Privacy Notice

Privacy Policy 

In this Privacy Policy (the Policy) when we refer to Cefas or “we”/“us”/“our” we mean Cefas (Centre for Environment, Fisheries and Aquaculture Science). Cefas is the data controller for any personal data collected through cefas.co.uk and we follow all applicable UK data protection laws in how we treat your personal information. 

If you follow a link to a service provided by another government department, agency or local authority, that organisation will: 

  • be the data controller for that site 
  • be responsible for processing any data you share with them 
  • publish and manage their own privacy notice with details of how to contact them 

This Policy describes: 

  • What information we collect 
  • How we use the information we collect 
  • The legal basis for using your personal data 
  • What we do with your personal data 
  • Keeping your information secure 
  • How long we keep your personal data 
  • Where your data is processed and stored
  • Your choices and rights 
  • Linking using personal data 
  • Changes to this policy 
  • How to contact us 

 

What information we collect 

We collect certain information about you when you use cefas.co.uk. “Personal data” is any information that can be used to identify you or that we can link to you. 

This site collects and processes the following personal data: 

  • information you provide to us: when you contact us with questions, queries or feedback, the personal data you provide may include your full name, email address and other contact details 
  • recruitment application; when you apply for a role with us you may be need to provide us with your name and contact details along with various personal employment data, this is processed in line with our Recruitment Policy; and 
  • cookies and site monitoring: when you access cefas.co.uk, we may record your IP address, details of which version of web browser you used and information on how you use the site, using cookies and page tagging techniques. 

For more information regarding how we collect and use personal data collected via cookies, see our Cookies Policy, where you can also find information on how to disable certain cookies by using appropriate features of your web browser software, if available. 

 

How we use the information we collect 

We may retain and process your personal data for the following reasons: 

  • to keep a record of questions, queries or feedback you have sent to us 
  • where you have applied for vacancy information or a position with us, to review and process your job application 
  • to comply with legal and regulatory obligations that we have to discharge 
  • to record and monitor your use of our website or our other online services for business purposes e.g. analysis of usage, measurement of site performance and generation of marketing reports 
  • to investigate any complaints or queries you may have 
  • to prevent and respond to actual or potential fraud or illegal activities 

 

The legal basis for using your personal data 

Depending on the nature of the personal data, and the reason why we need it, we rely on the following legal bases to process your personal data: 

  • consent – we might need your consent to use some of your personal data, in which case we will seek this consent from you 
  • compliance with our legal obligations – we may need to collect, use and/or share your personal data with others in order for us to comply with our legal obligations 
  • legitimate interests – we may use your personal data for our legitimate business interests, some of which are listed above under ‘How we use the information we collect’ 

 

Sharing your personal data with third parties 

The personal data we collect may need to be shared with our supplier organisations, government departments, agencies and public bodies. We will only do this where it is necessary and the law allows us to. 

We will not: 

  • sell or rent your personal data to third parties  
  • share your personal data with third parties for marketing purposes 

We will share your personal data with third parties if we are required to do so by law – for example, by court order or to prevent fraud or other crime(s). 

 

Keeping your information secure 

Sending information over the internet is not completely secure, which means that we cannot guarantee the security of your data while it is in transit. We do, however, have procedures and suitable security measures in place to keep your personal data secure once we receive it, and it will only be made available to those at Cefas with a business need to see it. 

We are committed to doing all that we can to keep your data secure. We have systems and processes in place to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. We also make sure that any parties we use to process your personal data on our behalf do so securely. 

 

How long we keep your personal data 

We will only retain your personal data for as long as: 

  • it is needed for the purposes for which has been collected/supplied to us 
  • the law requires us to 

In general, this means that we will only hold your personal data for a maximum of 2 years, unless stated otherwise in our policies. 

 

Where your data is processed and stored 

We design, build and run our systems to make sure that your personal data is as safe as possible at all stages, both while it’s being actively processed and when it is being stored. 

All personal data we hold is stored in the UK or the European Economic Area (EEA). 

 

Your choices and rights 

You have the following rights: 

  • to request information about how your personal data is processed 
  • to request a copy of your personal data 
  • to request that anything inaccurate in your personal data be corrected 
  • to request that your personal data is erased if there is no longer a justification for holding it 
  • to request that the processing of your personal data is restricted in certain circumstances 
  • where we are processing your personal data on the basis that this is necessary for our legitimate interests, to object to the processing 
  • where you we are processing your personal data on the basis of consent, to withdraw your consent and to request that we transfer the data to another organisation or to you 

If you wish to make any of these requests, please contact using the details below. 

 

Linking using personal data 

Where cefas.co.uk contains links to other websites, this Policy only applies to cefas.co.uk and does not cover; websites belonging to other government services, transactions or third party websites that we may link to. Cefas does not take responsibility for the content of third-party websites or services which will have their own terms and conditions and privacy policies. 

If you visit another website via this one, please read the privacy policy on that website to find out how it will use with your information. If you come to cefas.co.uk via another website, we may receive information from the other website. You should read the privacy policy of the website you came from to find out more about this. 

 

Right to withdraw consent  

In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact cefassecurityteam@cefas.co.uk .  

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 

 

How to contact us 

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at: 

Cefas Security Team Cefas 
Pakefield Road 
Lowestoft 
Suffolk 
NR33 0HT 

cefassecurityteam@cefas.co.uk. 

 

If you are not happy with our response, or still have concerns about the way in which we use your personal data, you can also make a complaint to the Information Commissioner, who is an independent regulator at: 

The Information Commissioner's Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire SK9 5AF 

casework@ico.org.uk 
Telephone: 0303 123 1113 
Textphone: 01625 545860 

Website: https://ico.org.uk/make-a-complaint/ 
 

Changes to this policy 

We may change this Policy from time to time by amending this page. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this Policy will apply to you and your data immediately. 

If these changes materially affect you, or how your personal data is processed, we will take reasonable steps to let you know. 

This policy was last updated on 22/09/2021.