Animal and Plant Health Agency privacy notice
Updated 30 September 2024
Applies to England, Scotland and Wales
The privacy notice covers all of Animal and Plant Health Agency’s work.
More detailed information on how we manage personal data for each of our functions is included within individual privacy notices.
Your data is being collected by
The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).
APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
APHA also works with the Scottish Government and Welsh Government, who are joint controllers with APHA for any relevant personal data.
Any questions about how Defra and APHA are using your personal data and your associated rights should be sent to the above contact.
The Data Protection Officer responsible for monitoring that Defra and APHA is meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.
What personal data is collected
The personal data collected is made clear in individual APHA privacy notices or documentation that collects personal data.
How your data has been obtained
We have obtained your data either directly from you or a third party. How your data has been obtained in any particular case is made clear in individual APHA privacy notices or documentation that collects personal data.
Why APHA is using your data
Personal data is collected and stored to support APHA’s functions which include:
- identifying and controlling endemic and exotic diseases and pests in animals, plants and bees, and surveillance of new and emerging pests and diseases
- scientific research
- facilitating international trade in animals, products of animal origin, and plants
- protecting endangered wildlife through licensing and registration
- safeguard animal health and welfare; and protect human health where relevant (zoonoses)
- managing a programme of bee inspections, diagnostics, research and development, and training and advice
- regulating the safe disposal of animal by-products to reduce the risk of potentially dangerous substances entering the food chain
- employee data necessary to support staff management
- the safeguarding of employees, sub-contractors and customers (this may include very limited use of body worn video when necessary)
- for APHA’s statutory functions in relation to plant biosecurity; the environmental release of genetically modified organisms; and in the management of alien and invasive species - specifically for notifiable pests and diseases, imports and export controls, training and for statutory food safety monitoring purposes
More information about APHA can be found at www.gov.uk/apha.
The legal basis for processing your data
Legal bases for processing include:
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for compliance to a legal obligation on the controller
- the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract
- you have given us consent to process your data for one or more specified purposes
Consent to process your data
Where the legal basis for processing your personal data is your consent, you can opt out at any time and details of how you can do that are made available to you by the team that is processing your personal data.
A legal or contractual requirement to provide personal data
Sometimes you are legally or contractually required to share personal data by APHA. These situations are made clear in the relevant privacy notices.
Consequences of not providing the necessary data
For statutory and public interest purposes it is necessary to provide data as stated in the relevant legislation.
For contractual based processing, your entrance into a contract with us is voluntary and necessary information is supplied to fulfil that contractual relationship.
For consent based processing you have a right to revoke this at any given time.
Personal data used for automated decision making
The information you provide is not connected with individual decision making, in other words making a decision solely by automated means without any human involvement.
Personal data fused or automated ‘profiling’ and the consequences of this
The information you provide is not connected with profiling, in other words automated processing of personal data to evaluate certain things about an individual.
Who APHA shares your data with
Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements and regulatory and enforcement functions.
We may share data with Defra and its agencies, Welsh Government, Scottish Government, Northern Ireland Executive, Food Standards Agency and other official organisations and enforcement authorities.
We may share data with other organisations working for us to enable us to carry out our duties.
We may have to release information (including personal data and commercial information) under the following legislation:
- UK General Data Protection Regulation (UK GDPR)
- UK Data Protection Act 2018
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.
Storing and using personal data outside the UK
A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.
The data you provide will largely not be transferred outside of the UK. On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the UK.
How long APHA holds personal data for
All information with APHA is held in accordance with our retention policy, if you would like more information please contact enquiries@apha.gov.uk.
In specific circumstances information may be held for longer periods. Examples include:
- appeal
- audit activity
- complaint
- irregularity
- legal action
- a formal request for information
- if it sets a precedent
- scientific or historical research purposes
Your rights
Find out about your rights under data protection law.
Complaints
You have the right to lodge a complaint about the use of your personal data at any time with Information Commissioner’s Office (ICO – the data protection supervisory authority).
APHA’s personal information charter
APHA’s personal information charter broadly sets out how APHA processes personal data.