MenuCal Tool - Privacy Notice

Information about the MenuCal Tool privacy notice, why we require data, what we do with the data and your rights.

Food Standards Scotland (FSS) is known as the ‘Controller’ of the personal information provided to us.

What information do we hold?

We need to collect and hold personal information on food businesses that wish to manage allergens and/or calculate calories for their menus on the FSS MenuCal Tool. This consists of name, type of business, location, number of outlets, number of employees and email address.

Why we need it

We need to collect and process your personal information (names and email address) in order to: 

  • Grant and administer your access to the MenuCal Tool.
  • Communicate with you to notify you of significant updates or changes to the tool and answer questions.
  • Maintain an internal audit trail.
  • To help food businesses comply with food law on the 14 main allergenic ingredients in food.

What is the legal basis for our use of your personal data?

We process this information in line with the performance of our statutory duties and the exercise of the official authorities vested in us and the performance of a task carried out in the public interest. In particular, we do this as part of our remit to provide information on allergens and calories using science and evidence to business and consumers on food safety and information risks.

Where we get this information from?

We obtain this information directly from you as part of the registration process for the MenuCal tool. 

What we do with it

We store the information obtained on MenuCal securely for food businesses to  provide information about the calories and allergens in their dishes to help customers to make informed choices.

  • investigations, legal proceedings or prospective legal proceedings). 
  • where necessary for establishing, exercising or defending our legal rights as permitted by law. 

In addition, we use or work with contractors and other third-party service providers, such as IT service providers, who may process your personal data on our behalf. These third parties can only process your personal data on our instruction or with our agreement for specific purpose to enable us to maintain, improve and provide our services.

Data Retention

We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means that this information will be retained on the MenuCal Tool for as long as the account is active, or reviewed after 6 years if the account is inactive. 

All the personal information we process is primarily located on servers within the UK and the European Economic Area (EEA), which means that they are deemed adequate in terms of data protection by the UK government.  In addition, our cloud-based services have been procured through the government framework agreements and have been assessed against the national cyber security centre cloud security principles. For financial and technical reasons, we may on occasion use the services of a supplier outside the UK and European Economic Area (EEA), which means that your personal information is transferred, processed and stored outside the EEA. However, we take steps to ensure that these organisations have in place suitable technical and organisational safeguards either through the agreements we hold with them or by confirming they operate in accordance with the EU-U.S. Privacy Shield Framework.

What are your rights?

You have a right to see the information we hold on you by making a request in writing to the email addresses below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter.  

If you are not satisfied with our response or believe we are not processing your information in accordance with the law you can complain to the Information Commissioner’s Office (ICO)

Our Data Protection Officer at Food Standards Scotland is the Head of Governance and Infrastructure who can be contacted at the following email address: dataprotection@fss.scot