Transparency data

Privacy information: Department for Education workforce

Updated 28 March 2025

Applies to England

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-information-department-for-education-workforce/privacy-information-department-for-education-workforce

This document provides details of what personal data the Department for Education (DfE) processes about our workforce including:

  • current and former DfE and agency employees and workers
  • public appointments
  • board members
  • non-executive directors
  • ministers and contractors

This notice:

  • does not form part of any contract of employment or other contract to provide services
  • can be updated at any time - we will inform you if this happens

When we collect and use your personal information, we follow the relevant laws including:

We must have a valid reason to collect your personal data. These reasons are called lawful basis in UK GDPR. You have rights under UK GDPR about how your personal data is collected and used. Your rights change based on the lawful basis for collecting the data.

Further information on the standards you can expect when we collect, hold or use your personal information is available on the personal information charter.

1. When we recruit and employ you

1.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can employ you as a member of staff or as a contractor.

The lawful basis we rely on for this processing of your personal data is contract, under article 6(1)(b) of the UK GDPR.

When we use your special category data it is because we have a substantial public interest under article 9(2)(g) of UK GDPR.

The additional DPA 2018 processing conditions we rely on are schedule 1, part 1(1) which relates to processing for employment purposes and schedule 1, part 2, paragraph 6 - statutory and government purposes.

We process information about applicant criminal convictions and offences. The lawful basis we rely on to process this data is public task, under article 6(1)(e) of the UK GDPR.

1.2 Data collected

DfE collect and use the following personal information:

  • name
  • date of birth
  • employee number
  • email address
  • telephone number
  • National Insurance number
  • job title or position

When we use your special category data, it is because you have given your explicit consent. We may need to collect details about your:

  • gender
  • heath or disability
  • racial or ethnic origin

Full details about how we process special category data are given in DfE’s appropriate policy document.

1.3 What we do with your data

We need your personal data to:

  • make a decision about your recruitment or appointment
  • determine the terms on which you work for us and general administration of the contract we have entered into with you
  • check you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role - for civil servants, to check eligibility to become and remain a civil servant
  • manage performance, attendance and make decisions about your continued employment or engagement
  • assess qualifications for a particular job or task, including decisions about promotions
  • monitor equal opportunities and diversity and comply with the Public Sector Equality Duty (PSED)
  • gather evidence and any other steps relating to possible grievance or disciplinary matters and associated hearings
  • make arrangements for the termination of our working relationship, including exit interviews
  • manage education, training, learning and development requirements, including talent management
  • deal with legal disputes involving you, or other employees, workers, public appointments and contractors, including accidents at work
  • ascertain your fitness to work, managing sickness absence and policies to support your wellbeing, for example workplace adjustments and occupational health
  • record conflicts of interest
  • liaise with your pension provider, providing information about changes to your employment such as promotions and a change in working hours
  • share with Cabinet Office to help them manage their oversight of the Senior Civil Service, special advisers and ministers, as owners of the Civil Service code and executive terms and conditions

1.4 How long we keep your data

We keep your personal information:

  • for 2 years for records relating to recruitment
  • for 4 years for medical, self certificates and fit notes - unrelated to industrial injury
  • for 6 years for records relating to appraisal, staff training, attendance management
  • until you are aged 100 for records relating to contracts, annual benefit statements and pensions

1.5 Your information rights under UK GDPR

Find out about  your rights when we process your personal data under the lawful basis of contract.

1.6 Data processors

A data processor is an organisation that processes your information on DfE’s behalf. DfE uses the Korn Ferry Hay Group for our talent management programme.

2. Using your data for public appointments

2.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can appoint:

  • DfE board members
  • board chairs
  • non-executive directors
  • members of an advisory committee

DfE and the Cabinet Office are joint data controller for this processing. This privacy notice is in addition to the Cabinet Office notice that is attached to all vacancies advertised on the Public Appointments website.

The lawful basis we rely on for this processing of your personal data is under article 6(1)(e) of the UK GDPR. Find out more from the:

When we use your special category data it is because we have a substantial public interest under article 9(2)(g) of UK GDPR.

Processing that relates to personal data which is manifestly made public by the data subject (para 32, schedule 1, Data Protection Act 2018).

DfE carries out due diligence checks, including internet searches into the public social media of individuals who apply for roles to support us in policy making. This could be, for example, those applying to be part of the Teacher and Headteacher Reference Groups.

Non-exhaustive examples of where the we may carry out these checks include:

  • speakers for DfE funded or sponsored events and communications activities
  • actors used in DfE media campaigns and those involved in communications activity, such as influencers
  • stakeholder commentary on DfE campaigns, policy, news, events and appointments
  • public appointment processes
  • briefing requests, where officials provide insight about external affairs engagement with stakeholders and their priorities

Any personal data processed as part of these checks will be stored in line with DfE policies and requirements under UK GDPR on data retention.

2.2 Data collected

DfE collect and use the following personal information:

  • title, first name and surname
  • address
  • email address
  • telephone number
  • age
  • residential location
  • professional background
  • appointments held
  • letters of appointment
  • applications, CVs, and personal statements
  • disability confident declaration (if applicable)
  • employment references
  • National Insurance number and date of birth, if on the DfE payroll

Due diligence checks are also done for applicants shortlisted for interview. Applicants should expect this to include searches for public statements and social media, blogs or any other publicly available information.

We collect and use special category data, this includes details about your:

  • gender
  • disability status
  • ethnicity
  • sexual orientation
  • religion or belief
  • political activity

Special category data will be collected by an optional diversity questionnaire. The data will be handled in accordance with the terms set out in the Cabinet Office Public Appointment Privacy Notice.

Full details about how we process special category data are given in the DfE appropriate policy document.

2.3 What we do with your data

We receive your personal data through your application and declaration form. We will process your data for the purpose of making public appointments in accordance with the Governance Code on Public Appointments.

Before opening a competition, we may also compile a list of a individuals potentially suited to the role and share this information with:

  • the sponsor team
  • representatives from the organisation to which you have applied
  • ministers
  • special advisers
  • Cabinet Office
  • the office of the Prime Minister, 10 Downing Street

More information about this work is available from the Commissioner for Public Appointments website.

2.4 Who we share your data with

We may provide suggestions to ministers on individuals to approach prior to opening a competition. These suggestions will be based on information held in the public domain.

We may:

  • share your data with the Advisory Assessment Panel and special advisers for the purpose of assessing your suitability for the role
  • share your application with the sponsor team and representatives from the organisation to which you have applied who may be involved in a pre-sift and in preparing documents for the:
    • panel
    • officials in Cabinet Office
    • 10 Downing Street
    • the appointing minister in relation to the role you have applied for

Where we need to share your personal data with others, we ensure that this data sharing complies with data protection legislation. For the purpose of this work, we may need to share your personal data with:

  • the sponsor team and representatives from the organisation to which you have applied
  • ministers
  • special advisers
  • the Office of the Commissioner for Public Appointments
  • the Cabinet Office
  • the Prime Minister’s Office, 10 Downing Street

This data sharing is lawful because it is necessary for making public appointments in accordance with the Governance Code on Public Appointments.

2.5 How long we keep your data

We will only keep your personal data for a maximum of 5 years after the conclusion of the competition. If you are appointed, we will keep the data for the duration of your appointment or reappointment, plus 2 years. After this time it will be securely destroyed.

2.6 Your information rights under UK GDPR

Find out about  your rights  when we process your personal data under the lawful basis of public task.

2.7 Data processors

A data processor is an organisation that processes your information on DfE’s behalf. We do not use any data processors for this processing activity.

3. Using your data when we pay you

3.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can pay you.

The lawful basis we rely on for this processing of your personal data is legal obligation, under article 6(1)(c) of the UK GDPR.

3.2 Data collected

DfE collect and use your personal information, including your:

  • name
  • address
  • email address
  • telephone number
  • job title or position
  • employee number
  • bank account details

3.3 What we do with your data

We need your personal data to:

  • pay you and, if you are an employee, deduct tax and National Insurance contributions and report this to HMRC
  • provide employment-related benefits to you including:
    • occupational sick, adoption, maternity and paternity pay and shared parental and annual leave
    • pension
    • advances of salary
    • make decisions about performance rewards
  • pay expense claims
  • record conflicts of interest
  • prevent fraud

3.4 How long we keep your data

We keep your personal information for 7 years to meet finance requirements.

3.5 Your information rights under UK GDPR

Find out about your rights  when we process your personal data under the lawful basis of legal obligation.

3.6 Data processors

DfE uses a data processor, My Civil Service Pensions, to process information relating to your pension

4. Using your data for business management and planning

4.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can do business management and planning.

The lawful basis we rely on for this processing of your personal data is legitimate interest, under article 6(1)(f) of the UK GDPR.

When we use your special category data it is because we have a substantial public interest under article 9(2)(g)  of UK GDPR.

Full details about how we process special category data are given in the DfE appropriate policy document.

4.2 Data collected

DfE collect and use the following personal information including your:

  • name
  • email address
  • personal telephone number
  • job title or position
  • employee number
  • employee IP address
  • login records
  • line manager details
  • location
  • talent management information
  • salary, including senior civil servants, special advisers and ministers

In Pulse survey responses we collect and use the following special category data if applicable:

  • ethnicity
  • disability

4.3 What we do with your data

We need your personal data to:

  • do business management and planning, including accounting and auditing
  • comply with health and safety obligations
  • keep personal contact details for business continuity in case of an incident, for example DfE-wide call trees - GOV.UK Notify has  more information
  • keep internal trackers and dashboards for business administration, including enquiries, case work, finance, conflict of interest registers, gift and hospitality registers
  • investigate security or data breaches
  • monitor hybrid working occupancy levels
  • make decisions about salary reviews and compensation
  • conduct data analytics studies to review and better understand employee retention and attrition rates
  • manage DfE boards, including producing minutes
  • manage Honours nominations - the Cabinet Office privacy information relating to honours nominations has more details
  • manage the business appointment rule process with the input of ACOBA for Director Generals and above
  • share information that aligns with a government department’s commitments to transparency, either to Cabinet Office or via publicly available transparency returns
  • use pulse survey responses and demographic information to support staff wellbeing and inform planning - the Privacy notice: Civil Service People Survey respondents has details of the People Survey
  • publish your name in publications, where appropriate

4.4 How long we keep your data

We keep your personal information for

  • 7 years for finance trackers
  • 10 years for internal policy records
  • 5 years for other processing

4.5 Your information rights under UK GDPR

Find out about  your rights  when we process your personal data under the lawful basis of legitimate interest.

4.6 Data processors

A data processor is an organisation that processes your information on DfE’s behalf. We do not use any data processors for this processing activity.

5. Using your data when you use DfE IT equipment or the internet

5.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can provide secure access to DfE’s IT equipment and you can access the internet.

The lawful basis we rely on for this processing of your personal data is legitimate interest, under article 6(1)(f) of the UK GDPR.

5.2 Data collected

DfE collect and use the following personal information:

  • name
  • employee number
  • email address
  • job title or position
  • IP address

5.3 What we do with your data

We need your personal data to:

  • monitor your business and personal use of our information and communication systems to ensure compliance with our IT policies
  • ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
  • maintain an active directory, listing what users there are and who’s allowed to do what

We use Google Analytics software to collect information about how you use the intranet and internet. This includes IP addresses. The data is anonymised before being used for analytics processing.

Google Analytics processes anonymised information about:

  • the pages you visit on the intranet
  • how long you spend on each intranet page
  • what you click on while you’re visiting the site

We do not store your personal information through Google Analytics (for example your name) and we take steps to ensure that this information is not used, or combined with other datasets, to identify who you are.

5.4 How long we keep your data

We keep your personal information for

  • 5 years for business operational purposes
  • 26 months for Google Analytics data

5.5 Your information rights under UK GDPR

Find out about  your rights  when we process your personal data under the lawful basis of legitimate interest.

5.6 Data processors

DfE uses Google Analytics cookies and a Real User Monitoring (RUM) cookie from SpeedCurve to collect information about how you use the internet.

6. Using your data when we collect your emergency contact details

6.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can contact you or someone in case of an emergency.

The lawful basis we rely on for this processing of your personal data is consent, under article 6(1)(a) of the UK GDPR.

6.2 Data collected

DfE collect and use the following personal information:

  • next of kin or emergency contact details
  • telephone number

6.3 What we do with your data

We need your personal data to keep:

  • a record of your emergency contact, in case we need to contact them in an emergency
  • individual team contact or call trees, so we can contact you in case of business continuity incident

6.4 How long we keep your data

We keep your personal information for 6 years.

6.5 Your information rights under UK GDPR

Find out about your rights  when we process your personal data under the lawful basis of consent.

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published.

If you change your mind, or you are unhappy with our use of your personal data, please contact us and state the project or initiative name.

6.6 Data processors

 DfE uses Zendesk for our help desk.

7. Using your data when you make car hire, travel or hotel bookings

7.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can offer a service for car hire, travel or hotel bookings.

The lawful basis we rely on for this processing of your personal data is legal obligation, under article 6(1)(c) of the UK GDPR.

7.2 Data collected

DfE collect and use the following personal information:

  • name
  • address
  • date of birth
  • employee number
  • email address
  • telephone number
  • job title or position

When we use your special category data, it is because you have given your explicit consent. We may need to collect details about your:

  • gender
  • heath or disability

7.3 What we do with your data

We need your personal data to:

  • process and pay for your car hire, train, air or hotel booking
  • check and authorise payments for your bookings

7.4 How long we keep your data

We keep your personal information for 7 years to meet finance requirements.

7.5 Your information rights under UK GDPR

Find out about your rights when we process your personal data under the lawful basis of legal obligation.

7.6 Data processors

DfE uses a data processor for the following activities:

  • CTM North Limited for rail, hotel and air travel bookings
  • Enterprise Rent-A-Car for car hire bookings

8. Using your data when you take part in user research

8.1 Purpose and lawful basis for processing

Our purpose for processing this information is so we can undertake user research to identify service improvements.

The lawful basis we rely on for processing your personal data is consent, under article 6(1)(a) of the UK GDPR.

When we use your special category data, it is because we have explicit consent under article 9(2)(a) of UK GDPR.

8.2 Data we collect

We collect and use the personal information you provide, including your:

  • full name
  • email address
  • phone number

When we use your special category data, it is because you have given your ethical consent to take part in the research. As part of our user research we may need to collect information about your:

  • heath or disability
  • racial or ethnic origin
  • gender

Full details about how we process special category data are given in the DfE appropriate policy document and in the research information sheet. You will be given this research information sheet at the start of the research.

8.3 What we do with your data

We will use your personal information for user research that DfE undertakes to provide high-quality evidence to inform policy development and service delivery.

DfE will anonymise or desensitise the data where possible.

8.4 How long we keep your data

We keep your personal information until 2 years after the end of the survey or research.

8.5 Your information rights under UK GDPR

Find out about  your rights  when we process your personal data under the lawful basis of consent.

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published.

If you change your mind, or you are unhappy with our use of your personal data, please contact us  and state the project or initiative name.

8.6 Data processors

DfE may use contractors to work on behalf of DfE to undertake the user research. Our contractors will receive your personal data directly from you during the activity or initiative.

9. Using your data when you make an enquiry or complaint

9.1 Purpose and lawful basis for process

Our purpose for processing this information is so we can respond to your enquiry or complaint.

The lawful basis we rely on for this processing of your personal data is consent, under article 6(1)(a) of the UK GDPR.

When we use your special category data, it is because you have given explicit consent under article 9(2)(a) of the UK GDPR.

9.2 Data collected

DfE collect and use the following personal information:

  • name
  • date of birth
  • address
  • employee number
  • email address
  • telephone number
  • job title or position

When we use your special category data, it is because you have given your explicit consent. As part of our enquiry or complaint, we may need to collect details about your:

  • gender
  • heath or disability
  • racial or ethnic origin

Full details about how we process special category data are given in DfE’s appropriate policy document.

9.3 What we do with your data

We need your personal data:

  • to deal with Freedom of Information Act, Environmental Information Regulations and Information Rights requests
  • for HR helpdesk requests
  • for specialist advice and support for employees and their managers, particularly complex cases

9.4 How long we keep your data

We will keep your personal information in line with our retention and disposal schedule, dependant on the nature of your enquiry or complaint.

9.5 Your information rights under UK GDPR

Find out about  your rights when we process your personal data under the lawful basis of consent.

As we are processing your personal data with your consent, you have the right to withdraw that consent. You can withdraw your consent up until the case study is published.

If you change your mind, or you are unhappy with our use of your personal data, please contact us and state the project or initiative name.

9.6 Data processors

DfE uses Zendesk for our help desk.

10. Using your data when we share your personal information

We will in some circumstances have to share your data with third parties, including third-party service providers and other Civil Service bodies.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We will in some circumstances transfer your personal information outside the EU.

If we do, you can expect a similar degree of protection in respect of your personal information.

Sharing your personal information with third parties

We will share your personal information with third parties where required by law, where it is:

  • necessary to administer the working relationship with you
  • in the public interest to do so
  • necessary for the performance of our functions as a government department or a function of the Crown

This will, in some circumstances, involve sharing special categories of personal data and, where relevant, data about criminal convictions or allegations.

Third-party service providers processing your personal information

‘Third parties’ includes third-party service providers, including contractors and designated agents and other entities within the Civil Service.

A list of third-party service providers that control or process personal information, whether they are the data controller and the purposes for which they process the information, is in HR Document Management and Data Retention Guidance.

Information security with third-party service providers

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Sharing your personal information with other organisations within the Civil Service

We will share your personal information with other Civil Service organisations:

  • as part of our regular reporting activities on departmental performance
  • in the context of a business reorganisation or restructuring exercise
  • for system maintenance support and hosting of data
  • for business planning and talent management initiatives
  • for succession planning
  • for statistical analysis
  • for general management and functioning of the Civil Service

Personal data is also shared with the Office for National Statistics, mainly for statistical purposes.

Other third parties

We may need to share your personal information with a regulator or to otherwise comply with the law. As part of the government’s transparency agenda, DfE is required to regularly publish the disclosure of salary details of certain posts within the Senior Civil Service (SCS). This is in line with HM Treasury’s Resource Accounting Manual on data.gov.uk. If SCS object to the disclosure, they should contact HR.

Transferring information outside the EU

We will, if necessary, transfer the personal information we collect about you to India in order to perform our contract with you. There is not an adequacy decision by the European Commission in respect of that country. This means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal information.

We ensure that your personal information receives an adequate level of protection and is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. We do this by using model contract clauses, which are approved by the European Commission and the ICO.

11. How to contact us and how to make a complaint

Requesting your personal information from DfE has information on how you can:

  • ask questions about how we use your information
  • make a complaint to the Data Protection Officer and the Information Commissioner’s Office (ICO) if you have concerns about how we use your personal information

11.1 How to access your personal information

You can make a request to access your personal information verbally or in writing.

Back to top