Independent review of the UKSA: Privacy Notice (HTML)
Updated 12 March 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/independent-review-of-the-uk-statistics-authority-uksa-2023/independent-review-of-the-uksa-privacy-notice-html
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Your data
Purpose
The purpose(s) for which we are processing your personal data is generally to obtain the opinions of members of the public, parliamentarians and representatives of organisations and companies on an issue of public interest.
More specifically it will be used to:
- Contact and work with stakeholders and members of the public who have provided written evidence for the review.
- Contextualise the evidence submitted by providing information that gives the data more meaning.
- Provide credibility and accountability for the review by showing that its findings are based on evidence provided by credible sources.
The data
We will process the following personal data:
- Full name
- Job title
- Occupation/ Organisation
- Email address (may contain name/ identifiable information)
- Personal contact number
- As well as opinions.
We will not be requesting sensitive personal data as part of this process. ‘Sensitive personal data’ is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. You are therefore requested not to provide this data.
Any sensitive personal data provided by individuals, organisations or representatives or organisations (despite it not being requested) will be deleted before data is stored.
Legal basis of processing
The legal basis for processing your personal data is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is departmental functions related activities.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The legal basis for processing your sensitive data is that it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. The function is consulting on departmental policies or proposals, or obtaining opinion data, in order to develop good effective policies.
Recipients
Where individuals submit responses, we may publish their responses, but we will not publicly identify them. We will remove any information that may lead to individuals being identified.
Responses submitted by organisations or representatives of organisations may be published in full. This would mean your personal data would be made public.
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
Retention
Personal data submitted by organisations or representatives of organisations will be kept by us in an identifiable format for three calendar years from the date of collection.
Personal data submitted by individuals will be kept by us in an identifiable format for 12 calendar months from the date of collection.
All data will be considered for deletion three calendar years from the date of collection.
Any sensitive personal data provided by individuals, organisations or representatives or organisations (despite it not being requested) will be deleted before data is stored.
Your rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to object to the processing of your personal data.
You have the right to withdraw consent to the processing of your personal data at any time.
You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and
machine-readable format.
International transfers
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or reliance on Standard Contractual Clauses.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall
London
SW1A 2AS
or 0207 276 1234, or you can use this webform.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.