Government Security Profession (GSP) Smart Survey Privacy Notice
Published 11 August 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/government-security-profession-gsp-smart-survey-privacy-notice/government-security-profession-gsp-smart-survey-privacy-notice
Privacy Notice for Security Profession Surveys
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Your Data
Purpose
The purpose(s) for which we are processing your personal data is to collect user feedback on security learning initiatives and products to help evaluate the success, impact and progress of those initiatives and products in order to improve our services, as well as helping us to plan and prioritise for future work by engaging with stakeholders at the department and individual level
The data
We may process the following personal data:
All of our surveys will be anonymous, therefore it will not be possible to attribute feedback to any individual, unless an individual opts to email the Government Security Professions to discuss their feedback. In this case, non- anonymised information will never be shared or published beyond the small survey administrator team.
Legal basis of processing
The legal basis for processing your personal data is that the data subject consents.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The legal basis for processing sensitive personal data is that the data subject freely and explicitly gives their consent.
Recipients
Your personal data may be shared by us with our learning platform provider As your personal data will be stored on our IT infrastructure it will also be
shared with our data processors who provide email, and document management and storage services.
Retention
Your personal data will be kept by us for up to five years
Your Rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to withdraw consent to the processing of your personal data at any time.
You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
International Transfers
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or reliance on Standard Contractual Clauses.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact Details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall, London
SW1A 2AS
Public Enquiries: Online Contact Form
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk