Endemic disease privacy notice
Updated 30 September 2024
Applies to England, Scotland and Wales
Your data is being collected by
The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).
APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
APHA also works with the Scottish Government and the Welsh Government, who are joint controllers with APHA for any relevant personal data.
Any questions about how Defra and APHA are using your personal data and your associated rights should be sent to APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
The Data Protection Officer responsible for monitoring that Defra and APHA are meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.
What personal data is collected
We collect the following items of personal data:
- name
- work and home addresses
- contact details such as telephone number and email address
- records of APHA visits and their results
Details of the livestock for which you are the owner and/or keeper such as:
- CPHH (County Parish Holding Herd) number of your livestock premises
- flock or herd mark and individual animal identities, for example, ear tag or microchip numbers
- number, species, and production type of livestock kept
- location of your livestock premises
- disease status of your livestock including results of statutory tests
- details of other kept species and companion animals
How your data has been obtained
Data used by APHA is usually obtained directly from the data subjects (individuals themselves). Occasionally, where necessary under the relevant Animal Health and Welfare legislation, and for disease surveillance and control, data is referred from other bodies working closely with APHA (such as the UK Health Security Agency, Food Standards Agency, Food Standards Scotland, or local authorities).
Why APHA is using your data
APHA uses your data to:
- safeguard animal health and welfare; and protect human health where relevant (zoonoses)
- uphold and comply with Animal Health and Welfare legislation
APHA has a statutory requirement to collect personal data for the purpose of providing certification, licences, premises approvals and premises registrations for International Trade within the European Union (EU) and for imports from non-EU countries. In addition, for CITES, personal data is collected to process applications under EU Council Regulation 338/97 and Commission regulation 865/2006 and under section 7 of the Wildlife and Countryside Act for Registration of Birds.
No statutory requirement exists for APHA to collect personal data to provide export certification for live animals and products of animal origin for non-EU trade. Personal data is collected whilst carrying out this duty to facilitate non-EU trade as personal details are required to be included within the export certification to meet the import requirements of the Competent Veterinary Authorities of non-EU countries.
Where required to by law, data may be published on UK Government or EU websites.
More information about APHA can be found at gov.uk/apha.
The legal basis for processing your data
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for compliance to a legal obligation on the controller
- the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract
- consent has been given to process data for one or more specified purposes
Consent to process your data
Consent for processing personal data (Article 6(1)(a) UK GDPR) may be requested from individuals on occasion in specific circumstances.
A legal or contractual requirement to provide personal data
There is a legal requirement for you to provide personal data. The keeping of animals carries with it a legal responsibility for their health and welfare, including a legal requirement to report any suspicion of notifiable disease to the competent authority. The provision of personal data, such as a keeper’s name and address, is required to enable APHA to carry out official duties to abide by such legislation.
Consequences of not providing the necessary data
For statutory and public interest purposes it is necessary to provide data as stated in the relevant legislation. Persons not providing the data required for APHA to operate effectively under the Animal Health and Welfare legislation will be in breach of the legislation and will not be able to receive results from relevant tests, if appropriate.
For a current list of legislation managing these diseases visit legislation.gov.uk.
Who APHA shares your data with
Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements.
We may share data with Defra and its agencies, Welsh Government, Scottish Government, Food Standards Agency, Public Health, and other organisations and enforcement authorities.
We may have to release information (including personal data and commercial information) under the following legislation:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.
Storing and using data outside the UK
A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.
The data you provide will largely not be transferred outside of the UK. On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the UK.
How long APHA holds personal data for
Retention periods are set by considering statutory, regulatory, legal, and security reasons, alongside historic value.
All information in APHA is held in accordance with our retention policy. If you would like more information contact enquiries@apha.gov.uk.
Your rights
Find out about your rights under data protection law
Complaints
You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).
APHA’s personal information charter
APHA’s personal information charter broadly sets out details of Defra’s processing of personal data.