FOI and EIR requests privacy notice
Published 15 May 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/foi-and-eir-requests-privacy-notice/foi-and-eir-requests-privacy-notice
The Department for Business and Trade (DBT) is committed to protecting the privacy and security of your personal data. This privacy notice describes how we collect and use personal data in accordance with data protection legislation - the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What personal data we collect
We collect, store and use certain categories of personal information about you, such as:
- your name
- email address
- your request
We may also process other personal data if you volunteer it. For example, if you provided an address requiring a response to be issued via post, or if your request includes an email signature.
All personal data is handled under the government security handling for official data and non-personal data may be retained according to the Public Records Act 1958.
2. Why we need your personal data
The personal data you provide will be processed by DBT in order to fulfil our regulatory duties to record, process and respond to:
- freedom of information requests and internal reviews we receive
- environmental information regulations requests and internal reviews we receive
3. Our legal basis for processing your personal data
The legal basis for processing your personal data is that it is necessary:
- to comply with the legal obligation placed on us as the data controller. We are required to record, process and respond to freedom of information and environmental information regulations requests and reviews that are submitted to us
- to perform a task in the public interest. It is in the public interest for us to process your personal data in order to administer requests for information
4. How we share your personal data
The personal data we collect will be shared with the following organisations for the purpose of recording, processing and responding to requests and internal reviews:
- Department for Business and Trade: this can include individuals within teams and directorates across the department
- E-case: the supplier of case management software we use to manage and monitor requests
- Microsoft: our email provider
It may be necessary to share your personal data we have collected with the following for the purpose of processing and responding to freedom of information requests and internal reviews:
- Information Commissioner’s Office (ICO)
- other UK government departments
In addition, an aggregated analysis of personal data collected may be shared with the Information Commissioner’s Office (ICO) the Government Internal Audit Agency (GIAA), and the National Audit Office (NAO) for audit purposes.
We will also share your personal data if we are required to do so by law or regulation. For example, by court order or to prevent fraud or other crime.
We will not:
- sell or rent your personal data to third parties
- share your personal data with third parties not detailed in this notice unless legally obliged to do so
5. How long we keep your personal data
We will only retain your personal data for as long as it is required to fulfil the purposes outlined in this notice (the legal basis for processing your personal data and the sharing of your personal data.)
6. How we protect your personal data and keep it secure
We are committed to doing all that we can to keep your personal data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your personal data - for example, we protect your personal data using password protection and limiting staff access to specifically ‘security cleared’ individuals.
We also ensure any third parties we deal with keep all personal data they process on our behalf secure and in line with data protection legislation.
7. Your data subject rights and access to your personal data
You have the right to contact the department and exercise your data subject rights.
Data Protection Officer
Department for Business and Trade
Old Admiralty Building
Admiralty Place
London
SW1A 2DY
8. Contacting the Information Commissioner’s Office
You can also make a complaint to the Information Commissioner, who is an independent regulator.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Monday to Friday 9am to 4:30pm
9. Changes to this privacy notice
We reserve the right to update this privacy notice at any time and we will provide you with a new privacy notice if we make any substantial updates.
DBT is registered as a data controller under the UK GDPR and Data Protection Act 2018.