Privacy notice for the Regulated Products Service
Information about the Regulated Products Service, why we need the data, what we do with it, and your rights.
The Food Standards Agency (FSA) and Food Standards Scotland (FSS) are joint controllers of the personal data provided to us.
Purpose and lawful basis for processing
We obtain this information directly from you the applicant or representatives operating on your behalf, or directly or indirectly from organisations providing information in the support of your application to the Regulated Food Products Service.
As joint controllers, we process this information as it is necessary for the performance of a task carried out in the public interest and/or in the exercise of official authority vested in the FSA and the FSS. In particular, we do this in line with the performance of our statutory duties to assess and authorise regulated products before they enter the market.
What we need and how we use it
The personal information we hold consists of the name and email address of the applicant, and may include the name, address, telephone number and email address of representatives working on behalf of the applicant and/or representative of an organisation providing information to support the application. We need to collect and process your personal information in order to:
administer your application
assess and authorise your application
communicate with you, the applicant, representative, or the representative of the organisation providing information in support of the application
How and where we store your data and who we may share it with
We store the information that you provide in the initial Web form to register your application and use it to set up a unique repository for you to securely upload the dossier in support of your application.
Your information may be passed to experts in other government departments, including those in the devolved administrations, analytical laboratories or to scientists, including our Scientific Advisory Committees, where necessary to assess your dossier and application.
We will not share your personal information with any such third party unless we are satisfied that they are able to provide an adequate level of protection in respect of your personal information. We do this by taking steps to ensure that these organisations have in place suitable technical and organisational safeguards either through contracts or agreements we hold with them and/or by obtaining robust assurances from them that they operate in accordance with the UK GDPR.
We also work closely with Local Authorities and Other Competent Authorities, Government Agencies and Industry Bodies both within and outside the UK and have broad powers to share information with those organisations where it is proportionate and necessary to meet our objectives. We will only share information where we have a legal basis to do so.
We will publish information relating to an authorised regulated product on a digital register. This information will be anonymised, which means that you cannot be identified from it.
We retain your personal information only for as long as necessary to carry out these purposes, and in line with our retention policy. This means that your applicant name and email address will be retained for 10 year from decision date.
Any personal information contained in the application and dossier will be fully retained. We need to keep a record of your application to understand the basis for the product being on the market. This allows us to refer to the original complete information used to support the authorisation, if concerns are raised with the safety of the product once on the market.
For more information on international transfers, please see the International transfers section in our Personal Information Charter.
For more information on EU Citizens Privacy Notice, please see the EU citizens section in our Personal Information Charter.
For more information on your rights, please see the Your rights section in our Personal Information Charter.
If you have any queries concerning this Privacy Notice, your personal information or any questions on our use of the information, please email our Data Protection Officer in the FSA, who is the Information Management and Security Team Leader using the address below.
Published: 10 December 2020
Last updated: 21 July 2021