One Health privacy notice
Updated 19 March 2024
Applies to England, Scotland and Wales
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/animal-and-plant-heath-agency-privacy-notices/one-health-privacy-notice
Your data is being collected by
The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).
APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
APHA also works with the Scottish Government and Welsh Government, who are joint controllers with APHA for any relevant personal data.
Any questions about how Defra or APHA are using your personal data and your associated rights should be sent to APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.
The Data Protection Officer responsible for monitoring that Defra and APHA are meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.
What personal data is collected
The following personal data is collected:
- name
- address
- contact details for example, phone and email
- CPH location
When processing refunds (within the invoicing function) we may be required to collect customer bank details
Why APHA is using your data
APHA carries out a series of surveillance schemes and monitoring of diseases in livestock which include:
- animal feed controls
- use of veterinary medicine on farms
- control and, if needed, eradication of a series of diseases:
- Transmissible Spongiform Encephalopathies (TSEs), for example BSE (“mad cow disease”) and scrapie
- Salmonellas that can cause disease in people and poultry through the implementation of National Control Programmes
- any other diseases which can be transmitted from animals to people (zoonoses)
- implementation of mitigating measures in any chemical contamination incident on farm
We will collect information that allows us to approve, register, inspect, sample, and carry out control measures, as appropriate. The purpose for this is to ensure the safety of the food chain and animal feed, to support the international trade of food and animal feed to ensure there are plans in place to mitigate notifiable diseases.
In some cases, where APHA carries out charging or billing, financial data may also be held.
Where required to by law, data may be published on UK Government or EU websites. Data may also be used for research purposes when compliant with GDPR.
More information about APHA can be found at gov.uk/apha.
The legal basis for processing your data
Legal bases for processing include:
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for compliance to a legal obligation on the controller
Consequences of not providing personal data
For statutory and public interest purposes it is necessary to provide data as stated in the relevant legislation.
For a current list of legislation managing these diseases visit legislation.gov.uk.
Personal data used for automated decision making
The information you provide is not connected with:
- individual decision making, in other words making a decision solely by automated means without any human involvement
- profiling, in other words automated processing of personal data to evaluate certain things about an individual
Who APHA shares your data with
Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements.
We may share data with Defra and its agencies, Welsh Government, Scottish Government, Food Standards Agency, Public Health, and other organisations and enforcement authorities.
We may have to release information (including personal data and commercial information) under the following legislation:
- UK General Data Protection Regulation (UK GDPR)
- UK Data Protection Act 2018
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.
Storing and using data outside the UK
A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the Data Protection Act 2018.
The data you provide will largely not be transferred outside of the European Economic Area (EEA). On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the EEA.
How long APHA holds personal data
All information within APHA is held in accordance with our retention policy, if you would like more information contact enquiries@apha.gov.uk.
In specific circumstances information may be held for longer periods. Examples include:
- appeal
- audit activity
- complaint
- irregularity
- legal action
- a formal request for information
- if it sets a precedent
- scientific or historical research purposes
Your rights
Find out about your rights under data protection law.
Complaints
You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).
APHA’s personal information charter
APHA’s personal information charter broadly sets out details of Defra’s processing of personal data.