Guidance

Privacy notice for Cabinet Office secure IT platform

Published 17 December 2018

1. Your data

1.1 Purpose

The purposes for which we are processing your personal data are:

• to provide a secure IT platform and operating system for staff to allow them to discharge their duties, including setting up and removing user accounts
• for testing and piloting of new technology to develop, expand or upgrade the platform
• for monitoring the system for potential abuses of the ICT Acceptable Usage Policy, or for fraudulent or criminal activity
• for monitoring threats to the system, identifying and fixing technical issues, and identifying and tackling cyber security risks

1.2 The data

We will process the following personal data: name, job title, email addresses, telephone numbers, office location and team membership. We also collect web access logs and general records of usage of the system including all emails.

1.3 Legal basis of processing

The legal basis for processing your personal data is:

In relation to monitoring threats to the system, identifying and fixing technical issues, and identifying and tackling cyber security risks:

• it is necessary for the purposes of our legitimate interests i.e. maintaining the integrity of our IT system and the continuity of our business.

In relation to all other purposes:

• it is necessary for the performance of a contract to which you are a party, which in this case is your employment contract.

1.4 Recipients

Your personal data will not be shared outside of the Cabinet Office.

1.5 Retention

Your personal data will be kept for the duration of your employment in a role where you use the secure IT platform. Once you leave that role, the information will be deleted when the local records are updated. This should be at least once a year.

For senior leaders, such as ministers, records may be retained indefinitely where they may be of historical interest.

2. Your rights

You have the right:

• to request information about how your personal data are processed, and to request a copy of that personal data
• to request that any inaccuracies in your personal data are rectified without delay
• to request that any incomplete personal data are completed, including by means of a supplementary statement
• to request that your personal data are erased if there is no longer a justification for them to be processed
• in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
• to object to the processing of your personal data where it is processed for direct marketing purposes

In relation to monitoring threats to the system, identifying and fixing technical issues, and identifying and tackling cyber security risks:

• you have the right to object to the processing of your personal data.

In relation to all other data:

• you have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.

3. International transfers

Your data will not be transferred outside of the UK.

4. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

5. Contact details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

Public Enquiries: Online Contact Form

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk