Guidance

Diversity Internship Programmes privacy notice

Updated 26 June 2018

© Crown copyright 2018

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/diversity-internship-programmes-privacy-notice/diversity-internship-programmes-privacy-notice

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Your data

The data

We will process the following personal data:

  • name, address, email address
  • telephone number
  • date of birth
  • diversity information (disability, ethnicity, sexual orientation)
  • National Insurance number
  • security vetting information (pre employment checks including pre-disclosed information about criminal convictions and offences)
  • bank account (to enable repayment of expenses)
  • travel bookings and expense claims

Purpose

The purpose(s) for which we are processing your personal data is:

To record, track and respond to correspondence from pre-registered individuals who apply for the Early Diversity Internship Programme (EDIP) and Summer Diversity Internship Programme (SDIP) internships;

Operation of the EDIP/SDIP internships programme, including matching individuals to civil service internships. We use this information internally to contact individuals who have indicated that they want to become ambassadors for and participants in future promotional campaigns;

Supplying information to other government departments including: for security clearance purposes and information about the matching of EDIP /SDIP applicants to appropriate civil service internships;

To monitor the effectiveness of the EDIP / SDIP enrolment programmes.

The legal basis for processing your personal data is as follows.

It is necessary for the performance of a contract to which the data subject is a party i.e the requirement to submit application forms and data for internships.

It is necessary in order to take steps at the data subject’s request prior to entering into a contract including application for internships and preemployment checks.

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice, i.e to operate and manage the EDIP / SDIP internship programmes.

If sensitive (special category) personal data is processed

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The legal basis for processing your sensitive personal data is as follows.

It is necessary for the purposes of performing or exercising our obligations or rights as the controller, or the data subject’s obligations or rights, under employment law, social security law or the law relating to social protection.

This relates to public sector equality duty obligations in the employment context and this data includes details relevant to facilitate individuals who require specific workplace adjustments on the grounds of personal health conditions, impairment or disabilities.

Processing is of a specific category of personal data and it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified (in paragraph 7(2) of Part 2 of Schedule 1 to the Data Protection Act 2018) in relation to that category with a view to enabling such equality to be promoted or maintained; and it is not carried out for the purposes of measures or decisions with respect to a particular data subject; and the data subject has not declined consent; and the data subject has not given notice that they do not wish their data to be processed for these purposes; and the processing is not likely to cause substantial damage or substantial distress to an individual. This relates to our processing of personal data relating to race, ethnicity, disability, sexuality and religious faith.

It is necessary for archiving purposes, scientific or historical research purposes or statistical purposes, and it is in the public interest e.g. analysis of applications and internship outcomes. It is also necessary to monitor the effectiveness of the schemes and measure against the wider objectives of increasing Civil Service diversity in ensuring that our selection and recruitment practices are fair.

If criminal convictions personal data is processed

The processing by us of personal data relating to criminal convictions and offences or related security measures is not carried out under official authority, but is authorised under law because it meets one of the following conditions.

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice.

Processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice. Specifically this includes ensuring the individual’s right to work in the UK if they are not a British national and also their eligibility for any appropriate security clearance.

Recipients

Your personal data will be shared by us with:

  • Cabinet Office staff: authorised staff within the Cabinet Office Assessment & Diversity team
  • external stakeholders: data is shared with other civil service departments which have made bids to take on an intern

As your personal data will be held on our IT infrastructure, it will also be shared with our data processors who provide email, and document management and storage services to us.

Retention

Your personal data is held for 2 years and where security information has been processed, this is held for less than one month before it is transferred to the appropriate interns’ department.

Data relating to any travel booking arrangements and any associated expenses repayments will be retained for 3 years for internal audit requirements.

All staff are trained to handle personal data, it is given appropriate controlled access and is stored securely with restricted access.

Where personal data have not been obtained from the data subject (if applicable)

As part of the necessary pre-employment security form checks we also exchange data with a third party support service who conduct pre-employment checks that include details of any disclosed criminal convictions and offences.

The data held by the third party support service is kept securely as specified in their contract and destroyed securely when no longer needed.

All mentioned third parties are currently under contract with the Civil Service and are legally bound to process the data in line with the data protection regulations.

Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice:

You have the right to object to the processing of your personal data.

Where the processing is based on consent, or where it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the data subject’s request prior to entering into a contract:

You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.

International transfers (if applicable)

As your personal data is stored on our IT infrastructure, and shared with our data processors Google and AODocs, it may be transferred and stored securely outside the European Economic Area. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

Public Enquiries: Online Contact Form

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk

Back to top