Privacy Policy
In this Privacy Policy (the Policy) when we refer to “we”/“us”/“our” we mean Cefas. Cefas is the data controller for any personal data collected through this website and we follow all applicable UK data protection laws in how we treat your personal information.
What information we collect
We may collect certain information about you when you this site. “Personal data” is any information that can be used to identify you or that we can link to you.
This site collects and processes the following personal data:
information you provide to us: when you contact us with questions, queries or feedback, the personal data you provide may include your full name, email address and other contact details
community application; when you apply for membership with us you provide us with your name and contact details
How we use the information we collect
We may retain and process your personal data for the following reasons:
to keep a record of questions, queries or feedback you have sent to us
to comply with legal and regulatory obligations that we have to discharge
to record and monitor your use of our website or our other online services for business purposes e.g. analysis of usage, measurement of site performance and generation of marketing reports
to investigate any complaints or queries you may have
to prevent and respond to actual or potential fraud or illegal activities
The legal basis for using your personal data
Depending on the nature of the personal data, and the reason why we need it, we rely on the following legal bases to process your personal data:
consent – we might need your consent to use some of your personal data, in which case we will seek this consent from you
compliance with our legal obligations – we may need to collect, use and/or share your personal data with others in order for us to comply with our legal obligations
legitimate interests – we may use your personal data for our legitimate business interests, some of which are listed above under ‘How we use the information we collect’
Sharing your personal data with third parties
The personal data we collect may need to be shared with our supplier organisations, government departments, agencies and public bodies. We will only do this where it is necessary and the law allows us to.
We will not:
sell or rent your personal data to third parties
share your personal data with third parties for marketing purposes
We will share your personal data with third parties if we are required to do so by law – for example, by court order or to prevent fraud or other crime(s).
Keeping your information secure
Sending information over the internet is not completely secure, which means that we cannot guarantee the security of your data while it is in transit. We do, however, have procedures and suitable security measures in place to keep your personal data secure once we receive it, and it will only be made available to those with a business need to see it.
We are committed to doing all that we can to keep your data secure. We have systems and processes in place to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. We also make sure that any parties we use to process your personal data on our behalf do so securely.
How long we keep your personal data
We will only retain your personal data for as long as:
it is needed for the purposes for which has been collected/supplied to us
the law requires us to
In general, this means that we will only hold your personal data for a maximum of 2 years, unless stated otherwise in our policies.
Where your data is processed and stored
We design, build and run our systems to make sure that your personal data is as safe as possible at all stages, both while it’s being actively processed and when it is being stored.
All personal data we hold is stored in the UK or the European Economic Area (EEA).
Your choices and rights
You have the following rights:
to request information about how your personal data is processed
to request a copy of your personal data
to request that anything inaccurate in your personal data be corrected
to request that your personal data is erased if there is no longer a justification for holding it
to request that the processing of your personal data is restricted in certain circumstances
where we are processing your personal data on the basis that this is necessary for our legitimate interests, to object to the processing
where you we are processing your personal data on the basis of consent, to withdraw your consent and to request that we transfer the data to another organisation or to you
If you wish to make any of these requests, please contact using the details below.
Linking using personal data
Where web pages contain links to other websites, this Policy only applies to the community platform and does not cover; websites belonging to other government services, transactions or third party websites that we may link to. We do not take responsibility for the content of third-party websites or services which will have their own terms and conditions and privacy policies.
If you visit another website via this one, please read the privacy policy on that website to find out how it will use with your information. If you come to this community platform via another website, we may receive information from the other website. You should read the privacy policy of the website you came from to find out more about this.
Right to withdraw consent
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please delete your account.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
How to contact us
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact us by email cefassecurityteam@cefas.gov.uk
If you are not happy with our response, or still have concerns about the way in which we use your personal data, you can also make a complaint to the Information Commissioner, who is an independent regulator at:
The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Textphone: 01625 545860
https://ico.org.uk/make-a-complaint/
Changes to this policy
We may change this Policy from time to time by amending this page. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this Policy will apply to you and your data immediately.
If these changes materially affect you, or how your personal data is processed, we will take reasonable steps to let you know.
Last updated: June 2024