Privacy notices explain what we do with your personal information, who we may share it with, and who to contact to exercise your rights under data protection law.
Privacy notices
Read the Food Standards Scotland privacy statements.
Privacy notices
Food Standards Scotland is what is known as the ‘Controller’ of the personal data provided to us.
What information do we hold?
The personal information we hold on you consists of the name and address of your business, and telephone and email contact information.
Where we get this information from?
Food Standards Scotland obtains this information from your local authority
Why we need it
We need to collect this information for the purposes of fulfilling our statutory obligations, under Article 10(2) of Regulation (EU) 2017/625 (Official Controls Regulation) and Articles 19(1) and 19(2) of Regulation (EC) No 183/2005 laying down requirements for feed hygiene, to make details of feed businesses available to persons enquiring about the registration and/or approval status of feed business operators. The details of approved feed business establishments are published on the Food Standards Agency website. The list of registered feed business establishments is held centrally by Food Standards Scotland but not published.
This information may also be shared with other government agencies responsible for the official control of animal feed, e.g. the Veterinary Medicines Directorate’s Inspection and Investigations Team and the Animal Health and Veterinary Laboratories Agency. We will not collect any personal data which we do not need.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means this information will be retained for as long as a business remains registered and/or approved as a feed business operator. Historical lists of registered and/or approved businesses are retained for 6 years.
All the personal data we process is located on servers in the United Kingdom. Where we use servers outside of the EU, we have appropriate Standard Contractual Clauses to cover the processing of personal data. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
We hold your personal Information on the application for appointment as an OV-HoP which may include your name, address, email address, telephone number, and details of your professional qualifications.
Why we need it?
We need to collect this information for the purposes of vetting and processing your application and maintaining your details once appointed OV-HoP.
We do this to enter into and carry out the contract between us. We will not collect any personal data from you which we do not need.
Providing us with this information is a contractual requirement and failure to provide the information, or provision of inaccurate information, could result in us not being able to provide you with a contract, administering your role, or removing your existing appointed status.
What we do with it?
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for as long as you are appointed as an OV-HoP, and six years from the date you cease to be appointed. If your application is unsuccessful, we will also maintain a record of your information for a period of one year.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
What we may also be required to do with it
Food Standards Scotland may sometimes share data with other government departments, public bodies, such as Local Authorities, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
We use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfil our statutory obligations and tasks carried out in the public interest.
Your rights
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What we will do with the information that you provide
The information you provide to our consultations including surveys may be subject to publication or release to other parties or to disclosure in accordance with the provisions of Freedom of Information (Scotland) Act 2002, the Data Protection Act 2018 (the DPA), Environmental Information (Scotland) Regulations 2004. If you consider that some of the information provided in your response should not be disclosed, you should indicate the information concerned, request that it is not disclosed and explain what harm you consider would result from disclosure.
FSS has the final decision on whether the information should be withheld in accordance with the statutory Code of Practice Under FOISA that public authorities must comply to and which deals, amongst other things, with obligations for the confidentiality of information. We cannot give an assurance that confidentiality can be maintained in all circumstances, but we will take into account your views when making this decision.
Why we collect your personal data
We need to collect this information to allow us to effectively carry out our official duties of policy development and for the purposes of record keeping and statistics. We do this in line with the performance of our official duties under the DPA, in the exercise of the official authority vested in us and in the public interest. i.e. a consultation. We will not collect any personal data from you which we do not need.
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for a minimum of 5 years from receipt.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Cloud based services have been procured and assessed against the national cyber security centre cloud security principles.
We want to assure you that the personal information you provide through this consultation will not be used for any purpose other than in relation to consultations. No third parties have access to your personal information unless the Law allows them to do so. For example, the information may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
Your rights
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) or via their telephone helpline 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the data ‘Controller’ of the personal information provided to us.
What information do we hold?
We need to collect and hold personal information around the comprehensive dietary intakes of children and young people aged 2-15 years in Scotland.
The personal information collected will include the following:
- The child’s name;
- The child’s address;
- The child’s date of birth;
- The child’s gender;
- The child’s ethnicity;
- The child’s email address;
- The parent/ guardians email address and mobile phone number.
Why we need it
Food Standards Scotland (FSS) is the public sector food and feed body for Scotland. Our statutory duty is to improve the extent to which members of the public have diets which are conducive to good health.
We need to collect and process this personal information to understand what children and young people in Scotland are eating and drinking. Data on the diets of children and young people has not been collected for over 10 years in Scotland therefore there is a data gap in our current evidence of the Scottish diet.
This information will enable us to support children and young people to make healthier food and drink choices by:
- Influencing policy to make improvements to the food and drink environment;
- Creating relevant and appropriate dietary advice.
We will not collect any personal data which we do not need.
What is the legal basis for our use of your personal data?
The lawful basis under which we process children and young people data is as follows:
- To perform our statutory duties carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) UK GDPR)
- Necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes (Article 9(2)(j) UK GDPR).
Where we get this information from?
Researchers at the University of Edinburgh are leading this study on behalf of Food Standards Scotland. A market research company based in Glasgow, called Taylor McKenzie, is conducting the survey. Researchers at the University of Aberdeen and Biomathematics & Statistics Scotland are also helping with the study. All participants will be identified for this survey using The Royal Mail’s Postcode Address File (PAF) database which contains all postcodes for households in the United Kingdom. Addresses from the PAF will be compared to the Community Health Index (CHI) records, which is a list of everyone registered within NHS Scotland, by The Scottish Government to determine if a child between 2 and 15 years old lives at the address. These addresses will then be used to invite 20,000 children and young people to take part in the survey.
The short questionnaire in the study, that accompanies the diet questions, will collect information on the child’s name, date of birth, gender, and ethnicity. This information will allow us to explore whether there are any differences, by age and gender, in what children and young people are eating and drinking in Scotland. The short questionnaire may also collect information on the child’s email address if the option is selected for the incentive to be sent directly to them. It will also collect the parent/ guardians email address and mobile phone number so that they can be contacted about the study if requested.
What we do with it
FSS will not have any access to personal data. The University of Edinburgh and their sub processors Taylor McKenzie, the University of Aberdeen, and Biomathematics & Statistics Scotland will process your personal data on our behalf. These organisations are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfil our public task. A data protection impact assessment (DPIA) and data processing agreement (DPA) have been completed to ensure that any personal data collected by us or by our data processors on our behalf, is securely protected. All the personal data we process is located on servers in the United Kingdom.
Results from this study will be used in published reports, but these will not contain any information that could identify you or your child. These results may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
Data Retention
The information collected during the survey will be gathered via a secure web link and will be stored in secure computer files which are accessible only to the researchers conducting the study.
Taylor McKenzie will keep your personal information in secure files until the study is completed which will be around one year, after which the data will be deleted with confirmation of deletion sent to FSS. The contact details collected will only be used to contact participants about this study if requested and will be destroyed once letters have been distributed using a file shredder app which overwrites all data.
An anonymised dataset, of the data collected during the study, will be archived on the UK Data Service. A dataset that does not contain any information that could lead to the child’s identification, and will be stored for a minimum of 10 years.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you may include the name, address, email address and telephone number of your business.
Where we get this information from
Food Standards Scotland obtains this information from Local Authorities.
Why we need it
We need to collect this information for the purpose of publishing details of businesses who have achieved the Eat Safe Award. We do this in line with the performance of our official duties in the exercise of the official authority vested in us and in the public interest. We will not collect any personal data from you which we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions. This means that this information will be retained for as long as a business remains an Eat Safe Awardee.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud-based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold about you consists of:
Names, job tiles/roles; and
In some cases include work contact details
Why we need it
We need to collect personal information on key Food Standards Scotland (FSS) and Food Standards Agency (FSA) staff and external collaborators involved in requesting, producing, coordinating, reviewing and receiving evidence packages and their components that are uploaded to the Evidence Package Tracker.
The purpose is to enable a clear understanding within FSS and FSA of the key participants working on evidence packages, for example so staff will know who to contact if they need to obtain updates, answer questions, collaborate or circulate information. It will also form part of our internal audit trail.
We will not collect any personal data from you which we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above is in line with the performance of our statutory duties and the exercise of the official authorities vested in the FSS and the performance of tasks carried out in the public interest.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained on the Evidence Package Tracker for 10 years.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The Food Standards Scotland may sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
We use or work with contractors and other third-party service providers, such as IT service providers, who may process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfil our statutory obligations and tasks carried out in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold about you may include the name, address, email address and telephone number of your business.
Where we get this information from
Food Standards Scotland obtains this information from Food Businesses.
Why we need it
- As data controller, we need to collect and process this information for the purposes of Food Law Enforcement.
- Responsibility for the approval and enforcement in establishments approved under Regulation (EC) 853/2004 in Scotland is specified within the Food Hygiene (Scotland) Regulations 2006 (as amended).
- Abattoirs, Cutting Plants and Game Handling Establishments require veterinary control in accordance with Article 18 of Regulation (EU) 2017/625 (Official Controls Regulation) and must therefore be approved and subject to enforcement by FSS.
- In order to obtain and then maintain approval status, information on approved establishments is held to enable any enforcement of incidents in relation to Regulations and Food Law where appropriate.
- The Food (Scotland) Act 2015, enables FSS to set performance standards, report on enforcement action by others and require relevant information from Food Businesses.
- We will only collect the data that we need as required by the above regulations and legislations, and not collect any personal information from you that we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions. This means this information will be retained for as long as a business remains approved as a food business operator. Historical lists of approved businesses are retained for 6 years for Freedom of Information purposes.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other Regulators in line with the principles of the Scottish Regulators Strategic Code of Practice for compliance and risk mitigation purposes. This is limited to circumstances where the law allows such sharing of information by regulators with common interests or activities.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
Personal Information collected on the Food Chain Information (FCI) model forms, may include your name and address of your business.
Where we get this information from
Food Standards Scotland obtains this information from Food Businesses Operators.
Why we need it
FCI is collected by Food Standards Scotland to support our delivery of Official Controls in Approved Meat Establishments in Scotland.
We use FCI to help us make decisions on meat, and to determine inspection procedures for animals and groups of animals.
Proving us with this information is part of the whole chain, farm-to-fork, approach to food safety introduced by the Hygiene Regulations from the beginning of 2006.
Failure to provide the information could result in non-compliance with the following legislation: (EC) 852/2004 and (EC) 853/2004.
We will only collect the data that we need as required by the above Hygiene regulations and legislations, and not collect any personal information from you that we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest, or help prevent fraud and crime, or where we are required to do so by law in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions. This means this information will be retained for as long as a business remains approved as a food business operator. Historical lists of approved businesses are retained for 6 years for Freedom of Information purposes.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other Regulators in line with the principles of the Scottish Regulators Strategic Code of Practice for compliance and risk mitigation purposes. This is limited to circumstances where the law allows such sharing of information by regulators (e.g. Scottish Government, FSA, APHA, DEFRA, etc) with common interests or activities.
Your rights
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot
Food Hygiene Information Scheme Privacy Notice
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you consists of the name of the food business operator, the registered business address and the business telephone number.
Where we get this information from
Food Standards Scotland obtains this information from Local Authorities.
Why we need it
We need to collect this information for the purpose of publishing food hygiene information scheme inspection outcomes. We do this in line with the performance of our official duties in the exercise of the official authority vested in us and in the public interest. We will not collect any personal data from you which we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions. This means that this information will be retained for as long as a business remains within the Food Hygiene Inspection Scheme. All the personal data we process is located on servers in the United Kingdom.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. Our cloud-based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot
What we need
Food Standards Scotland (FSS) is the Data Controller of the personal information you provide to us on this form. The information we collect about you includes name, postal address, email address and telephone number.
Why we need it
As Data Controller, we need to collect this information for the purposes of Feed Law Enforcement. These include:
- Regulation (EU) 2017/625 on Official Controls performed to ensure the verification of compliance with Feed Law, which requires that FSS carries out its activities with a high level of transparency, making relevant information available to the public as soon as possible;
- Maintenance of an up to date list of registered Feed Business Establishments within Scotland and to divulge this information for the purposes of ensuring animal and public health and the effective enforcement of Feed Law. This list is not published;
- Publication of the details of approved feed business establishments on the Food Standards Scotland website;
- The Food (Scotland) Act 2015, enables FSS to set performance standards, report on enforcement action by others and require relevant information from its Delivery Agents;
- The Official Feed and Food Controls (Scotland) Regulations 2009, allows the exchange and provision of information between enforcement authorities for the execution and enforcement of relevant Feed Law, including Feed Business information;
- FSS is required to fulfil the statutory obligations required by Article 113 of Regulation (EU) 2017/625, which places a requirement on it to provide the information specified in that Article and to report to the European Commission, and
- FSS maintains a national database that can be accessed by both Food Standards Scotland and its Delivery Agents to which the information pertains. The reporting toolset allows information to be strategically analysed, allowing FSS and authorised Delivery Agents to adhere to the principles of the Scottish Regulators’ Strategic Code of Practice.
We will only collect the data that we need as required by the above regulations and legislations, and not collect any personal information from you that we do not need.
What we do with it
The information on this form will be retained by FSS, and where relevant Delivery Agent for the duration of your business registration. Additionally, if your business closes, or your registration details are otherwise amended then this information will continue to be retained for a maximum of six years following notification of the closure or the amendment of your registration details.
The information collected on your business relating to Feed Law enforcement activity will be retained by FSS for a maximum of six years for Freedom of Information purposes and the monitoring of enforcement action by Delivery Agents.
FSS have put in place appropriate and adequate technical and organisational measures to protect your personal information.
All the personal data we process is located on servers in the United Kingdom. Where we use servers outside of the EU, we have appropriate Standard Contractual Clauses to cover the processing of personal data. Cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles. We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other Regulators in line with the principles of the Scottish Regulators Strategic Code of Practice for compliance and risk mitigation purposes. This is limited to circumstances where the law allows such sharing of information by regulators with common interests or activities.
This information may also be shared with other government agencies responsible for the official control of animal feed, e.g. the Veterinary Medicines Directorate’s Inspection and Investigations Team and the Animal Health and Veterinary Laboratories Agency.
We use or work with contractors and other third-party service providers, such as IT service providers, who may process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfil our statutory obligations and tasks carried out in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect, you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are not processing your information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland is what is known as the ‘Controller’ of the personal data provided to us through the “Citizen Science” – Fridge Temperatures Project.
What information do we hold?
The personal information we hold on you may include your name and any other relevant information such as your postal address and email address.
Where we get this information from?
Food Standards Scotland obtains this information directly from you as part of the signup process for the “citizen science” research project on fridge temperature ranges in Scotland.
Why we need it
We collect this information in order for you to receive materials to take part in a “citizen science” research project and to keep you updated about the research project – e.g. signup confirmation email. We will not collect any personal data on you which we do not need.
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. Your contact details will be held securely until you inform us that you no longer wish to receive the information or ask for your information to be deleted.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles. No third parties have access to your personal data unless the law allows them to do so.
What we may also be required to do with it
The information may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) at: http://www.ico.org.uk or via their telephone helpline (03031231113).
Our Data Protection Officer at Food Standards Scotland is the Director Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you include your personal data such as your name, your postal address, email address, telephone number, bank details, qualifications, certificates etc. We also collect your special category data such as your sick absence, your trade union membership, health data, and data collected for equal opportunity purposes.
Why we need it
We need to collect this information for the purpose of creating and maintaining your employment record. We do this to carry out the employment contract between us. We will not collect any personal data from you which we do not need.
Providing us with this information is a contractual requirement and failure to provide the information could result in us not being able to provide you with a contract of employment, pay you correctly, monitor your sickness absence, or administer your training and development.
Where we process your special category data we do so to carry out our employment law obligations and to enable you to exercise your employment rights, to fulfil our legal obligations and for reasons of substantial public interest and in line with our Data Protection and Human Resources Policies.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information in the performance of a contract between an employer and employee and for the administration of your employment record;
- We need to process your personal data in the performance of our statutory duties and for reasons of substantial public interest; and
- We need to process your personal information to fulfil a legal obligation.
What we do with it
We retain personal information only for as long as necessary to carry out these functions and in line with our retention policy. This means that this information will be retained as follows:
- sickness absence records until age 100
- summary record of disciplinary action – six years from cessation of employment, unless it results in a change to pay or terms and conditions then retained until age 100
- payroll and pensions record until age 100
- training and development records until 5 years after the financial or reporting period.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so. In line with this commitment, your information may be passed to other departments within the FSS where this is necessary in connection with staff administration and development.
What we may also be required to do with it
Your data may also be passed to other government departments or organisations when this is necessary for the general administration of your employment contract with us including SG Finance, Payroll or HR Departments, HMRC, Civil Service Pensions, Local Pensions Partnership etc. and the Prudential and other organisations receiving voluntary payroll deductions, such as charities, trade unions etc. Your name and contact details may also be given to external training providers.
The information may also be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline (0303 123 1113).
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland has asked Ipsos Scotland, an independent research company, to carry out some research to understand more about how people order takeaway food online.
What information do we hold?
- Food Standards Scotland and Ipsos are joint “data controllers” for this research. This means that they decide what personal data needs to be collected for the project.
- Ipsos is also a “data processor” for this research. This means that Ipsos will be handling and using your personal data.
- Ipsos is responsible for collecting and securely storing your personal data. They are also responsible for securely deleting your personal data. They will not share your personal data with Food Standards Scotland.
The data collected will cover things like people’s experiences of using apps or websites to order takeaway food online; the types of food that people order, and broader topics such as the types of foods that participants and their families like to eat in general.
Where we get this information from?
The research will involve two stages:
- Four weeks using an app called Indeemo, to record takeaway orders on phones and tablets, and answer question.
- A follow-up one hour interview with one of the Ipsos research team (usually via Zoom or Teams).
Why we need it
- Ipsos will only collect and use your personal data with your consent.
- Ipsos must have a “legal basis” for collecting personal data. This means that Ipsos need to have a good reason to be allowed to do this.
- The legal basis for collecting your personal data for this research is consent. Taking part in this study is entirely voluntary. If you wish to withdraw your consent at any time, please see the section below covering ‘Your Rights’.
- Food Standards Scotland must also have a legal basis for commissioning this work. This is “public interest” as part of their role in advising the Scottish Government on food policy matters.
What we do with it
- The information collected from research discussions will be used for research purposes only. This will include writing a final report based on our findings, which we will deliver to Food Standards Scotland and will later be published on the Food Standards Scotland website. Quotes included in the report will be anonymised and it will not be possible to identify you in the report. Your personal data is protected by data protection legislation (see below).
- We use third-party service providers, known as sub-processors, to help us operate and improve our services. In this project these are Indeemo, FieldMouse and a transcription service. These sub-processors process your personal data on our behalf and are subject to strict data protection obligations.
- Ipsos takes its information security responsibilities seriously. It takes many steps to make sure your information is kept safe. This includes security to protect their office space as well as secure computer systems.
- The data used for this research will be stored securely in a protected electronic folder that only the research team have access to. The data is stored on a UK server and will not leave the UK.
- The steps Ipsos takes to protect information it holds are regularly checked. This means it has a certificate to prove that it has good information security. This is called is the International Standard for Information Security, ISO 27001.
Who your personal information will be shared with
Ipsos will treat the information you give them confidentially. This means they will not share this information with anybody outside the research team and selected supplier organisations.
Ipsos will be using three supplier organisations to assist us in running the project and we will need to disclose your personal data to these supplier organisations for that purpose. These are:
- FieldMouse (recruitment agency)
- Indeemo (research app company)
- A transcription company (still to be appointed)
All of these organisations have been proved to Ipsos that they follow data protection legistlation. This includes them storing your data securely and deleting it within three months of the end of the project.
How long is your information stored for?
- Ipsos will only keep your data in a way that can identify you for as long as necessary for the research project.
- Ipsos are required to keep the ‘raw data’ gathered for a year after the end of the project. This includes audio recordings, notes and transcripts from interviews, and information you upload into the Indeemo app (e.g. videos of screen recordings). This is done in case anyone has questions about a report we have published, and we need to go back to the data. They will then be securely destroyed.
- Any other personal data (such as your name and contact details) will be securely destroyed three months after the end of the research project. This is kept for this length of time in case there are any queries from participants after the end of the project.
What are your rights?
It is up to you whether you take part in the research. There are no consequences if you change your mind about taking part. You do not have to answer every question if you do not want to.
Ipsos follows General Data Protection Regulation (GDPR) regulation. GDPR is designed to give you more control over your personal data. This means you have the right to:
- access a copy of the information an organisation holds about you;
- correct any information that you think is inaccurate or incomplete;
- restrict the use of your information in certain circumstances;
- object to use of data that is likely to cause or is causing damage or distress;
- ask for your personal data to be deleted;
- complain to a supervisory authority if you are unhappy with how your data has been used
Contact Kate Glencross if anything in this privacy notice is unclear. Kate is the Project Manager in charge of this research at Ipsos. You can email her at: kate.glencross@ipsos.com
If you have questions or concerns about how your personal data is being collected or used, you can contact their Data Protection Officer at the following email address: compliance@ipsos.com. Please put ‘24-15162-01 OOH Food Research’ in the email subject line. Or you can contact them by post at the following address:
24-15162-01 OOH Food Research Data Protection Officer
Compliance Department
Ipsos (market research) Limited
3 Thomas More Square
London
E1W 1YW
Ipsos will not share your personal data with Food Standards Scotland. However, you can contact their Data Protection Officer at the following email address: dataprotection@fss.scot.
Complaints
The Information Commissioner’s Office (ICO) is an organisation that makes sure data protection laws are followed. If you are unhappy with the way your personal data is being used as part of this research then you can report it to them:
- Information Commissioner’s Office website: https://ico.org.uk/concerns
- Information Commissioner’s Office helpline: 03031 231113
What are your rights?
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
We need to collect and hold personal information on key Food Standards Agency (FSA) and Food Standards Scotland (FSS) staff and external collaborators involved in requesting, producing, coordinating, reviewing and receiving Risk Analysis issues that are uploaded to the Risk Analysis Tracker. This consists of names, job titles/roles and may in some cases include work contact details.
Why we need it
We need to collect and process your personal information in order to:
- Grant and administer your access to the Tracker.
- Communicate with you to obtain updates, answer questions, collaborate or circulate information.
- Maintain an internal audit trail.
What is the legal basis for our use of your personal data?
We process this information in line with the performance of our statutory duties and the exercise of the official authorities vested in us and the performance of a task carried out in the public interest. In particular, we do this as part of our statutory duties to carry out the risk analysis process using science and evidence to provide advice to government, business and consumers on food safety risks.
Where we get this information from?
We obtain this information directly from you as part of providing FSA/ FSS staff access to the Tracker and indirectly from documents uploaded to and held on the system.
What we do with it
We store the information obtained on an FSA site and use it to securely share risk analysis information between FSA and FSS staff and external collaborators.
No other third parties will have access to your personal information unless there is a lawful or legal basis for the sharing. In line with this, we may also share personal information about you:
- where we are legally required to do so (e.g. in connection with criminal investigations, legal proceedings or prospective legal proceedings).
- where necessary for establishing, exercising or defending our legal rights and permitted by law; and
- with other governments departments and public bodies where the sharing is necessary for them to meet their statutory obligations, or it is in the public interest.
In addition, we use or work with contractors and other third-party service providers, such as IT service providers, who may process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services. All the personal data we process is located on servers in the United Kingdom.
Data Retention
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained on the Evidence Package Tracker for 10 years.
All the personal information we process is primarily located on servers within the UK and the European Economic Area (EEA), which means that they are deemed adequate in terms of data protection by the UK government. In addition, our cloud-based services have been procured through the government framework agreements and have been assessed against the national cyber security centre cloud security principles. For financial and technical reasons, we may on occasion use the services of a supplier outside the UK and European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. However, we take steps to ensure that these organisations have in place suitable technical and organisational safeguards either through the agreements we hold with them or by confirming they operate in accordance with the EU-U.S. Privacy Shield Framework.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information we collect
We collect your business name (legal entity), company or trading name, contact name, business address telephone number, email address, data of establishment and company number if incorporated. We collect this data when you apply for a Scottish Wine Standards Board (WSB) number.
Why we need it
We need to collect this information for the purpose of our Wine Standards database. We register a wine business and issue a Wine Standards Board (WSB) registration number to that business. We do this in line with the performance of our statutory duties as part of our public task. We will not collect any personal data from you which we do not need.
Providing us with this information is a statutory requirement and failure to provide the information could result in production returns not being completed or business not being registered.
We may also analyse this information along with other information we hold about you and information we have obtained from public and/or private sources for the purpose of helping us evaluate risk. We do this in line with the exercise of official authority vested in us under the Food Standards (Scotland) Act and the performance of a task carried out in the public interest.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained for 5 years from receipt.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be shared with DEFRA the wine policy lead. Food Standards Scotland may sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest. We may also share the data as part of risk evaluation and analysis with public bodies or other organisations, such as Trading Standards and Port Health Authorities, for the same reasons.
In addition, we use or work with contractors and other third-party service providers, such as IT service providers, who will process your personal data on our behalf. These third parties are our data processors and can only process your personal data on our instruction or with our agreement for a specified purpose to enable us to maintain, improve and provide our services in order to fulfil our public task.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold consists of: names, addresses, telephone numbers and where applicable allergy or illness details, sole trader information, and other data relevant to the food incident. The personal data that we hold may also include emergency contact details for those involved in incident management (including business continuity).
We also hold personal data provided by people or organisations reporting suspected food crime which may also include the personal data of individuals involved in suspected food crime: (Personal data and special category personal data as defined in the Data Protection Act 2018).
Where we get this information from
FSS obtains this information either from individuals themselves or from other third parties including UK and overseas law enforcement authorities, Local Authorities, other government departments and agencies, Food Business Operators, industry bodies and the European Commission. We do this in line with the performance of our statutory duties. We will not collect any personal data which we do not need.
No third parties have access to your personal data unless the law allows them to do so. In line with this commitment your information may be passed to other government departments and competent authorities in EU member states including the EU Commission in addition to UK public bodies, and organisations which perform public functions to assist in the performance of their statutory duties or when it is in the public interest.
Why we need it
We hold this information for the purpose of managing incidents involving food and feed safety, integrity, food fraud / crime, and other emergencies, ensuring that food and feed not in compliance with food / feed safety and other legislative requirements is removed from the market.
Also, for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to food crime.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
- We hold this information for the purpose of the prevention, investigation, detection or prosecution of criminal offences related to crime.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that some of this information will be retained for up to 12 years in line with legislative requirements.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so.
What are your rights?
You have a right to see the information we hold on you (subject to exemptions listed in Schedule 2 Part 1 Data Protection Act 2018) by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you consists of your name, your authority or organisation and its postal address, and your email, telephone and mobile details. Meetings are audio recorded for minute taking purposes.
Where we get this information from
Food Standards Scotland obtains this information from yourself and your organisations public facing website.
Why we need it
We need to collect this information for the purposes of fulfilling our statutory obligations under The Food (Scotland) Act 2015, which enables FSS to develop and help others develop policies and guidance on food and animal feed. Part 1. Para 3(1)(a).
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
- We need to process documentation and therefore an audio recording is used during meetings to ensure accuracy. The audio recording is then deleted once the documentation has been finalised.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means this information will be retained for as long as you are a member of the Committee and/or its umbrella structure. Historical documents will contain, records of individuals positions with the Committee structure and also, their contributions to meetings and documents.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.
No third parties have access to your personal data unless the law allows them to do so.
What we may also be required to do with it
The information will be held as a historical record of Scottish food enforcement liaison.
The information may be shared with the Scottish enforcement community for best practice purposes. This is limited to circumstances where the law allows such sharing of information by those with common interests or activities.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold about you can include:
- Names, telephone numbers and e-mail addresses of Local Authority sampling officers;
- Names and addresses on food establishments.
Where we get this information from
Food Standards Scotland obtains this information from Local Authorities
Why we need it
We hold this information for the purpose of surveillance and policy development, identifying local, regional and national trends in food and feed sampling, to help define and target future sampling programmes and to meet statutory obligations on reporting monitoring results for chemicals and residues in food and feed to EFSA.
We will not collect any personal data which we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other Regulators in line with the principles of the Scottish Regulators Strategic Code of Practice for compliance and risk mitigation purposes. This is limited to circumstances where the law allows such sharing of information by regulators with common interests or activities.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot
Food Standards Scotland is what is known as the ‘Controller’ of the personal data provided to us through the Scottish National Database.
What information do we hold?
The personal information we hold on you consists of the trading name and address of your business, and the name of the person or organisation that operates your business.
We may also hold the names of Local Authority Authorised Officers in Environmental Health.
Where we get this information from?
Food Standards Scotland obtains this information from your Local Authority as part of our obligation to ensure the effectiveness and appropriateness of Official Controls on food at all stages of production, processing and distribution.
Why we need it
We need to collect this information for the purposes of food law enforcement monitoring in line with our statutory obligations, under Articles 4, 6, 8, 10, 11 and 113 of Regulation (EU) 2017/625, and official controls and Regulations 7, 8 and 11 of the Official Feed and Food Controls (Scotland) Regulations 2009, laying down requirements for monitoring of enforcement action and power to request information relating to enforcement action.
We further need to collect this information in line with the performance of our statutory duties as set out under Sections 2, 3, 16, 19, 20, 21, 23, 25, 26, and 27 of the Food (Scotland) Act 2015, Section 5 of Regulatory Reform (Scotland) Act 2014 and Principles 5, 9 and 13 of Scottish Regulators’ Strategic Code of Practice. These provisions lay down requirements for the protection of the public from risks to health which may arise in connection with consumption of food, and to advice other persons in relation to food matters. We will not collect any personal data on you which we do not need.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means the name and address information will be retained for as long as a business remains registered and/or approved as a food business and up to 6 complete financial years following the closure of a business for food purposes. Historical Official Control data pertaining to your on food business is retained for 6 complete financial years.
All the personal data we process is located on servers in the United Kingdom. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles. No third parties have access to your personal data unless the law allows them to do so.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you may include your name and any other relevant information such as your postal address, email address and telephone number.
Why we need it
We need to collect this information to keep you informed about what we do as an organisation in the performance of our statutory duties in the public interest e.g., in the development and delivery of polices relating to our statutory remit for food and feed; and to keep you informed of strategic communication that may impact on you or your business. We will not collect any personal data from you which we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Scotland Competent Food Authority; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions.
Your contact details will be held until you inform us that you no longer wish to receive the information or ask for your information to be deleted.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest.
We use or work with contractors and other third-party service providers, such as IT service providers and event management services, who may process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services in order to fulfil our statutory obligations and tasks carried out in the public interest.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.
Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold on you include your personal data such as your name, email address, telephone number, qualifications, certificates etc.
Why we need it
We collect this information for the purpose of routine verification and audit of our approval by FDQ, and on other authorised funded training courses. We do this in line with our statutory duties under the Food Standards Scotland Act 2015.
We will share your personal information with authorised contacts and training providers of food related qualifications. We will not collect any personal data from you which we do not need. We will not disclose your personal information to anyone other than those mentioned.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information in the performance of a contract between an employer and employee and for the administration of your employment record;
- We need to process your personal data in the performance of our statutory duties and for reasons of substantial public interest; and
- We need to process your personal information to fulfil a legal obligation.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. Contact details will be held for 6 years from receipt.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. All the personal data we process is located on servers in the United Kingdom. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so. In line with this commitment, your information may be passed to other departments within the FSS where this is necessary in connection with staff administration and development.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline: 0303 123 1113.
Our Data Protection Officer at Food Standards Scotland is the Head of Corporate Services who can be contacted at the following email address: dataprotection@fss.scot.