Food Safety Solutions

Effective from 9 January 2026

“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

References to “We”, “Us” and “Food Safety Solutions (FSS)” in this Data Protection Statement shall apply to organisation that is processing your Personal Data.  

In order to provide our services, we need to process Personal Data. We are committed to protecting the rights and privacy of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).  

The Purpose and Structure of this Data Protection Statement

This Data Protection Statement describes our approach to data protection and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.  

The protection of your Personal Data is important to us and we are committed to protecting and safeguarding your rights.  

Who this Data Protection Statement Applies to  

This Data Protection Statement provides specific information relating to the following individuals whose Personal Data we process:   

• contact data of those we engage with as part of the day-to-day operation of FSS including our customers, suppliers and partners, members of the public “FSS Contacts”; and
• users/guests of our Website “Website Users”.

Categories of Personal Data  

We process the following categories of Personal Data. For each category we have included an example of the type of Personal Data that maybe part of that category:  

• Identification Data may include a person’s name.
• Contact Data may include a person’s email address, phone number, postal address, other communication details (e.g. online meeting ID).
• Communication Data may include phone calls, email correspondence and hard copy correspondence.
• Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
• Financial Data may include payment related information or bank account details and financial data.
• Web Data may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

1. Our Legal Basis for Processing Personal Data  

We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.  When FSS processes Personal Data it is generally on one of the following legal basis:  

Contract  

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract;  

Consent

Where we rely on your consent to process Personal Data, that consent will be freely given, specific, informed and unambiguous. You have the right to withdraw your consent at any time by contacting [email protected], and such withdrawal will not affect the lawfulness of processing prior to the withdrawal. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.  

Legitimate Interest  

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.  We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.  

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at [email protected] and we will review our processing activities.

Legal Obligation  

If we have a legal obligation to process Personal Data, such as queries by enforcement agencies, payment of taxes etc., we will process Personal Data on this legal ground.  

Our Processing Activities

We use your Personal Data to provide you with our services and to assist us in the operation of FSS. Under data protection law, we must ensure that the purpose of processing is clear.   We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing:  

Service Delivery activities

Purpose of Processing  

1. to contact you regarding payments to and from you;
2. for relationship management and support;
3. to send notifications about changes/updates to our products and services;
4. to fulfil our legal and contractual obligations.

Categories of personal data  

• Identification Data
• Contact Data
• Communications Data

Lawful basis  

• Contract
• Legitimate Interest

Marketing activities  

Purpose of processing  

1. to respond to any requests from you;
2. to send newsletters and other information that maybe of interest;
3. to contact you as part of our relationship or for general administration.

Categories of personal data  

• Marketing Data
• Contact Data
• Web data

Lawful basis  

• Consent
• Legitimate interest

Website Delivery  

Purpose of processing  

1. to respond to web forms completed by you;
2. to promote our services;
3. to administer the Website; and
4. for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes;
5. to ensure the safety and security of our website and our services.

Categories of personal data  

• Contact Data
• Web Data

Lawful basis  

• Consent
• Legitimate Interest

Administration of Relationship  

Purpose of processing  

1. to manage / respond to a complaint / appeal
2. to notify you of updates to this Data Protection Statement

Categories of personal data  

• Identification Data
• Contact Data
• Communication Data
• Financial Data

Lawful basis  

• Contract
• Legitimate interest

Managing payments and administration of the contract  

Purpose of processing  

1. to process payments to and from the organisation.

Categories of personal data  

• Identification Data
• Contact Data
• Communication Data
• Financial Data

Lawful basis

• Contract
• Legitimate Interest

Governance  

Purpose of processing  

1. to enter into partnerships and other commercial relations  
2. to undertake appropriate due diligence

Categories of personal data  

• Identification Data
• Contact Data
• Communication Data
• Financial Data

Lawful basis  

• Contract
• Legitimate Interest
• Legal Obligation

Sources of Personal Data  

FSS Contact Personal Data   

We collect Personal Data from our general contacts including; customers, suppliers, partners and members of the public. We source FSS Contact Personal Data in order to manage the organisation and deliver our services.  

We will only ever source Personal Data that is necessary and in a way that would be generally expected. We receive Personal Data about FSS Contact from a variety of sources, as follows:   

• the Personal Data is often provided by the FSS Contact as part of the relationship;
• the Personal Data may be collected from public sources;
• the Personal Data may be collected indirectly from another person within the same organisation as the FSS Contact;
• the Personal Data may be collected through our website;
• the Personal Data may be collected indirectly from a website or from a third party.

Web data  

We collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.  

We receive Web Data about Website Users who access our advertisements or our Website regardless of whether they interact or register with the Website.

Disclosure of Personal Data

In certain circumstances, we may disclose Personal Data to third parties as follows:  

• to partners and subcontractors for the performance of any contract relating to our services, including email, Skype, Customer Relationship Management system, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;  
• to analytics and search engine providers that assist us in the improvement and optimisation of the Website;  
• if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including enforcement, tax, audit or other authorities), or in order to enforce or apply any contracts that we have;  
• to protect our rights, property, or safety, or FSS Contact or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection.  

When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.  

We share your Personal data with external service providers (data processors) only where necessary to provide services on our behalf and subject to binding contracts under Article 28 GDPR. Where we share data with other independent or joint controllers, we ensure appropriate transparency and governance measures are in place.  

Security Measures  

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law, including the GDPR. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.  

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.   

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.  

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.  

We use encryption, access controls, pseudonymisation where appropriate. Access to Personal Data is restricted to authorised personnel under strict confidentiality obligations.

Transfers outside the EEA  

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.  

If we transfer Personal Data outside of the EEA, there is a general reliance on appropriate safeguards such as Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or transfers to countries with adequacy decisions. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.  Where we rely on Standard Contractual Clauses, we conduct Data Transfer Impact Assessments (TIAs) to assess the adequacy of protection in the recipient country, in line with EDPB Recommendations 01/2020.

Cookies   

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies that are not strictly necessary for the operation of this site will only be placed on your device with your prior, informed consent.  

Third party websites 

Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

Retention   

We periodically review all retention periods to ensure they are necessary and proportionate. Where specific retention cannot be stated, we retain data only for as long as necessary based on our legal obligations and operational needs.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.  

After the retention period, we anonymise the data irreversible, removing all identifiers so that individuals can no longer be identified. This anonymised data may be used for statistical and research purposes. Where data is only pseudonymised, it remains Personal Data and is protected accordingly.  

Our retention policy is as follows:  

Service Delivery Activities

Categories of personal data  

• Identification Data  
• Contact Data   
• Communications Data  

Retention period - 24 months after completion of service delivery activities in the case where there is no further meaningful engagement.  

Marketing and Promotion Activities  

Categories of personal data  

• Marketing Data   
• Contact Data   
• Web Data  

Retention period - 12 months in the case where no meaningful engagement or earlier in the case you unsubscribe.  

Website Delivery  

Categories of personal data  

• Web Data  

Retention period - 24 months.

Managing Payments and administration of the contract  

Categories of personal data  

• Identification Data  
• Contact Data   
• Communication

Retention period - 7 years.

Governance  

Categories of personal data  

• Identification Data  
• Contact Data   
• Communication Data  
• Financial Data

Retention period - 7 years unless required to retain indefinitely .

In certain cases, we may retain Personal Data for longer than specified here if required under relevant laws or in the event of any legal claim.  

Your Rights  

You have various rights relating to how your Personal Data is used.  

Right of access to the Personal Data we hold on you  

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.  

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.  

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.  

Right of rectification of Personal Data  

You have the right to have inaccurate or incomplete Personal Data rectified or completed without undue delay. We will inform any third parties with whom your data has been shared of such rectifications where legally required. We may not always be able to change or remove that Personal Data, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.   

Right of erasure of Personal Data (right to be forgotten)  

In some circumstances you can ask for your Personal Data to be deleted, for example, where:  

• your Personal Data is no longer needed for the reason that it was collected in the first place,  
• you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it),  
• there is no lawful basis for the use of your Personal Data, or  
• deleting the Personal Data is a legal requirement.  

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we can’t delete your Personal Data where:  

• we are required to have it by law,  
• it is used for freedom of expression,  
• it is used for public health purposes,  
• it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing, or  
• it is necessary for legal claims.  

Right to restrict what we use your Personal Data for  

You have the right to ask us to restrict what we use your Personal Data for where:  

• you have identified inaccurate Personal Data, and have told us of it  
• where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether  

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.  

Right to have your Personal Data moved to another provider (data portability)  

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.   This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.  

Right to object  

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.  

Right not to be subject to automated decision-making  

FSS does not engage in any automated decision-making, including profiling that produces legal or similarly significant effects. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.  

You can make a complaint   

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.  

Amendments to this Data Protection Statement  

We will post any changes on the Website and when doing so will change the effective date at the top of this Data Protection Statement. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.  In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Our Contact Information  

If you have any questions about this Statement or how your data is processed, you may contact our Compliance Officer at [email protected] or write to Food Safety Solutions, 6-9 Trinity Street, Dublin 2, D02EY47.

If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached.  

Supervisory Authority   

Ireland:  The Supervisory Authority in Ireland may be contacted as follows:

 Online Form: https://forms.dataprotection.ie/contact  

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland  

Telephone: +353 578 684 800 or +353 761 104 800