Personal information charter
Our standards for requesting or storing personal information.
MMO Privacy Notice
This notice is provided as an overview of how the Marine Management Organisation (“The MMO”, “we”, “our”) process and use the personal data we collect in order to deliver our public, regulatory and business services. It is not intended as a fully comprehensive description of every data processing activity we undertake - further detail on how we process personal data in relation to individual activities or services is provided in separate privacy notices which are specific to that activity or service.
The MMO is a registered data controller with the Information Commissioner’s Office (“ICO”). Our unique registration number is Z2205091.
The statutory duties of the MMO are specified in the Marine and Coastal Access Act of 2009, the Fisheries Act of 2020 and other associated legislation as referred to in those Acts.
Data Collection
The personal information we collect is that which data subjects provide to the organisation via direct engagement as well as information provided to us by third parties in the course of regulatory activities. This includes, but is not limited to information provided via:
- Consultation and survey responses
- Complaints, enquiries and feedback
- Job applications and employee activity
- Applications for funding
- Applications for licences
- Investigations, monitoring and enforcement activities
Data Processing
Personal information is processed for the following purposes:
- Processing requests and delivering services requested from us by members of the public
- Sending requested information to data subjects.
- Sending marketing information (only where a person has specifically consented to this)
- Auditing the usage of our website
- To comply with our employment-related obligations to our staff and contractors
- To comply with other legal obligations including fraud prevention and crime prevention
- Performing our statutory functions including (but not limited to) marine planning, marine licensing, fisheries management, conservation, responding to marine emergencies, investigations, monitoring and enforcement.
The lawful basis under which we process personal data will be defined at the point of collection. Where the MMO processes any personal data in relation to criminal offences or investigations, this is done so under Part 3 of the Data Protection Act which states that competent authorities shall process personal data for law enforcement purposes. The MMO qualifies as a competent authority by virtue of its statutory functions as set out in the Marine and Coastal Access Act 2009 and the Fisheries Act 2020.
Data Retention
We will retain personal information in line with the period outlined at the time the information is collected, and only for as long as it necessary to do so. Retention periods can be determined by legislative or contractual obligations, or by best practice as outlined in the Public Records Act. We employ several measures such as encryption, access controls and information management training for our staff to ensure that personal information is kept safe and secure both during the time we process it and when we dispose of it.
Data Sharing & Data Disclosure
We will only disclose personal information to third parties when:
- We have sought consent to do so; or
- Where there is a legitimate business need to do so, as we may use third parties to process data on our behalf or run projects in conjunction with other organisations. Should we anticipate such a need, we will inform data subjects at the point their data is collected or at the nearest possible opportunity; or
- Where we are under a duty to do so in order to comply with a legal obligation, or we are permitted to do so to protect the rights, property or safety of others. This includes (but is not limited to) exchanging information with other organisations for the purposes of fraud protection and crime prevention.
- Where we are required to do so in the support of either our or another public body’s statutory duties and official functions.
Customer Offer – Appointments Process: Receiving and Logging Industry Calls
The Marine Management Organisation (MMO) is a registered data controller under the information Commissioners Office (ICO), our registration number is Z2205091. For more information about the MMO, please check the MMO Home page. This notice explains how we use your data and how we protect your privacy when you use our website and contact us by telephone and email. As our services develop, we will continue to update and review this statement to comply with both the law and customer feedback
Purpose for Processing
MMO Coastal offices provide a platform for receiving marine industry enquiries. The Customer Offer provides a consistent process whereby industry can call a local MMO coastal office to speak the MMO. These telephone enquires are logged and the information passed onto an appropriate member of the MMO who can respond to an industry query relating to commercial or recreational fisheries, wildlife licensing, marine licensing or marine planning.
The MMO will use the personal stakeholder data to pass onto other MMO colleagues that are best suited to contact and progress the stakeholder’s query.
The MMO will retain personal data such as stakeholder name, contact information and the nature of the query. This provides a documented proof of the date and time the stakeholder was contacted, who took the call and who the information was passed onto within the MMO.
This data will also provide data on the number of telephone enquiries to the MMO.
The Information
For the initial incoming call process the following information will be collected:
- Your name
- Company and /or vessel details
- Contact number (landline or mobile)
- Email address
- Nature of the call
How will the Information be used
The MMO will use your personal information from the initial incoming call to retain the details on an internal spreadsheet and pass onto a suitable member of the MMO via email who can assist the caller with their query.
Security
All information collected under this privacy notice will be processed in line with the principles set out in HM Government Security Policy Framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information. We will hold the information collected under the FVL process while there is an ongoing business need or regulatory requirement to retain the information and in compliance with our retention scheme.
International Transfers
On 28 June 2021, the European Union (“the EU”) formally recognised the UK’s data protection standards and granted the UK adequacy status to allow the flow of personal data between the UK and the European Economic Area (“the EEA”). Where it is necessary for data to be transferred outside of the EEA, (e.g., for the fulfilment of a legal requirement or for law enforcement purposes), we will ensure that we have the correct safeguards in place to protect personal data.
Your Rights
Data subjects have several individual rights under the Data Protection Act. These include the right to access information that we hold about a living individual and in some cases, the right to have personal data rectified, erased or restricted and to object to certain uses of that data. This does not affect the legality of what we do with personal data before such a request is made and would not stop us from continuing to use personal data to the extent that we do not require consent. It would stop us from further using personal data for purposes which do require consent (e.g., marketing). Further information on data subject rights is available from the ICO’s website.
Where personal information processed for law enforcement purposes, an individual’s rights are slightly different. Please refer to the ICO website for further information.
The MMO does not process data about children or provide services directly to children.
If you wish to make a request under one of these aforementioned rights, please email dataprotection@marinemanagement.org.uk or write to us at the address below, marking your communication for the attention of the Data Protection Manager.
Lancaster House
Hampshire Court
Newcastle Upon Tyne
NE4 7YH
You can also contact the Data Protection Officer for the Dept. for Environment, Food & Rural Affairs (“DEFRA”) at the following address:
Defra Group DPO Office, 4th Floor,
Seacole, Marsham Street,
Westminster
London
SW1P 4DF
Email: DefraGroupDataProtectionOfficer@defra.gov.uk If an individual is unhappy with the way in which we have collected or handled their personal data, they have the right to make a complain to the ICO, further information on which is available on the ICO’s website.
Changes to this Privacy Notice We reserve the right to update this privacy notice at any time. Any updates will be published on this page. This notice was last updated on 3rd November 2021.