Guidance

One Health privacy notice

Updated 30 September 2024

Applies to England, Scotland and Wales

Your data is being collected by

The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).

APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.

APHA also works with the Scottish Government and Welsh Government, who are joint controllers with APHA for any relevant personal data.

Any questions about how Defra or APHA are using your personal data and your associated rights should be sent to APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.

The Data Protection Officer responsible for monitoring that Defra and APHA are meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.

What personal data is collected

The following personal data is collected:

  • name
  • address
  • contact details for example, phone and email
  • CPH location

When processing refunds (within the invoicing function) we may be required to collect customer bank details

Why APHA is using your data

APHA carries out a series of surveillance schemes and monitoring of diseases in livestock which include:

  • animal feed controls
  • use of veterinary medicine on farms
  • control and, if needed, eradication of a series of diseases:
    • Transmissible Spongiform Encephalopathies (TSEs), for example BSE (“mad cow disease”) and scrapie
    • Salmonellas that can cause disease in people and poultry through the implementation of National Control Programmes
    • any other diseases which can be transmitted from animals to people (zoonoses)
  • implementation of mitigating measures in any chemical contamination incident on farm

We will collect information that allows us to approve, register, inspect, sample, and carry out control measures, as appropriate. The purpose for this is to ensure the safety of the food chain and animal feed, to support the international trade of food and animal feed to ensure there are plans in place to mitigate notifiable diseases.

In some cases, where APHA carries out charging or billing, financial data may also be held.

Where required to by law, data may be published on UK Government or EU websites. Data may also be used for research purposes when compliant with GDPR.

More information about APHA can be found at gov.uk/apha.

Legal bases for processing include:

  • the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for compliance to a legal obligation on the controller

Consequences of not providing personal data

For statutory and public interest purposes it is necessary to provide data as stated in the relevant legislation.

For a current list of legislation managing these diseases visit legislation.gov.uk.

Personal data used for automated decision making

The information you provide is not connected with:

  • individual decision making, in other words making a decision solely by automated means without any human involvement
  • profiling, in other words automated processing of personal data to evaluate certain things about an individual

Who APHA shares your data with

Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements.

We may share data with Defra and its agencies, Welsh Government, Scottish Government, Food Standards Agency, Public Health, and other organisations and enforcement authorities.

We may have to release information (including personal data and commercial information) under the following legislation:

  • UK General Data Protection Regulation (UK GDPR)
  • UK Data Protection Act 2018
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004

We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.

Storing and using data outside the UK

A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.

The data you provide will largely not be transferred outside of the European Economic Area (EEA). On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the EEA.

How long APHA holds personal data

All information within APHA is held in accordance with our retention policy, if you would like more information contact enquiries@apha.gov.uk.

In specific circumstances information may be held for longer periods. Examples include:

  • appeal
  • audit activity
  • complaint
  • irregularity
  • legal action
  • a formal request for information
  • if it sets a precedent
  • scientific or historical research purposes

Your rights

Find out about your rights under data protection law.

Complaints

You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).

APHA’s personal information charter

APHA’s personal information charter broadly sets out details of Defra’s processing of personal data.