Guidance

Places of Worship Protective Security Funding Scheme and Protective Security for Mosques Scheme: privacy information notice

Updated 10 May 2024

Introduction

This document outlines how and why we use the information you provide in your application/registration to the Home Office’s protective security schemes for faith communities (including the Places of Worship Protective Security Scheme, the Protective Security for Mosques Scheme, and protective security for Muslim faith schools) and how it will be looked after.

Your personal information, supplied for the purposes of this application/registration, will be held and processed by the:

Home Office
2 Marsham Street
London
SW1P 4DF

The Home Office is the controller of this information.

Details of the Department’s Data Protection Officer can be found in the Home Office personal information charter and the bottom of this privacy information notice.

How and why the Department uses your information 

The Home Office collects, processes, and shares personal information to enable it to carry out its statutory and other functions.

The Home Office is only allowed to process your data where there is a lawful basis for doing so. The processing of this information is necessary for the Home Office to undertake a public task as defined under Article 6(1)(e) of the General Data Protection Regulation (UK GDPR) i.e. the processing is necessary for the Home Office to perform a task in the public interest or for its official functions, and the task or function has a clear basis in law. Here, applicant/registrant data is processed for the purpose of delivering the public task of protecting the public through the activities conducted as part of the Home Office’s protective security schemes.

The aims of this data collection are:

  • to gather personal data relating to the person making the application/registration, for the purposes of contacting them in relation to their application/registration, progressing the provision of protective security measures (where relevant), and providing further information or advice about security matters and initiatives
  • to gather information regarding the place of worship, associated faith community centre or faith school, for the purposes of considering their application/registration
  • to gather useful data on the scale and complexity of protecting faith sites and their visitors/staff/users, as well as faith-related hate crime and security issues more generally

The processing of this information is necessary for the Home Office to deliver the task of protecting the public through activities conducted as part of its protective security schemes.

The Home Office, Esotec Limited and Mitie Security Limited will not share or store data outside of the UK. All data processing under the schemes will take place within the UK.

Processing your individual application/registration

The personal data provided on the application/registration form will be used by the Home Office to conduct due diligence checks. The Home Office has appointed Esotec Limited to install physical protective security measures at places of worship and associated faith community centres, and Mitie Security Limited to provide security officer services at mosques, associated Muslim community centres and Muslim faith schools. The Home Office will share personal data with these partners, depending on the protective security measures requested.

Depending on the location of applicants/registrants, personal data may also be shared with the following relevant partners:

  • Relevant local police forces, including Designing Out Crime Officers (DOCO)
  • Relevant devolved administrations (the Welsh Government, the Scottish Government, or the Northern Ireland Executive)
  • Relevant charity regulators (the Charity Commission for England and Wales, the Scottish Charity Regulator or the Charity Commission for Northern Ireland)

Your data will only be shared with these partners to enable the Home Office to perform the task of protecting the public through the activities conducted as part of the schemes. The following table highlights all data sharing arrangements under these schemes.

Processor/Controller Purpose Data shared
Relevant local police forces (Processor) To help DOCOs better understand hate crimes or incidents that have been experienced at applicant/registrant sites. This additional information will support DOCOs in recommending which protective security measures should be installed. All information provided on the application/registration form.
Relevant devolved administrations (Processor) To inform devolved administrations of relevant sites that have applied/registered and/or received protective security measures so that alternative risk mitigations may be offered to unsuccessful applicant/registrant sites. Site details and contact details provided on the application/registration form.
Relevant charity regulators (Processor) To enable the relevant charity regulators to conduct due diligence checks on applicant/registrant sites. Site details and contact details provided on the application/registration form.

Should the Home Office suspect an individual or an organisation of improper use of the protective security schemes, including the application/registration process, your personal data may be shared with the relevant charity regulators and law enforcement organisations. This personal data will be limited to the site details and contact details provided on the application/registration form and the reasons why an improper use of the schemes is suspected.

The personal data provided will also be used by the Home Office to send communications to you that are related specifically to your application/registration and (in the case of successful applicants/registrants) arrangements for the delivery of agreed protective security measures. 

The Home Office may share your information with other organisations in the course of carrying out its functions, or to enable others to perform theirs. Your personal data will not be processed using automated decision-making technology or for the purposes of profiling. You are not under a statutory or contractual obligation to provide your data to the Home Office. However, if you do not share this information, we cannot process your application/registration any further.

More information about the ways in which the Home Office may use your personal information, including the purposes for which we use it, the legal basis, and who your information may be shared with can be found in the Home Office personal information charter.

Disclosure Notice

In the course of these schemes where information is provided that relates to activity outside the improper use of funding, such as criminal acts, it is unlikely that identifiable information would be used to action any disclosure of threat, crime or harm. Should the Home Office, Esotec Limited or Mitie Security Limited suspect an individual or an organisation of using the schemes to warn of a threat to life, we will share this information with the relevant local police forces or other law enforcement organisations. Should an individual or organisation use the application/registration process of the schemes to disclose a past crime, this information will not be passed to the police.

Responses received into the email inbox will not be routinely monitored, and information will not be shared in real time. Emergencies or threats to life should be reported to 999. All criminal activities should be passed to local police or individuals should dial 999 in an emergency. If participants contact the Home Office directly with a disclosure, our normal disclosure processes will be followed. 

Storing your information 

Your personal information will be held for seven years by the Home Office for the purpose for which it is being processed and in line with departmental retention policy. More details of this policy.

Requesting access to your personal data  

You have the right to request access to the personal information the Home Office holds about you. Details of how to make the request can be found in the Home Office personal information charter.

To access your personal data, please email us at info.access@homeoffice.gov.uk.

Or write to: 

Information Rights Team 
Home Office 
Lower Ground Floor
Seacole Building 
2 Marsham Street 
London 

Other rights 

In certain circumstances you have the right to object to and restrict the use of your personal information, or to ask to have your data deleted, or corrected. 

Freedom of Information

Data subjects (applicants/registrants or those otherwise named in applications/registrations) will have the right of access to their personal data under the Data Protection Act 2018 and the General Data Protection Regulations.

Your personal information provided in the application/registration, including information relating to the named contact, and to the place of worship or associated faith community centre, will not be published or disclosed in accordance with the access to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR).

Questions or concerns about personal data

If you have any questions, concern or complaint about the collection, use or disclosure of your personal information please contact the Home Office via the contact details found in below.

This privacy notice has been created to be understandable and concise. If you would like more information the Home Office has a data protection officer who can be contacted by:

Email: dpo@homeoffice.gov.uk Telephone: 020 7035 6999

Or write to: 

Office of the DPO 
Home Office 
Peel Building 
2 Marsham Street 
London 
SW1P 4DF 

You have the right to complain to the Information Commissioner’s Office about the way the Home Office is handling your personal information.

Telephone: 08456 30 60 60 or 01625 54 57 45. Fax: 01625 524510

Or write to: 

Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

You can also visit the Information Commissioner’s Office website.