College for National Security Privacy Notice
Published 20 May 2025
© Crown copyright 2025
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/college-for-national-security-privacy-notice/college-for-national-security-privacy-notice
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Your data
Purpose
We will use personal data in the College for National Security for four ongoing purposes.
For the Administration of learning courses, workshops and events
This will include:
- registering students to attend learning
- sending out joining details
- understanding accessibility and reasonable adjustments needs.
- ensure participants have appropriate grade/experience/s security classification for level of course
- record student learning journeys
- record teacher/facilitator involvement
Monitoring and Evaluation to ensure we are attracting a diverse range of students, and abiding by Government policy on Diversity and Inclusion, and legal requirements in the disability and equality acts
This will include:
- Aggregated anonymised data derived from personally identifiable data will be analysed to assess our diversity and inclusion statistics in order to ensure equality of opportunity/access.
- Aggregated anonymised data derived from personally identifiable data will be analysed to assess CfNS performance, and develop more effective learning courses and products. Including ensuring we avoid bias, accessibility blocks e.g. according to disability, location, ethnicity
- Aggregated anonymised data derived from personally identifiable data will be used to track trends and provide analysis to update our board, Ministers and stakeholders as appropriate to demonstrate against our objectives, our impact and results.
- Qualitative data will be analysed to improve CfNS learning products and processes.
CfNS outgoing comms and surveys
- Email addresses provided as a sign up for newsletter and surveys will be used to send out updates/news on CfNS
Volunteering for Pilot Course Feedback
- Initially as part of the piloting of new courses only, we may check your protected characteristics to ensure courses are tested on a diverse group of participants. This will ensure the broadest possible suitability of the courses reflective of the diverse nature of the National Security community.
The data
We will process the following personal data:
- Name
- Security Clearance
- Location
- Work phone number
For the process of attending certain in-person events we may process:
- Disability
- Allergy details
- Nationality
Legal basis of processing
The legal basis for processing your personal data is:
Non-sensitive data for administration (including Security clearance)
Article 6 Performance of a task carried out in the public interest (The provision of authorised training across Government to support National Security).
Monitoring & Evaluation (Special Category Diversity Data)
Article 6 Performance of a task carried out in the public interest (Equalities Act - Public sector equality duty)
Article 9 Substantial Public Interest (Equality of opportunity or treatment, para 8, schedule 1, Data Protection Act 2018)
Accessibility and reasonable adjustments needs.(Special Category Health Data)
Article 6 Legal Obligation (Equalities Act and Health and Safety at Work Act) Article 9 Employment, Social Security and social protection law (para 1, schedule 1, Data Protection Act 2018)
Newsletters and Surveys
Article 6 Data Subject Consent
Recipients
Your personal data will be shared by us with our survey platform provider. Who is acting as a data processor.
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
Your data will be shared by us with OGD partners if required for the facilitation of events where it is needed for classification (e.g. to book you as a visitor within governmental estate).
Retention
Your personal data used for:
Non-sensitive data for College administration (including Security clearance) will be retained for a period of 3 years at which point individuals will be contacted to confirm their data remain accurate and that it is relevant to retain. Otherwise it will be deleted.
Monitoring & Evaluation (Special Category Diversity Data) will be retained for a period of 3 years at which point individuals will be contacted to confirm their data remain accurate and that it is relevant to retain. Otherwise it will be deleted.
Accessibility and Reasonable adjustments needs (Special Category Health Data) will be retained for the period required for you to attend the event. Once the event is delivered it will be deleted.
Nationality data will only be collected if required for security clearance reasons, for example to enter classified estate. Individuals’ data will be retained for the period required for you to attend the event. Once delivered it will be deleted.
Your rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data.
Where data is processed under Consent, you have the right to withdraw consent to the processing of your personal data at any time.
Where data is processed under Consent,you have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
International transfers
As your personal data is stored on our Corporate IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
or 0303 123 1113, or icocasework@ico.org.uk.
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall
London
SW1A 2AS
or 0207 276 1234, or you can use this webform.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.