Food Standards Scotland is what is known as the ‘Controller’ of the personal data provided to us through the Scottish National Database.
What information do we hold?
The personal information we hold on you consists of the trading name and address of your business, and the name of the person or organisation that operates your business.
We may also hold the names of Local Authority Authorised Officers in Environmental Health.
Where we get this information from?
Food Standards Scotland obtains this information from your Local Authority as part of our obligation to ensure the effectiveness and appropriateness of Official Controls on food at all stages of production, processing and distribution.
Why we need it
We need to collect this information for the purposes of food law enforcement monitoring in line with our statutory obligations, under Articles 4, 6, 8, 10, 11 and 113 of Regulation (EU) 2017/625, and official controls and Regulations 7, 8 and 11 of the Official Feed and Food Controls (Scotland) Regulations 2009, laying down requirements for monitoring of enforcement action and power to request information relating to enforcement action.
We further need to collect this information in line with the performance of our statutory duties as set out under Sections 2, 3, 16, 19, 20, 21, 23, 25, 26, and 27 of the Food (Scotland) Act 2015, Section 5 of Regulatory Reform (Scotland) Act 2014 and Principles 5, 9 and 13 of Scottish Regulators’ Strategic Code of Practice. These provisions lay down requirements for the protection of the public from risks to health which may arise in connection with consumption of food, and to advice other persons in relation to food matters. We will not collect any personal data on you which we do not need.
What we do with it
We retain personal information only for as long as necessary to carry out these functions, and in line with our retention policy. This means the name and address information will be retained for as long as a business remains registered and/or approved as a food business and up to 6 complete financial years following the closure of a business for food purposes. Historical Official Control data pertaining to your on food business is retainedfor 6 complete financial years.
All the personal data we process is located on servers in the United Kingdom. Our cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles. No third parties have access to your personal data unless the law allows them to do so.
What are your rights?
You have a right to see the information we hold on you by making a request in writing to the email address below. If at any point you believe the information we process on you is incorrect you can request to have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer at Food Standards Scotland is the Head of Governance and Infrastructure who can be contacted at dataprotection@fss.scot.
