food crime across England, Wales and Northern Ireland. The unit works closely with the Scottish Food Crime and Incidents Unit within Food Standards Scotland.
Food Fraud Resilience Self-Assessment tool
Personal information can be collected by the NFCU Prevention Team through the Food Fraud Resilience Self-Assessment tool. The tool can be completed anonymously but provides the option for the user to opt-in to further contact from the NFCU Prevention Team. On completion of the tool the user can provide a contact email address to receive an autogenerated email summary of responses. Users can further select to be contacted by the NFCU Prevention Team with further guidance and training relevant to building anti-food fraud resilience.
If the user provides consent, the NFCU will receive the submitted contact email address along with the completed responses. If the user does not provide this consent, the NFCU will receive the anonymised completed responses without the contact email address. Personal information gathered through the Food Fraud Resilience Self-Assessment tool will only be used to contact consenting businesses in relation to further guidance and training offered by the NFCU.
What we do with it
We process the information to prevent, investigate, detect or prosecute criminal offences related to food crime.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to other competent authorities such as government departments, public bodies and organisations which perform public functions for investigation or prosecution purposes or when it is in the substantial public interest.
How and where we store your data and who we may share it with
For more information, please see the How and where we store your data and who we may share it with section in our Personal Information Charter.
We only hold your information for as long as necessary to perform our functions and in accordance with our retention schedule.
Where we have a legal basis to process personal data for our Law Enforcement purposes, we may also transfer data outside the UK under the provisions of Part 3 of the Data Protection Act 2018.
Also, where we transfer information to authorities or organisations in the substantial public interest, for example, around preventing or detecting crime, or monitoring and evaluating risks to Food Safety, we seek to take appropriate steps to safeguard your information in accordance with UK GDPR. We may rely on the derogations in UK GDPR where necessary for this purpose.
For more information on international transfers, please see the International transfers section in our Personal Information Charter.
For more information on EU Citizens Privacy Notice, please see the EU citizens section in our Personal Information Charter.
For more information on your rights, please see the Your rights section in our Personal Information Charter.
If you have any queries concerning this Privacy Notice, your personal information or any questions on our use of the information, please email our Data Protection Officer in the FSA, who is the Information Management and Security Team Leader using the address below.