Guidance

Privacy notice for Cabinet Office sponsored public appointments

Updated 8 December 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-notice-for-cabinet-office-sponsored-public-appointments/privacy-notice-for-cabinet-office-sponsored-public-appointments

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

1. Purpose

Our purposes for processing your personal data are:

  • to recruit for public appointments for the Cabinet Office or one of its sponsored bodies including dealing with applications, selection, appointment, and vetting
  • to monitor and promote diversity in appointments, and
  • to produce statistics

2. The data

We will process the following personal data: your application, including name, contact details, location, employment history, qualifications, CV and other background information relevant to your application; sift and interview assessments; and conflicts of interest and political activity.

Diversity data will also be requested if you make an application via the Public Appointments Website, although you may decline to provide this if you wish. This includes age, gender, ethnicity, sexual orientation, recorded disability, and faith.

We may also process other information gathered by Cabinet Office as part of due diligence, including information obtained from public sources including social media.

Information relating to your nationality, address, family history and criminal convictions may be required in order to enable you to hold the necessary security clearance for your new role.

3. Lawful basis

Our legal basis for receiving and using your information is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is to ensure that high quality candidates are identified via robust recruitment processes in line with the Governance Code for Public Appointment published pursuant to Public Appointments (No. 2) Order in Council 2023. We also have a public task to monitor and promote diversity under our public sector equality duty.

Where a contract of employment exists, we also process your data on the legal basis that it is necessary for the performance of a contract to which you are a party, and it is necessary in order to take steps at your request prior to entering into a contract.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We may process sensitive personal data for the purposes of equality and diversity monitoring, to make reasonable adjustments for applicants, and if it comes to light during due diligence checks. Our lawful basis for processing your sensitive personal data is:

  • It is necessary for the purposes of performing or exercising our obligations or rights as the controller, or your obligations or rights as the data subject, under employment law, social security law or the law relating to social protection (reasonable adjustments)
  • processing is of data concerning ethnicity, religious or philosophical belief, health including disability or sexual orientation, it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with a view to enabling such equality to be promoted or maintained (diversity monitoring)
  • processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department (diversity monitoring and due diligence)
  • It relates to personal data which are manifestly made public by you (due diligence)

4. Recipients

We will share your information, including CVs and statements, with the members of the Advisory Assessment Panel.

Diversity and other data will be shared with the Commissioner of Public Appointments (OCPA) for the exercise of their statutory functions. This may include age, gender, ethnicity, sexual orientation, recorded disability, faith and geographical location, principal employment sector, number of government public appointments held, and declarable political activity. Your name will not be included in the information that is collected and shared with OCPA. You can see how OCPA handles personal data shared with it in its privacy notice.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.

5. Retention

Cabinet Office will store your application and other data if you are successful for the duration of your appointment and for 2 years thereafter.

Cabinet Office will hold diversity data shared with OCPA in identifiable form for five years.

If your application is unsuccessful we will retain your data for one year.

6. International transfers

As your personal data will be stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, Standard Contractual Clauses or a UK international Data Transfer Agreement.

7. Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You may have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.

You have the right to object to the processing of your personal data.

8. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

or 0303 123 1113, or icocasework@ico.org.uk.

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

9. Contact details

The data controller for your personal data is the Cabinet Office.

In relation to equality and diversity data, the Cabinet Office and the Office for the Commissioner of Public Appointments are joint data controllers. The contact details for the Cabinet Office are:

Cabinet Office
70 Whitehall
London
SW1A 2AS

or 0207 276 1234, or publicappointments@cabinetoffice.gov.uk.

The contact details for the Cabinet Office’s Data Protection Officer (DPO) are: dpo@cabinetoffice.gov.uk.

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

Back to top