The Food Standards Agency will be` what is known as the ‘Controller’ of the personal data provided to us.
What information we collect
We collect your business ownership name, company name, contact name, ownership address and vineyard address, if different.
Vineyards are obliged as a legal requirement to submit their information. We collect this data at registration.
Additional information submitted will be collected annually on a WSB21 form and be collected on behalf of DEFRA as part of the legal requirement of collecting production returns stating volumes, types and if making wine, a contact wine maker.
We collect other information for our stakeholders and these all have a bespoke winestandard board WSB reference number assigned to them. These businesses are bottling plants, bonded warehouses, shippers, importers, cash and carry wholesale premises and wine merchants.
Why we need it
We need to collect this information for the purpose of our Wine Standards data base. We register a wine business and issue a Wine Standards Board (WSB) registration number to that business. We also collect this information for annual production returns. We do this in line with the performance of our statutory duties as part of our public task. We will not collect any personal data from you which we do not need.
Providing us with this information is a statutory requirement and failure to provide the information could result in production returns not being completed or business not being registered.
We also collect the information in regards to yearly required production returns and these are collected on request of DEFRA.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for 5 years from receipt.
All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be shared with DEFRA the wine policy lead. The Food Standards Agency will sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
In addition, we use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf. These third parties are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfil our public task.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer in the FSA is the Data, Information Governance & Security Team Leader who can be contacted at the email address below.