MMO Privacy Notice
This notice is provided as an overview of how the Marine Management Organisation (“The MMO”, “we”, “our”) process and use the personal data we collect in order to deliver our public, regulatory and business services. It is not intended as a fully comprehensive description of every data processing activity we undertake - further detail on how we process personal data in relation to individual activities or services is provided in separate privacy notices which are specific to that activity or service.
The MMO is a registered data controller with the Information Commissioner’s Office (“ICO”). Our unique registration number is Z2205091.
The statutory duties of the MMO are specified in the Marine and Coastal Access Act of 2009, the Fisheries Act of 2020 and other associated legislation as referred to in those Acts.
The personal information we collect is that which data subjects provide to the organisation via direct engagement as well as information provided to us by third parties in the course of regulatory activities. This includes, but is not limited to information provided via:
- Consultation and survey responses
- Complaints, enquiries and feedback
- Job applications and employee activity
- Applications for funding
- Applications for licences
- Investigations, monitoring and enforcement activities
Personal information is processed for the following purposes:
- Processing requests and delivering services requested from us by members of the public
- Sending requested information to data subjects.
- Sending marketing information (only where a person has specifically consented to this)
- Auditing the usage of our website
- To comply with our employment-related obligations to our staff and contractors
- To comply with other legal obligations including fraud prevention and crime prevention
- Performing our statutory functions including (but not limited to) marine planning, marine licensing, fisheries management, conservation, responding to marine emergencies, investigations, monitoring and enforcement.
The lawful basis under which we process personal data will be defined at the point of collection. Where the MMO processes any personal data in relation to criminal offences or investigations, this is done so under Part 3 of the Data Protection Act which states that competent authorities shall process personal data for law enforcement purposes. The MMO qualifies as a competent authority by virtue of its statutory functions as set out in the Marine and Coastal Access Act 2009 and the Fisheries Act 2020.
We will retain personal information in line with the period outlined at the time the information is collected, and only for as long as it necessary to do so. Retention periods can be determined by legislative or contractual obligations, or by best practice as outlined in the Public Records Act.
We employ several measures such as encryption, access controls and information management training for our staff to ensure that personal information is kept safe and secure both during the time we process it and when we dispose of it.
Data Sharing & Data Disclosure
We will only disclose personal information to third parties when:
- We have sought consent to do so; or
- Where there is a legitimate business need to do so, as we may use third parties to process data on our behalf or run projects in conjunction with other organisations. Should we anticipate such a need, we will inform data subjects at the point their data is collected or at the nearest possible opportunity; or
- Where we are under a duty to do so in order to comply with a legal obligation, or we are permitted to do so to protect the rights, property or safety of others. This includes (but is not limited to) exchanging information with other organisations for the purposes of fraud protection and crime prevention.
- Where we are required to do so in the support of either our or another public body’s statutory duties and official functions.
On 28 June 2021, the European Union (“the EU”) formally recognised the UK’s data protection standards and granted the UK adequacy status to allow the flow of personal data between the UK and the European Economic Area (“the EEA”). Where it is necessary for data to be transferred outside of the EEA, (e.g., for the fulfilment of a legal requirement or for law enforcement purposes), we will ensure that we have the correct safeguards in place to protect personal data.
Data subjects have several individual rights under the Data Protection Act. These include the right to access information that we hold about a living individual and in some cases, the right to have personal data rectified, erased or restricted and to object to certain uses of that data. This does not affect the legality of what we do with personal data before such a request is made and would not stop us from continuing to use personal data to the extent that we do not require consent. It would stop us from further using personal data for purposes which do require consent (e.g., marketing). Further information on data subject rights is available from the ICO’s website.
Where personal information processed for law enforcement purposes, an individual’s rights are slightly different. Please refer to the ICO website for further information.
The MMO does not process data about children or provide services directly to children.
If you wish to make a request under one of these aforementioned rights, please email email@example.com or write to us at the address below, marking your communication for the attention of the Data Protection Manager.
Newcastle Upon Tyne
You can also contact the Data Protection Officer for the Dept. for Environment, Food & Rural Affairs (“DEFRA”) at the following address:
Defra Group DPO Office, 4th Floor,
Seacole, Marsham Street,
If an individual is unhappy with the way in which we have collected or handled their personal data, they have the right to make a complain to the ICO, further information on which is available on the ICO’s website.
Changes to this Privacy Notice
We reserve the right to update this privacy notice at any time. Any updates will be published on this page. This notice was last updated on 3rd November 2021.