The Food Standards Agency will be what is known as the ‘Data Controller’ of the personal data provided to us.
Why we need it
We need to collect this information for the purposes of fulfilling our statutory obligations, under Article 31 of Regulation (EC) No 882/2004 on official controls to make details of food businesses available to persons enquiring about the registration and/or approval status of food business operators. The details of approved food business establishments are published on the FSA website. The list of registered food business establishments is published by the relevant local authority.
We do this in line with the exercise of official authority vested in us and the performance of a task carried out in the public interest. We will not collect any personal data from you which we do not need.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means this information will be retained for as long as a business remains registered and/or approved as a food business operator. Historical lists of registered and/or approved businesses are retained for 6 years.
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information will be passed to the relevant local authority with responsibility for inspection of food businesses. The Food Standards Agency will sometimes share data with other government departments, public bodies, organisations which perform public functions to assist them in the performance of their statutory duties, and with these and other private organisations and persons, such as food business operators, when it is in the public interest.
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. You may have other rights under Article 15 – 22 GDPR including the right to restrict processing, data portability, the right to object to processing and rights in respect of any automated decision making. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).