Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.
What information do we hold?
The personal information we hold about you may include the name, address, email address and telephone number of your business.
Where we get this information from
Food Standards Scotland obtains this information from Food Businesses
Why we need it
- As data controller, we need to collect and process this information for the purposes of Food Law Enforcement.
- Responsibility for the approval and enforcement in establishments approved under Regulation (EC) 853/2004 in Scotland is specified within the Food Hygiene (Scotland) Regulations 2006 (as amended).
- Abattoirs, Cutting Plants and Game Handling Establishments require veterinary control in accordance with Article 18 of Regulation (EU) 2017/625 (Official Controls Regulation) and must therefore be approved and subject to enforcement by FSS.
- In order to obtain and then maintain approval status, information on approved establishments is held to enable any enforcement of incidents in relation to Regulations and Food Law where appropriate.
- The Food (Scotland) Act 2015, enables FSS to set performance standards, report on enforcement action by others and require relevant information from Food Businesses.
- We will only collect the data that we need as required by the above regulations and legislations, and not collect any personal information from you that we do not need.
What is the legal basis for our use of your personal data?
The legal basis for our use of your personal information as highlighted above will generally be one or more of the following:
- We need to process your personal information to satisfy our legal obligations as the Competent Food Authority in Scotland; and
- We need to process your personal information to carry out a task in the public interest or in the exercise of official authority in our capacity as a public body.
What we do with it
We retain personal information only for as long as necessary to carry out these functions. This means this information will be retained for as long as a business remains approved as a food business operator. Historical lists of approved businesses are retained for 6 years for Freedom of Information purposes.
FSS has put in place appropriate and adequate technical and organisational measures to protect your personal information. FSS data is located within the European Union. Our cloud based services procured through the government framework agreements, and assessed against the national cyber security centre cloud security principles.
We want to assure you that no third parties have access to your personal information unless the Law allows them to do so.
What we may also be required to do with it
The information may be shared with other Regulators in line with the principles of the Scottish Regulators Strategic Code of Practice for compliance and risk mitigation purposes. This is limited to circumstances where the law allows such sharing of information by regulators with common interests or activities.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at: www.ico.org.uk or via their telephone helpline (0303 123 1113).
Our Data Protection Officer at Food Standards Scotland is the Interim Director of Policy, Science, Finance and HR who can be contacted at the following email address: firstname.lastname@example.org
Last updated: 3 September 2019