Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold consists of: names, addresses, telephone numbers and where applicable allergy or illness details, sole trader information, and other data relevant to the food incident. The personal data that we hold may also include emergency contact details for those involved in incident management (including business continuity).
We also hold personal data provided by people or organisations reporting suspected food crime which may also include the personal data of individuals involved in suspected food crime: (Personal data and special category personal data as defined in the Data Protection Act 2018).
Where we get this information from
FSS obtains this information either from individuals themselves or from other third parties including UK and overseas law enforcement authorities, Local Authorities, other government departments and agencies, Food Business Operators, industry bodies and the European Commission. We do this in line with the performance of our statutory duties. We will not collect any personal data which we do not need.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to other government departments and competent authorities in EU member states including the EU Commission in addition to UK public bodies, and organisations which perform public functions to assist in the performance of their statutory duties or when it is in the public interest.
Why we need it
We hold this information for the purpose of managing incidents involving food and feed safety, integrity, food fraud / crime, and other emergencies, ensuring that food and feed not in compliance with food / feed safety and other legislative requirements is removed from the market.
Also, for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to food crime.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
- We hold this information for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to crime.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that some of this information will be retained for up to 12 years in line with legislative requirements.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers within the European Union. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so.
What are your rights?
You have a right to see the information we hold on you (subject to exemptions listed in Schedule 2 Part 1 Data Protection Act 2018) by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: firstname.lastname@example.org.
Last updated: 22nd June 2018