Data privacy - tpximpact/f4-fsa-digital-badges GitHub Wiki

Information on our Food Hygiene Rating Scheme's privacy policy, why we require data, what we do with the data and your rights.

The Food Standards Agency is what is known as the ‘Controller’ of the personal data provided to us.

Why the FSA needs the data

The personal information FSA holds consists of: the name of the food business operator, the registered business address and the business telephone number. The Food Standards Agency obtains this information from local authorities.

The FSA needs to collect this information for the purpose of publishing food hygiene ratings. The data is also combined with the information from business insight data supplied by a market intelligence provider, in order to carry out analysis. FSA does this in line with the performance of their official duties in the exercise of the official authority vested in the agency and in the public interest. No personal data that is not needed is collected.

The FSA will also analyse this information along with other information they hold about the user and information they have obtained from public and/or private sources for the purpose of helping us evaluate risk. The FSA do this in line with the exercise of official authority vested in the agency by the Food Standards Act and the performance of a task carried out in the public interest.

What the FSA does with data

The FSA retains personal information only for as long as necessary to carry out these functions, and in line with their retention policy. This means that this information will be retained for review after 10 years.

All the personal data the FSA processes is located on servers within the European Union. Any cloud based services have been procured through the government framework agreements and these services have been assessed against the national cyber security centre cloud security principles.

No third parties have access to the personal data unless the law allows them to do so. In line with this commitment any information may be passed to HM Revenue and Customs, should a schedule 23 notice be issued to require the FSA to do so.

In addition, the Food Standards Agency will sometimes share data with other government departments, public bodies, and organisations which perform public functions to assist them in the performance of their statutory duties or when it is in the public interest. We may also share the data as part of risk evaluation and analysis with public bodies or other organisations, such as Trading Standards and Port Health Authorities, for the same reasons.