Guidance

Privacy policy for the Government Commercial College

Updated 14 December 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-policy-for-the-government-commercial-college/privacy-policy-for-the-government-commercial-college

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

Your data

Purpose

The purposes for which we are processing your personal data is are: 

  • to create and manage user accounts for the Government Commercial College platform (GCC) 
  • to record data on individuals who are taking part in a recruitment campaign for entry to the Government Commercial Organisation or for other public sector bodies
  • to engage, train and assess individuals 
  • to provide opportunities for learning and achieving accreditation
  • aggregated data will also be analysed internally to identify trends, the results of which will be used to continuously improve our programmes 
  • to contact individuals about relevant training, accreditation, general notices, networking events and to assist with continuous professional development
  • to pass data to third party providers who may offer you services, if you consent. It may be beneficial to share your name and email with other third party providers to adhere to continuous professional development  and continuous commercial improvement commitments. 
  • to monitor and ensure the GCC is technically secure. This includes using web analytics to understand how our platform is used. 
  • to monitor equality and opportunity of users 

The data

We will process the following personal data: 

Personal data collected will include:

  • First name and surname
  • Email address
  • IP address
  • Login information
  • Browser type
  • URL you have come from
  • URL you go to next
  • Employer name
  • Gender 
  • Age Range 
  • Accreditation status
  • Grade/job title
  • Geographical location and time zone
  • Socio-economic information
  • Phone number 
  • User picture (where added to profile voluntarily)
  • Line manager name
  • Line manager email address 
  • National Identity 
  • web analytics data

Sensitive personal data will also be collected as outlined below.

  • Ethnic Origin 
  • Sexual Orientation 
  • Disability 
  • Religious belief 
  • Reasonable adjustments

The legal basis for processing your personal data is: 

For profile pictures uploaded voluntarily: 

  • because you consent 

For passing your name and email address and grade to third parties who offer commercial services: 

  • because you consent 

For non-essential web analytics: 

  • because you consent 

For all other processing: 

  • Public Task - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is the Civil Service Board’s mandate to provide learning and/or assessment for the purpose of increasing commercial capability across the public sector.

Sensitive (special category) personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 

The legal basis for processing your sensitive personal data is: 

  • processing of data concerning ethnicity, religious or philosophical belief, health including disability or sexual orientation, is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with a view to enabling such equality to be promoted or maintained.

  • It is necessary for the purposes of performing or exercising our obligations or rights as the controller, or your obligations or rights, under employment law, social security law or the law relating to social protection (making reasonable adjustments to comply with the Equality Act 2010)

Recipients

Your personal data will be shared by us with:

  • Government Commercial Function staff responsible for the delivery and management of learning and assessment activities,
  • Think Associates Ltd, the host and supplier of the Government Commercial College platform,
  • Learning Delivery Partner via Civil Service Learning Framework, KPMG 2020-2024, and Selected Third Party Assessors (only name, contact information and reasonable adjustments will be shared),
  • Your employer (nominated single point of contact within your employing organisation).
  • Your line manager.
  • Affiliated Central Departments and Parent Organisations if applicable under Public Task

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services. 

Retention 

Your personal data will be kept by us for up to 7 years from the last time you access your account and only if there are learning records attached - data will be destroyed after 2 years if there are no learning records.

It is necessary to retain personal data during your employment in the Civil Service or wider public sector. The training offered and accreditation achieved have external recognition that you may wish to access throughout your career and continued professional development.

All individuals attempting accreditation will access material that they should not access again if they were to attempt accreditation for a second time. For validity of assessment it is essential historic learning and assessment records are kept to prevent an individual from being assessed using the same material.

Where personal data have not been obtained from you

In some circumstances, your personal data (name and email address only) is obtained by us from your employer. Any further personal data would be provided by you.

In some circumstances, a recruiter may provide your personal data as part of your recruitment process.

In some circumstances, where you are a line manager of someone engaging with learning and/or assessment, your name and email address will be provided by your direct report.

Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data. 

You have the right to request that any inaccuracies in your personal data are rectified without delay. 

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement. 

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed. 

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted. 

You have the right to object to the processing of your personal data, in addition to where it is processed for direct marketing purposes. 

International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or reliance on Standard Contractual Clauses.

Any other personal data shared outside the UK would be data shared with employers of which their single point of contact may be on government devices overseas (typically FCDO, DIT, MOD).

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.  The Information Commissioner can be contacted at: 

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

or 0303 123 1113, or icocasework@ico.org.uk.  Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts. 

Contact details

The Cabinet Office and your employing department or organisation are joint data controllers. The contact details for the data controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

or 0207 276 1234, or use this webform.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

What are cookies

Cookies are small unique text files stored on your computer or device while you’re visiting a website. Cookies help make websites work. They also provide us with information about how users interact with our site.

Some cookies remain on your device only for as long as you keep your browser active (session cookies) and others remain for a longer period (persistent). Cookies may be placed by us when you visit our website, or by third parties.

Why we use cookies

We use cookies on our site to:

  • provide necessary functionality
  • understand how users navigate around our site
  • try to improve your experience on our site (including remembering settings you have chosen previously)

Some of the cookies we set are needed to make our site work (necessary cookies). If you’re unhappy with these you may be able to disable them using your browser settings but our site may not work correctly.

When you first visit our site, you’ll see a cookie controller in the lower-right of the screen which gives you the option to accept or reject analytical cookies. A consent cookie will be placed on your browser to remember your choice.

Cookies on site

Below is a list of cookies set on the Government Commercial College website, along with a brief description of what each is used for.

Cookie name Purpose Duration Category
CookieControl This cookie is set to remember the user’s preferences about cookies. 3 months Necessary
TotaraSession This tracks users between requests (for example, when moving between pages to keep the user logged in). The website will not function if this cookie is blocked. Individual session Necessary, Session Cookie
ai_user This cookie is set if the user ticks “remember username” on the login page. It’s used to store the username on the user’s computer, and then auto-fill the username on return visits to the login page. 1 year User-controlled optional
_pk_id This cookie is used to help website owners track visitor behaviour and measure site performance. It is used to store a few details about the user such as the unique visitor ID 1 year and 1 month Analytical
_pk_ses, _pk_cvar, _pk_hsr These cookies are used to help website owners track visitor behaviour and measure site performance. These are short-lived, pattern type cookies, where the prefix _pk_xx is followed by a short series of numbers and letters 30 minutes Analytical
_pk_ref This cookie is used to store from which URL (referrer) a user arrived. 6 months Analytical
Back to top