Privacy information: Department for Education workforce

Question 1

1.    When we recruit and employ you

Accepted Answer

Purpose and lawful basis for processing

When employing you as a member of staff or as a contractor. The lawful basis we rely on for this processing of your personal data is contract, under article 6(1)(b) of the UK GDPR.

When we use your sensitive information, this is ‘special category’ data. The reasons we use it is because we have a substantial public interest under article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights or article 9(2)(g) - necessary for reasons of substantial public interest.

The additional DPA 2018 processing conditions we rely on are Schedule 1 part 1(1) which relates to processing for employment purposes and Schedule 1, part 2 paragraph 6 – statutory etc and government purposes.

We process information about applicant criminal convictions and offences. The lawful basis we rely on to process this data are article 6(1)(e) of the UK GDPR for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a) of the DPA 2018.

Data collected

DfE collect and use the following personal information:

name
date of birth
employee number
email address
telephone number
National Insurance number
job title or position

When we use your sensitive or ‘special category’ data. We use it because you have given your explicit consent. We may need to collect this information:

details about your gender
details about your heath or disability
details about your racial or ethnic origin

Full details about how we process special category data are given in DfE’s Appropriate policy document.

What we do with your data

We need your personal data to:

make a decision about your recruitment or appointment
determine the terms on which you work for us
check you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role. For Civil Servants, to check eligibility to become and remain a Civil Servant
general administration of the contract we have entered into with you
conduct performance reviews, managing performance and determining performance requirements
make decisions about your continued employment or engagement
make arrangements for the termination of our working relationship, including exit interviews
assessing qualifications for a particular job or task, including decisions about promotions
equal opportunities and diversity monitoring, including compliance with the Public Sector Equality Duty (PSED)
gather evidence and any other steps relating to possible grievance or disciplinary matters and associated hearings
education, training, learning and development requirements, including talent management
attendance management
deal with legal disputes involving you, or other employees, workers, public appointments and contractors, including accidents at work
ascertain your fitness to work, managing sickness absence and policies to support your wellbeing (for example workplace adjustments, occupational health)
record conflicts of interest
liaise with your pension provider, providing information about changes to your employment such as promotions, changing in working hours
analyse to support development of people strategies
share with Cabinet Office to help them manage their oversight of the Senior Civil Service, special advisers and ministers, as owners of the Civil Service code and executive terms and conditions

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for:

2 years for records relating to recruitment
4 years for medical, self certificates and fit notes - unrelated to industrial injury
6 years for records relating to appraisal, staff training, attendance management
until you are aged 100 for records relating to contracts, annual benefit statements and pensions

Your rights

We are relying on contract for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ‘right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to delete your personal information – this is called ‘right to erasure’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
rights in relation to automated decision making and profiling
the right to withdraw consent at any time (where relevant)
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activity:

we use the Korn Ferry Hay Group for our talent management programme

Question 2

2.    Using your data for public appointments

Accepted Answer

This section covers appointments for DfE Board members, Board chairs, Non-executive directors or members of an advisory committee.

This privacy notice is in addition to the Cabinet Office notice that is attached to all vacancies advertised on the Public Appointment website.

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is under article 6(1)(e) of the UK GDPR. This allows us to process personal data when this is necessary to do our work as a government department. The Governance Code on Public Appointments and the Public Appointments Order in Council 2016 allows this processing.

For the processing of your special category data, we will be relying on Article 9(2)(g) which permits the processing of special category data if it is necessary for reasons of substantial public interest. This is lawful under conditions 6 and 9 as set out in paragraphs 6 to 28 of Schedule 1 of the DPA 2018. This processing will enable us to monitor equal opportunities.

Processing relates to personal data which is manifestly made public by the data subject (para 32, schedule 1, Data Protection Act 2018).

The Department carries out due diligence checks (including internet searches) into public social media of individuals who apply for roles to support us in policy making, for example, those applying to be part of the Teacher and Headteacher Reference Groups. Below are non-exhaustive examples of where the DfE may carry out these checks:

speakers for DfE funded or sponsored events and communications activities
actors used in DfE media campaigns and those involved in communications activity, such as influencers
stakeholder commentary on DfE campaigns, policy, news, events and appointments
public appointment processes
briefing requests, where officials provide insight about external affairs engagement with stakeholders and their priorities

Any personal data processed as part of this checks will be stored in line with DfE policies and requirements under UK GDPR on data retention.

Data collected

DfE collect and use the following personal information:

title (if applicable)
first name
surname
address
email address
telephone number
age
residential location
professional background
appointments held
letters of appointment
applications, CVs, and personal statements
disability confident declaration (if applicable)
employment references
if on DfE payroll – National Insurance number and date of birth

Due diligence checks will also be undertaken for applicants shortlisted for interview. Applicants should expect this to include searches for public statements and social media, blogs or any other publicly available information.

We collect and use special category data, this includes details about:

gender
disability status
ethnicity
sexual orientation
religion or belief
political activity

Special category data will be collected via an optional diversity questionnaire. The data will be handled in accordance with the terms set out in the Cabinet Office Public Appointment Privacy Notice.

Full details about how we process special category data are given in the DfE appropriate policy document.

What we do with your data

We receive your personal data through your application and declaration form we will process your data for the purpose of making public appointments in accordance with the Governance Code on Public Appointments. Prior to opening a competition, we may also compile a list of a individuals potentially suited to the role and share this information with the sponsor team, representatives from the organisation to which you have applied, ministers, special advisers, Cabinet Office, and the office of the Prime Minister, 10 Downing Street.

More information about this work is available from the Commissioner for Public Appointments website.

We may provide suggestions to ministers on individuals to approach prior to opening a competition. These suggestions will be based on information held in the public domain.

We may share your data with the Advisory Assessment Panel and Special Advisers for the purpose of assessing your suitability for the role. We may also share your application with the sponsor team and representatives from the organisation to which you have applied who may be involved in a pre-sift and in preparing documents for the panel, officials in Cabinet Office, 10 Downing Street and the appointing minister in relation to the role you have applied for.

Where we need to share your personal data with others, we ensure that this data sharing complies with data protection legislation. For the purpose of this work, we may need to share your personal data with:

the sponsor team and representatives from the organisation to which you have applied
ministers
special advisers
the Office of the Commissioner for Public Appointments
the Cabinet Office
the Prime Minister’s Office, 10 Downing Street

This data sharing is lawful because it is necessary for making public appointments in accordance with the Governance Code on Public Appointments.

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We will only keep your personal data for a maximum of 5 years after the conclusion of the competition unless you are appointed in which case, we will keep the data for the duration of the appointment or reappointment plus 2 years after which point it will be securely destroyed.

Your rights

We are relying on public task for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ’right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. We do not use any data processors for this processing activity.

Question 3

3. Using your data when we pay you

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is legal obligation, under article 6(1)(c) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

name
address
email address
telephone number
job title or position
employee number
bank account details

What we do with your data

We need your personal data to:

pay you and, if you are an employee, deducting tax and National Insurance contributions and reporting this to HMRC
provide employment-related benefits to you including:
occupational sick, adoption, maternity, paternity, shared parental and annual leave and pay
pension
advances of salary
make decisions about performance rewards
pay expense claims
record conflicts of interest
prevent fraud

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for 7 years to meet finance requirements.

Your rights

We are relying on legal obligation for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ’right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activity:

we use My Civil Service Pensions to process information relating to your pension

Question 4

4. Using your data for business management and planning

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is legitimate interest, under article 6(1)(f) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

name
email address
telephone number – personal
job title or position
employee number
your employee IP address
your login records
your line manager details
your location
talent management information
your salary (senior civil servants, special advisers and ministers)

What we do with your data

We need your personal data to:

do business management and planning, including accounting and auditing
comply with health and safety obligations
keep personal contact details for business continuity, e.g. call trees in case of an incident
keep internal trackers and dashboards for business administration, including enquiries, case work, finance, conflict of interest registers, gift and hospitality registers
investigate security or data breaches
monitor hybrid working (occupancy levels)
make decisions about salary reviews and compensation
conduct data analytics studies to review and better understand employee retention and attrition rates
managing DfE boards, including producing minutes
correspondence
managing Honours nominations, see the Cabinet Office privacy information relating to honours nominations for more details
manage the business appointment rule process with the input of ACOBA for Director Generals and above
share information that aligns with a government department’s commitments to transparency, either to Cabinet Office or via publicly available transparency returns

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for

7 years if they are finance trackers
10 years for internal policy records
5 years for other processing

Your rights

We are relying on legitimate interest for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ’right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. We do not use any data processors for this processing activity.

Question 5

5.  Using your data when you use DfE IT equipment or the internet

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is legitimate interest, under article 6(1)(f) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

name
employee number
email address
job title or position
IP address

What we do with your data

We need your personal data to:

to monitor your business and personal use of our information and communication systems to ensure compliance with our IT policies
to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
maintain an active directory, listing what users there are and who’s allowed to do what

We use Google Analytics software to collect information about how you use the intranet and internet. This includes IP addresses. The data is anonymised before being used for analytics processing.

Google Analytics processes anonymised information about:

the pages you visit on the intranet
how long you spend on each intranet page
what you click on while you’re visiting the site

We do not store your personal information through Google Analytics (for example your name) and we take steps to ensure that this information is not used, or combined with other datasets, to identify who you are.

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for

5 years for business operational purposes
26 months for Google analytics data

Your rights

We are relying on legitimate interest for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ’right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activity:

we use Google Analytics cookies and a Real User Monitoring (RUM) cookie from SpeedCurve to collect information about how you use the Internet

Question 6

6.  Using your data when we collect your emergency contact details

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is consent, under article 6(1)(a) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

next of kin or emergency contact details
telephone number

What we do with your data

We need your personal data to:

keep a record of your emergency contact, in case we need to contact them in an emergency

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for 6 years.

Your rights

We are relying on consent for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ‘right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to delete your personal information – this is called ‘right to erasure’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
rights in relation to automated decision making and profiling
the right to withdraw consent at any time (where relevant)
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published. If you change your mind, or you are unhappy with our use of your personal data, please contact us and state the project or initiative name.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activity:

Zendesk for our help desk

Question 7

7. Using your data when you make car hire, travel or hotel bookings

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for this processing of your personal data is legal obligation, under article 6(1)(c) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

name
address
date of birth
employee number
email address
telephone number
job title or position

When we use your sensitive or ‘special category’ data. We use it because you have given your explicit consent. We may need to collect:

details about your gender
details about your heath or disability

What we do with your data

We need your personal data to:

process and pay for your car hire, train, air or hotel booking
check and authorise payments for your bookings

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for 7 years to meet finance requirements.

Your rights

We are relying on legal obligation for this processing, this means you have:

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activities:

CTM North Limited for rail, hotel and air travel bookings
Enterprise Rent-A-Car for car hire bookings

Question 8

8. Using your data when you take part in user research

Accepted Answer

Purpose and lawful basis for processing

The lawful basis we rely on for processing your personal data is consent, under article 6(1)(a) of the UK GDPR.

When we use your sensitive information, this is ‘special category’ data. The reasons we use it because we have explicit consent under article 9(2)(a) of UK GDPR.

Data we collect

We collect and use the following personal information directly from you:

your full name
email address
phone number

When we use your sensitive or ‘special category’ data. The reasons we use it because you have given your ethical consent to take part in the research. As part of our user research we may need to collect information about your:

heath or disability
racial or ethnic origin
gender

Full details about how we process special category data are given in the DfE appropriate policy document and in the research information sheet. You will be given this research information sheet at the start of the research.

What we do with your data

We’ll use your personal information for user research that DfE undertakes to provide high-quality evidence to inform policy development and service delivery.

DfE will anonymise or desensitise the data where possible.

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information until 2 years after the end of the survey or research.

Your rights

We are relying on consent for this processing, this means you have:

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published. If you change your mind, or you are unhappy with our use of your personal data, please contact us and state the project or initiative name.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activities:

DfE may use contractors to work on behalf of DfE to undertake the user research. Our contractors will receive your personal data directly from you during the activity or initiative

Question 9

9.   Using your data when you make an enquiry or complaint

Accepted Answer

Purpose and lawful basis for process

The lawful basis we rely on for this processing of your personal data is consent, under article 6(1)(a) of the UK GDPR.

When we use your sensitive information, this is ‘special category’ data. The reasons we use it because you have given explicit consent under article 9(2)(a) of the UK GDPR.

Data collected

DfE collect and use the following personal information:

name
date of birth
address
employee number
email address
telephone number
job title or position

When we use your sensitive or ‘special category’ data. We use it because you have given your explicit consent. We may need to collect this information as part of our research:

details about your gender
details about your heath or disability
details about your racial or ethnic origin

Full details about how we process special category data are given in DfE’s Appropriate policy document.

What we do with your data

We need your personal data:

to deal with Freedom of Information Act, Environmental Information Regulations and Information Rights requests
for HR helpdesk requests
for specialist advice and support for employees and their managers (complex cases)

How long we keep your data

We only keep your personal information for as long as we need it. We decide how long to keep your information based on what we need and also what the law says. All data is securely and permanently deleted at the end of the retention period. We call this our retention and disposal schedule.

We keep your personal information for 5 years.

Your rights

We are relying on consent for this processing, this means you have:

the right to be informed about the collection and use of your personal data – this is called ‘right to be informed’
the right to ask us for copies of your personal information we have about you – this is called ’right of access’. This is also known as a subject access request (SAR), data subject access request (DSAR) or right of access request (RAR)
the right to ask us to change any information you think is not accurate or complete – this is called ‘right to rectification’
the right to ask us to delete your personal information – this is called ‘right to erasure’
the right to ask us to stop using your information – this is called ‘right to restriction of processing’
your ‘right to object to processing’ of your information, in certain circumstances
rights in relation to automated decision making and profiling
the right to withdraw consent at any time (where relevant)
the right to complain to the Information Commissioner if you feel we have not used your information in the right way

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published. If you change your mind, or you are unhappy with our use of your personal data, please contact us and state the project or initiative name.

There are legitimate reasons why we may refuse your information rights request, which depend on why we are processing it.

For more information, see the ICO’s guide to individual rights.

See Requesting your personal information for more on what you’re entitled to ask us, or any of our executive agencies, and your rights about how your information is collected and used.

Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses a data processor for the following activity:

Zendesk for our help desk

Question 10

10. Using your data when we share your personal information

Accepted Answer

We will in some circumstances have to share your data with third parties, including third-party service providers and other Civil Service bodies.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We will in some circumstances transfer your personal information outside the EU.

If we do, you can expect a similar degree of protection in respect of your personal information.

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you, where it is in the public interest to do so or where it is necessary for the performance of our functions as a Government Department or a function of the Crown. This will, in some circumstances, involve sharing special categories of personal data and, where relevant, data about criminal convictions or allegations.

Third-party service providers processing your personal information

‘Third parties’ includes third-party service providers (including contractors and designated agents) and other entities within the Civil Service. A list of third-party service providers that control or process personal information, whether they are the data controller and the purposes for which they process the information, is in HR Document Management and Data Retention Guidance.

Information security with third-party service providers

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will share your personal information with other Civil Service organisations:

as part of our regular reporting activities on departmental performance
in the context of a business reorganisation or restructuring exercise
for system maintenance support and hosting of data
business planning and talent management initiatives
succession planning
statistical analysis
general management and functioning of the Civil Service

Personal data is also shared with the Office for National Statistics, mainly for statistical purposes.

Other third parties

If required, we will need to share your personal information with a regulator or to otherwise comply with the law. As part of the Government’s transparency agenda, the Department is required to regularly publish the disclosure of salary details of certain posts within the Senior Civil Service (SCS), in line with HM Treasury’s Resource Accounting Manual, on data.gov.uk. If SCS object to the disclosure, they should contact HR.

Transferring information outside the EU

We will, if necessary, transfer the personal information we collect about you to the India in order to perform our contract with you. There not an adequacy decision by the European Commission in respect of that country. This means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal information.

However, to ensure that your personal information does receive an adequate level of protection we have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection:

model contract clauses, which are approved by the European Commission and the ICO

Question 11

11. How to contact us and how to make a complaint

Accepted Answer

Cookies on GOV.UK

Applies to England

1. When we recruit and employ you

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

2. Using your data for public appointments

Purpose and lawful basis for processing

Data collected

What we do with your data

Who we share your data with

How long we keep your data

Your rights

Data processors

3. Using your data when we pay you

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

4. Using your data for business management and planning

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

5. Using your data when you use DfE IT equipment or the internet

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

6. Using your data when we collect your emergency contact details

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

7. Using your data when you make car hire, travel or hotel bookings

Purpose and lawful basis for processing

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

8. Using your data when you take part in user research

Purpose and lawful basis for processing

Data we collect

What we do with your data

How long we keep your data

Your rights

Data processors

9. Using your data when you make an enquiry or complaint

Purpose and lawful basis for process

Data collected

What we do with your data

How long we keep your data

Your rights

Data processors

10. Using your data when we share your personal information

Sharing your personal information with third parties

Third-party service providers processing your personal information

Information security with third-party service providers

Sharing your personal information with other organisations within the Civil Service

Other third parties

Transferring information outside the EU

11. How to contact us and how to make a complaint

11.1 How to contact us

11.2 How to make a complaint

11.3 How to access your personal information

Is this page useful?

Help us improve GOV.UK

Help us improve GOV.UK