Guidance

Privacy notice Freedom of Information requests and Subject Access requests

Updated 6 June 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/intellectual-property-office-privacy-notices/privacy-notice-freedom-of-information-requests-and-subject-access-requests

This privacy notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

The Data Protection Officer for the IPO can be contacted using the contact details below:

Your data

Purpose

The purposes for which we are processing your personal data are to:

  • record and respond to freedom of information requests and data subject requests received by the IPO
  • provide cross-government advice, support and co-ordination in responding to freedom of information requests

The data

We will process the following personal data:

  • your name
  • address
  • email address
  • your request

We may also process other personal information if you volunteer it.

In responding to subject access request, we may process any data on you held by the IPO.

In relation to responding to freedom of information and data subject requests, the legal basis for processing your personal data is that it is necessary to comply with a legal obligation placed on us as the data controller.

In relation to providing cross-government advice, support and co-ordination in responding to freedom of information requests, the legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case the task is providing advice, support and co-ordination in responding to freedom of information requests.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Although we do not collect any sensitive personal data, we may process this in responding to a subject access request. We may also process data about criminal convictions in responding to a subject access request.

The legal basis for processing your sensitive personal data, or data about criminal convictions, is that processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. The function is meeting our legal obligations to answer subject access requests.

Recipients

In relation to freedom of information requests, your data may be shared with other government departments and public bodies. This is in order that we can provide cross-government advice, support and co-ordination in responding to freedom of information requests.

Retention

Your personal data will be kept by us for up to five years since your last contact with us.

Copies of identity verification documents will be destroyed after we have verified your identity.

Where personal data have not been obtained from you

Your personal data were obtained by us from another government department or public body to whom you made a freedom of information request.

Your rights

You have the right to:

  • request information about how data are processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data are rectified without delay
  • request that any incomplete personal data are completed, including by means of a supplementary statement
  • request that your personal data are erased if there is no longer a justification for them to be processed
  • in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
  • object to the processing of your personal data where it is processed for direct marketing purposes
  • object to the processing of your personal data

International transfers

As your personal data is shared with other government departments and public bodies it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 E-mail: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is Business Energy and Industrial Strategy (BEIS). The contact details are:

DSIT Data Protection Officer
Department for Science, Innovation and Technology
1 Victoria Street
London
SW1H 0ET

Email: dataprotection@energysecurity.gov.uk

The Data Protection Officer provides independent advice and monitoring of Intellectual Property Office use of personal information.

Back to top