This is a new service – your  feedback will help us to improve it.

Privacy Notice:  Under 10m Catch Recording Service (


The Marine Management Organisation (Lead service owner), Marine and Fisheries Division of the Welsh Government, Fisheries Directorate of the Department of Environment Food and Agriculture (DEFA- Isle of Man), Sea Fisheries Officer (Guernsey), Marine Resources, Marine Department of Environment (Jersey) and the Department for Environment, Food and Rural Affairs (Defra) (including its agencies and public bodies) is under a duty to protect the public funds it administers, and to this end may use the information provided by its customers and suppliers for the prevention and detection of fraud. It may also share this information with other bodies responsible for auditing or administering public funds for these purposes. This notice sets out how we will use your data, and your rights. It is made under Article or 14 of the General Data Protection Regulation (GDPR).

The personal information charter gives more information about how we handle personal data.

The charter sets out what you can expect from us when we ask for, or hold, your personal data and includes the contact details when you wish to exercise one of your rights.

The MMO Personal Information Charter explains how we deal with your information. It also explains how you can ask to view, change or remove your information from our databases.

Who is collecting my data?

The Department for Environment, Food and Rural Affairs (Defra) is the data controller for the personal data you provide to access UK Export Catch Certificate Service operated by Defra and owned by Marine Management Organisation (MMO) as the lead service owner and other UK Marine Fisheries competent authorities operating in UK and its Crown dependencies with responsibility to manage recording of catch.

MMO in England and Marine Fisheries competent authorities in the UK (Scottish government, Northern Ireland government, Welsh government (jointly referred to as the devolved administrations) and the Sea Fisheries authorities of the governments of the  Isle of Man, Jersey and Guernsey (jointly referred to as the Crown Dependencies) are controllers of data collected for management and regulation of Marine Fisheries operated under the legal basis set out under the EU Common Fisheries Policies and the applicable EC Control Regulations.

The data controller and lead service owner is the Marine Management Organisation (MMO). You can contact the MMO Data Protection Manager at:


Data Protection Manager, Marine Management Organisation, Lancaster House, Hampshire Court, Monarch Road, Newcastle upon Tyne, NE4 7YH


Any questions about how we are using your personal data and your associated rights should be sent to the above contact.

The Data Protection Officer responsible for monitoring that the MMO is meeting the requirements of the legislation is:


Stephen Latham, Department for Environment, Food and Rural Affairs, SW Quarter, 2nd floor, Seacole Block, 2 Marsham Street, London SW1P 4DF


What your data is being collected and used for and the legal basis for processing

Legal basis for Catch Recording

  1. Commission Regulation No 1010/2009  - (EUROPEAN COMMUNITY CATCH CERTIFICATE - Simplified form for fishery products fulfilling the requirements in Article 6 of this Regulation)
  2. Council Regulation No 1005/2008.  - (Council Regulation (EC) No 1005/2008 of 29 September 2008 establishing a Community system to prevent, deter and eliminate illegal, unreported and unregulated fishing, amending Regulations (EEC) No 2847/93, (EC) No 1936/2001 and (EC) No 601/2004 and repealing Regulations (EC) No 1093/94 and (EC) No 1447/1999)
  3. Fish Catch Data is collected under the EU ERS – with the following legal basis
    • a. Council Regulation (EC) No 1224/2009 of 20 November 2009 establishing a Community control system for ensuring compliance with the rules of the common fisheries policy, in particular Art. 111 (1) and (2).
    • b. Commission Implementing Regulation (EU) No 404/2011 of 8 April 2011 laying down detailed rules for the implementation of Council Regulation (EC) No 1224/2009 establishing a Community control system for ensuring compliance with the rules of the Common Fisheries Policy, in particular Art. 43 (1) and Art. 45 (3).
    In the context of international agreements:
    • for NAFO: the Council Regulation No 538/2008 amending the Regulation 1386/2007 laying down conservation and enforcement measures applicable in the Regulatory Area of the Northwest Atlantic Fisheries Organisation;
    • for NEAFC: the Regulation No 1236/2010 of the European Parliament and the Council laying down a scheme of control and enforcement applicable in the area covered by the Convention on future multilateral cooperation in the North-East Atlantic fisheries.

Legal basis for the collection of Personal Data

Obligation of applicants

The legal obligation is upon the vessel owner and vessel master, to report what fish has been caught, before it is sold on or exported.

The applicant must ensure their personal information is correct before they complete a transaction using the service.

Collection of Personal Data

The collection of personal data is mandated by law i.e. Regulation no. 1010/2009 Annex II, sets out the data to collect including personal data.EU Privacy Statement

In order to record catch, Catch certificates, we need to process some personal data, including;

  • Your name
  • Your address
  • Your email
  • Vessels you own
  • Your catch

Where required by law, data may be published on UK Government or EU websites.

Your personal information will be processed securely using appropriate technical and organisational measures.

More information about the MMO can be found at

Legal bases for processing include:

Who your data may be shared with

Personal data may be made available to public and local authorities and other public bodies in the UK and EU to meet legal requirements in pursuance of public tasks.

We may have to release information (including personal data and commercial information) under the following legislation:

  • General Data Protection Regulation (GDPR)
  • UK Data Protection Act 2018
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004

We will not allow any unwarranted breach of confidentiality and we will not act in contravention of our obligations under UK data protection legislation.

How long we will keep your data for

All information within Defra is held in accordance with our retention policy and in alignment with EU Data Privacy statement provisions laid out in

In specific circumstances information may be held for longer periods. Examples include:

  • audit activity complaint
  • if it sets a precedent
  • scientific or historical research purposes

What will happen if I don’t provide the data?

For statutory and public interest purposes it is necessary to provide data as stated in the relevant legislation.

Will my data be used for automated decision-making or profiling?

The information you provide is not connected with individual decision making, in other words making a decision solely by automated means without any human involvement.

Will my data be transferred outside of the UK or EEA? If it is, how will it be protected?

The data you provide will not be transferred outside of the UK or EEA. On rare occasions, when it is lawful and complementary to our work carried out in the public interest, i.e. enforcement, verification of documentation outside (UK or EEA), research data may be transferred securely outside of the EEA.

Your rights

A list of your rights under the General Data Protection Regulation, and the Data Protection Act 2018 (DPA 2018), is accessible at:

Please consult the MMO Personal Information Charter for a full description of how your rights are upheld and made accessible by the Agency.

How do I complain?

You have the right to lodge a complaint with the ICO (supervisory authority) at any time. Should you wish to exercise that right full details are available at: