Guidance

Variety and seeds privacy notice

Updated 19 March 2024

Applies to England, Scotland and Wales

Your data is being collected by

The data controller is the Department for Environment, Food and Rural Affairs (Defra) for personal data that you give to the Animal and Plant Health Agency (APHA).

APHA is an Executive Agency of Defra. You can contact APHA’s Data Protection Manager by email at: data.protection@defra.gov.uk.

APHA also works with the Scottish Government and Welsh Government, who are joint controllers with APHA for any relevant personal data.

Any questions about how Defra/APHA is using your personal data and your associated rights should be sent to the above contact.

The Data Protection Officer responsible for monitoring that Defra/APHA is meeting the requirements of the legislation can be contacted by email at: DefraGroupDataProtectionOfficer@defra.gov.uk.

What personal data is collected

We collect the following items of personal data:

• name
• work address
• home address
• telephone number
• email address

Why APHA is using your data

Statutory functions

Personal data is collected and stored for APHA Plant Variety and Seeds statutory functions in relation to:

• plant variety rights which grant intellectual property rights for new varieties of plants
• national listing which is a requirement for marketing of the plants and seeds covered
• statutory certification schemes which are a requirement for marketing of the plants and seeds covered

For plant variety rights (PVR): for the purpose of grants and producing public records of plant breeders’ rights in the Plant Varieties and Seeds Gazette.

For national listing (NL): for the purpose of producing national lists and public records of national lists in the Plant Varieties and Seeds Gazette.

For the Seed Potato Classification Scheme (SPCS): for the purpose of producing public records of seed potatoes in the Register of Growers.

For the Fruit Propagation Certification Scheme (FPCS): for the purpose of producing public records in the FPCS annual register.

For the Seed Certification Scheme: for the purposes of:

• licensing individuals and organisations to carry out certain activities
• producing lists of individuals and organisations licensed under the scheme legislation

Non-statutory functions

Personal data is collected and stored for APHA Plant Variety and Seeds non-statutory functions in relation to:

• non-statutory plant certification schemes which are entered on a voluntary basis

For the Plant Health Propagation Scheme (PHPS): for the purpose of producing public records in the form of the PHPS annual register.

Personal data may also be used by APHA and shared with its technical contractors and non-official organisations in connection with carrying out the schemes (both statutory and voluntary) listed above.

Personal data may also be used for the purpose of biosecurity, pests and diseases control and management under EU and UK legislation (for notifiable pests and diseases) and under the scheme rules for other pests and diseases covered by those schemes, imports and exports, APHA training and advisory programme and for statutory food safety monitoring purposes. APHA may also use personal data to conduct research into the control and management of plant pests and diseases.

In addition, scanning surveillance functions carried out by APHA are necessary for the performance of a task performed in the public interest or in the exercise of official authority vested in the data controller to manage plant pest and diseases within the UK.

More information about APHA can be found at gov.uk/apha.

The legal basis for processing your data

Legal basis for processing include:

• the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• for compliance to a legal obligation on the controller
• the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract
• consent has been given to process data for one, or more specified purposes

Consent to process your data

Where data is legally required we do ask for consent to publish registers:

For the Seed Potato Classification Scheme (SPCS): for the purpose of producing public records of Seed Potatoes in the Register of Growers.

For the Fruit Propagation Certification Scheme (FPCS): for the purpose of producing public records in the FPCS annual register.

Consequences of not providing the necessary data

Personal data is required for APHA’s statutory functions in relation to NL, PVR, SPCS, FPCS and seed certification. There is also a legislative requirement to provide necessary personal data for these purposes.

For a current list of legislation please visit legislation.gov.uk.

For PHPS and other contractual based processing, your entrance into a contract with us is voluntary and necessary information is supplied to fulfil that contractual relationship.

For consent based processing you have a right to revoke this at any given time.

Personal data used for automated decision-making

The information you provide is not connected with individual decision making, in other words making a decision solely by automated means without any human involvement.

Personal data used for automated ‘profiling’ and the consequences of this

The information you provide is not connected with profiling, in other words automated processing of personal data to evaluate certain things about an individual.

Who APHA shares your data with

Personal data may be made available to local authorities and other public bodies in the UK and EU to meet legal requirements and regulatory and enforcement functions.

We may share data with Defra and its agencies, Welsh Government, Scottish Government, Northern Ireland Executive, Food Standards Agency and other official organisations and enforcement authorities.

We may share data with other organisations working for us to enable us to carry out our duties.

We may have to release information (including personal data and commercial information) under the following legislation:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Freedom of Information Act 2000
• Environmental Information Regulations 2004

We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.

Storing and using data outside the UK

A very small percentage of government records containing personal information are selected for permanent preservation at the National Archives. They are made available in accordance with the Freedom of Information Act 2000, as amended by the UK Data Protection Act 2018.

The data you provide will largely not be transferred outside of the UK. On rare occasions, when it is lawful and complementary to our work carried out in the public interest, research data may be transferred securely outside of the UK.

How long APHA will hold personal data

Retention periods are set by considering statutory, regulatory, legal, and security reasons, alongside historic value.

All information is held in accordance with APHA’s retention policy. If you would like more information contact enquiries@apha.gov.uk.

Your rights

Find out about your rights under data protection law.

Complaints

You have the right to lodge a complaint about the use of your personal data at any time with the Information Commissioner’s Office (ICO – the data protection supervisory authority).

APHA’s Personal Information Charter

APHA’s Personal Information Charter broadly sets out details of Defra’s processing of personal data.