Plant biosecurity, Genetically Modified Organisms (GMO) inspections and alien and invasive species: privacy notice
Updated 30 September 2024
Applies to England, Scotland and Wales
Your data is being collected by
The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).
APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
APHA also works with the Scottish Government and Welsh Government, who are joint controllers with APHA for any relevant personal data.
Any questions about how Defra or APHA are using your personal data and your associated rights should be sent to APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
The Data Protection Officer responsible for monitoring that Defra and APHA are meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.
What personal data is collected
We collect the following items of personal data:
- name
- address
- phone number
- addresses of stakeholders that we work with
Why APHA is using your data
Personal data is collected and stored for APHA’s statutory functions in relation to plant biosecurity; the environmental release of genetically modified organisms (GMOs); and in the management of alien and invasive species. Specifically for notifiable pests and diseases, imports and export controls, training and for statutory food safety monitoring purposes.
In addition, scanning surveillance functions by APHA are necessary for the performance of tasks carried out in the public interest or in the exercise of an official authority vested in the data controller to manage plant biosecurity in England and Wales and genetic modification (GM) legislation within England.
APHA may also use this data to conduct research into the control and management of GMOs, pests and diseases in a manner which is compliant with data protection legislation.
The legal basis for processing your data
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
A legal or contractual requirement to provide personal data
You are required by law (the Environmental Protection Act 1990 (as amended)) to provide your personal data to APHA in cases where an inspector is investigating whether a person is keeping or has kept any GMOs or where it is believed that any GMOs have been released or have escaped.
We offer an audit service to seed importers and producers of species at risk of adventitious presence of GMOs. Your acceptance of an offer of an audit is entirely voluntary and there is no legal obligation on you to supply any personal data for this purpose.
Consequences of not providing the necessary data
If you do not provide the personal data required by law, you will not be able to trade in those commodities to which this privacy notice refers and, in some cases, may constitute an offence under relevant legislation.
If you do not provide personal data when offered a voluntary audit, you will not be able to benefit from the audit.
Who APHA shares your data with
Personal data may be made available to local authorities and other public bodies in the UK to meet legal requirements.
We may share data with Defra and its agencies, Welsh Government, Scottish Government, Food Standards Agency, Public Health, and other organisations and enforcement authorities.
We may have to release information (including personal data and commercial information) under the following legislation:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.
Storing and using personal data outside the UK
A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.
All information within APHA is held in accordance with our retention policy. If you would like more information contact enquiries@apha.gov.uk.
In specific circumstances information may be held for longer periods. Examples include:
- appeal
- audit activity
- complaint
- irregularity
- legal action
- a formal request for information
- if it sets a precedent
- scientific or historical research purposes
How long APHA holds personal data for
Retention periods are set by considering statutory, regulatory, legal, and security reasons, alongside historic value.
All information in APHA is held in accordance with our retention policy. If you would like more information please contact enquiries@apha.gov.uk.
Your rights
Find out about your rights under data protection law.
Complaints
You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).
APHA’s personal information charter
APHA’s personal information charter broadly sets out details of Defra’s processing of personal data.