National Bee Unit – statutory bee health programme privacy notice
Updated 30 September 2024
Applies to England, Scotland and Wales
Your data is being collected by
The data controller is the Department for Environment, Food and Rural Affairs (Defra). You can contact Defra’s Data Protection Manager by email at: data.protection@defra.gov.uk.
Any questions about how Defra is using your personal data and your associated rights should be sent to Defra’s Data Protection Manager by email at: data.protection@defra.gov.uk.
The Data Protection Officer responsible for monitoring that Defra is meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.
The Animal and Plant Health Agency (APHA) also works with the Scottish Government and the Welsh Government and we are joint controllers for any relevant personal data.
Bee Disease Insurance (BDI) who collect membership data on behalf of British Bee Keeping Associations (BBKA) and Welsh Bee Keeping Association (WBKA) pass on personal details when the required permissions have been granted.
FERA Science Limited is the data processor contracted by Defra to process the data on their behalf.
What personal data is collected
Personal data collected is:
- name
- address
- email address
- phone numbers
- preferred language
- association membership status
- apiary locations
- number of colonies owned
Why APHA is using your data
Personal data is collected and stored for the APHA National Bee Unit’s statutory functions in relation to honey bee biosecurity, pests and disease control and management under UK legislation. Specifically for notifiable pests and diseases, imports and exports, NBU training and advisory programme, Wildlife Incident Investigation Scheme (WIIS), and for statutory food safety monitoring purposes.
In addition, scanning surveillance functions carried out by APHA are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller to manage honey bee pests and diseases animal disease within the United Kingdom.
APHA also uses this data in order to conduct research into the control and management of these pests and diseases.
More information about APHA can be found at www.gov.uk/apha.
The legal basis for processing your data
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for compliance to a legal obligation on the controller
- the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract
- consent has been given to process data for one or more specified purposes
Consent to process your data
See APHA’s personal information charter, which broadly sets out details of Defra’s processing of personal data.
A legal or contractual requirement to provide personal data
Personal data is collected to fulfil statutory requirement in relation to honey bee biosecurity, pests and disease control and management under UK legislation. Specifically notifiable pests and diseases, imports and exports, NBU training and advisory programme, Wildlife Incident Investigation Scheme (WIIS), and for statutory food safety monitoring purposes.
This requirement arises from the
- Bees Act 1980
- The Bee Diseases and Pests Control (England) Order 2006
- The Bee Diseases and Pests Control (England) (Amendment) Order 2021
- The Bee Diseases and Pests Control (Wales) Order 2006
- The Bee Diseases and Pests Control (Wales) (Amendment) Order 2021
Consequences of not providing the necessary data
For APHA’s statutory functions in relation to pest and disease control and management: specifically of honey bee imports, colony and bee movements and notifiable pests and diseases. There is a legislative requirement to provide necessary personal data.
For a list of the current honey bee and invasive species legislation visit: legislation.gov.uk.
For contractual based processing, your entrance into a contract with us is voluntary and necessary information is supplied to fulfil that contractual relationship.
For consent based processing you have a right to revoke this at any given time.
Who APHA shares your data with
Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements.
We may share data with Defra and its agencies, Welsh Government, Scottish Government, Food Standards Agency, Public Health, and other organisations and enforcement authorities.
We share data with Fera Science Limited for the purposes of processing this data and carrying out statutory and research functions on behalf of the data controllers.
We may have to release information (including personal data and commercial information) under the following legislation:
- UK General Data Protection Regulation (UK GDPR)
- UK Data Protection Act 2018
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.
Storing and using data outside the UK
A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.
The data you provide will largely not be transferred outside of the UK. On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the UK.
How long APHA holds personal data for
Retention periods are set by considering statutory, regulatory, legal, and security reasons, alongside historic value.
All information in APHA is held in accordance with our retention policy. If you would like more information contact enquiries@apha.gov.uk.
Your rights
Find out about your rights under data protection law.
Complaints
You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).
APHA’s personal information charter
APHA’s personal information charter broadly sets out details of Defra’s processing of personal data.