Guidance

Civil Service Learning privacy notice

Updated 2 December 2022

This notice sets out how we use your personal data, and your rights. It is made under Article 13 of the General Data Protection Regulation (GDPR).

1. Your data

1.1 The data

We process the following personal data:

  • your personal contact details, for example, name, telephone number and email address
  • your manager’s personal contact details, for example, name and email address
  • your role assignment details, for example, grade, organisation, job role, location, qualifications, employment type, working pattern, profession and staff number
  • details relating to your use of the service, for example, the learning you’ve taken
  • your user feedback, for example, evaluation feedback that you’ve provided and survey responses
  • your personal information, for example, health (such as dietary requirements)

1.2 Purpose

We process your personal data to provide a platform for mandatory and optional learning services, and to tailor our learning products to you. This includes communicating with you about learning opportunities, tracking and responding to bookings, monitoring participation rates, providing management information to employer departments, functions and profession teams.

We process data so that learning activities can be provided to you, whether face to face or online.

We process your data to develop and improve our service, for example, through your feedback.

We process your diversity data for making reasonable adjustments to ensure that you are able to take part in learning opportunities.

The legal basis for processing your data is that it is necessary for the performance of a task, which is carried out in the public interest or in the exercise of official authority vested in the controller. In this case that is our function to provide the Civil Service with access to learning and development opportunities.

We process your data on the legal basis that it is necessary, as part of your contract of employment, for us to provide you with access to learning and development opportunities.

We process your data so that we can monitor your personal development and manage your performance as part of your employment contract.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The legal basis for processing your sensitive personal data relating to disability and dietary requirements is it is necessary for the purposes of performing or exercising our obligations or rights as the controller, or the data subject’s obligations or rights, under employment law, social security law or the law relating to social protection, that is, public sector equality duty.

The legal basis for processing your sensitive personal data relating to diversity characteristics is it relates to personal data which are manifestly made public by you, such as reasonable adjustments, that we require in order to ensure that you are able to take part in learning opportunities.

1.4 Recipients

Personal data may be shared by the Cabinet Office with your department or function and with Civil Service profession teams.

Your personal data will be stored on our IT infrastructure and will be shared with our data processors, these are:

  • our IT providers who provide:
    • email, document management and storage services
    • survey services
    • booking services
    • mailing list management services
  • our learning suppliers KPMG, EY, Korn Ferry Group and Knowledgepool, who provide us with learning products, coaching and services
  • our Apprenticeship Programme suppliers KPMG, Knowledgepool, Premier Partners, QA, BC Arch, Babington Business College, and CIPFA
  • our IT providers and KPMG and EY, who provide support services
  • our IT providers, KPMG, EY, Korn Ferry, Knowledgepool and client departments, who provide booking services
  • our IT providers, KPMG, EY, Korn Ferry, Knowledgepool, Premier Partners, QA, BC Arch, Babington Business College, and CIPFA, who provide evaluation services
  • our IT providers and our learning providers, KPMG, EY, Korn Ferry , Knowledgepool, Premier Partners, QA, BC Arch, Babington Business College, and CIPFA, who provide management information reporting services

1.5 Retention

Management information (including learning activities, bookings, etc ) will be retained by the Cabinet Office for no more than 4 years. Data may be retained by your department for the purposes of reporting beyond this period. Your personal data will be shared by us with our 3rd-party suppliers, who will retain your data for the duration of our contract with them or according to the timescales provided above, whichever is sooner.

2. Your rights

You have the right to:

  • request information about how your personal data is processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data are rectified without delay
  • request that any incomplete personal data is completed, including by means of a supplementary statement
  • request that your personal data is erased if there is no longer a justification for it to be processed
  • in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
  • object to the processing of your personal data where it is processed for direct marketing purposes
  • request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format
  • object to the processing of your personal data

3. International transfers

Your personal data is stored on our IT infrastructure, and shared with our data processors, who provide email, document management and storage services to us. Your data may be held in the UK or in jurisdictions which have been granted data adequacy standards by the UK Government. Where that is the case it will be subject to equivalent legal protection through the use of model contract clauses.

Your data will be shared with our IT suppliers who provide mailing list management and event booking services. Your data may be held in the UK or in jurisdictions which have been granted data adequacy standards by the UK Government. Where that is the case it will be subject to equivalent legal protection through the use of model contract clauses.

4. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113

Email: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

5. Contact details

The data controller for your data will vary depending on the data being collected:

  • the data controller for your profile, email services, evaluations, feedback, coaching and mentoring is the Cabinet Office
  • the Cabinet Office and the department that employs you are joint data controllers for your learning record, learning and development plans, bookings and management information

The contact details for the lead data controller are:

Campus and Curriculum Delivery Team, Government Skills and Curriculum Unit
Civil Service HR
Cabinet Office
10 S Colonnade
London
E14 4QQ

Email: contact.ccdt@cabinetoffice.gov.uk

Please contact us if you have any queries relating to your rights and how we use your personal data.

The contact details for the lead data controller’s data protection officer are:

Stephen Jones
Data Protection Officer
Cabinet Office
Room 405
70 Whitehall
London
SW1A 2AS

Email: dpo@cabinetoffice.gov.uk

The data protection officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

6. Changes to this privacy policy

If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, we share it with other parties.