Personal information charter

This information charter sets out the standards you can expect when we collect, hold or use your personal information.

We will ensure that we will treat all personal information in accordance with data protection legislation, including the General Data Protection Regulation (GDPR) and Part 3 (law enforcement processing) of the Data Protection Act 2018.

Who we collect data on

The personal information we collect relates to:

  • members of the public
  • those writing on behalf of business or organisations
  • Members of Parliament
  • Peers
  • Members of the European Parliament
  • members of the devolved administrations
  • constituent or third party information
  • individuals which have submitted requests for information under the Freedom of Information Act (the FOI Act), the Environmental Information Regulations (EIRs) and Data Subject Access Requests

What data we collect

For the purposes of the GDPR we will process the information that you include in your correspondence or provide when you telephone us:

  • name
  • address
  • email address
  • telephone number

Where the processing takes place under the provisions of the GDPR, the legal basis for it is that: the processing is necessary for the performance of a task carried out in the public interest, in the exercise of official authority vested in the data controller or to comply with a legal obligation placed on the data controller. Processing carried out for law enforcement purposes will comply with the legal requirements of Part 3 of Data Protection Act 2018.

Special data categories

Where you (the data subject) include in your correspondence some special categories of data it will be necessary for us to process this information.

The legal basis for processing special category data is that: the processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. Processing of special category data carried out for law enforcement purposes will comply with the legal requirements of Part 3 of Data Protection Act 2018.

Purpose for processing data

Personal information is processed for the purpose of completing a public task, to ensure that you receive a response within a set timeframe:

  • Environmental Information Regulations (EIR) requests
  • Data Subject Access Request (DSAR)
  • Freedom of Information (FoI) requests
  • general correspondence and enquiries
  • internal reporting and analysis

Personal information will also be processed for law enforcement purposes, in accordance with Part 3 of the Data Protection Act 2018.

Who we share data with

Your personal data will only be shared with relevant staff in HM Treasury and other organisations for the purposes listed above. External parties include other government departments, agencies, public bodies and devolved administrations.

Personal Information is stored but not actively shared with:

  • Fivium – HM Treasury’s case management service provider for Ecase
  • NTT – HM Treasury’s IT infrastructure service and public enquiry line provider

How long we hold data

In ordinary circumstances, we will retain your data for the periods outlined below, after which time it will be destroyed unless needed to fulfil additional requirements in respect of the public task or legal obligations, for example information needed for inquiries or legal proceedings.

Processing Type Retention Period
EIR requests 3 years
DSAR requests 6 years
FoI requests 3 years
Ministerial correspondence 6 years
Official correspondence and telephone enquiries 3 years

Your rights

You have the right to:

  • request information about how your personal data are processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data are rectified without delay
  • in certain circumstances (for example, where accuracy is contested) request that the processing of your personal data is restricted
  • object to the processing of your personal data where it is processed for direct marketing purposes

Where to submit a data subject access request (DSAR)

If you would like to enact your rights, you can do so by submitting a Data Subject Access Request at:

HM Treasury
Information Rights Unit
1 Horse Guards Road

You can also email


If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane

You can also email and phone on 0303 123 1113.

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.


The data controller for your personal data is HM Treasury. The contact details for the data controller are:

HM Treasury
1 Horse Guards Road

You can also email .

The contact details for the data controller’s Data Protection Officer (DPO) are:

Data Protection Officer
1 Horse Guards Road

You can also email at