Guidance

Privacy notice for COVID-19 volunteers

Published 13 May 2020

1. Your data

1.1 Purpose

The purpose for which we are processing your personal data is to maintain a COVID-19 Volunteer response pool.

The data is being kept to support a pool of SCS and delegated grade colleagues that can be matched and deployed quickly to COVID-19 roles. Colleagues are asked to complete a Google form of their details that will be shared with teams in the department requiring the role. They are shared as official sensitive.

1.2 The data

We will process the following personal data:

• email address
• name
• surname
• contact telephone number
• current department
• current job role
• security clearance level
• employment history
• profession
• working pattern
• CVs

1.3 Legal basis of processing

The legal basis for processing your personal data is it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

1.4 Recipients

Your personal data will be shared by us with colleagues in a department which potentially has a role for you.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.

1.5 Retention

Your personal data will be kept by us for 12 months, and then we will contact you to see if you are happy for it to be kept for a further 12 months.

2. Your rights

You have the right:

• to request information about how your personal data are processed, and to request a copy of that personal data
• to request that any inaccuracies in your personal data are rectified without delay
• to request that any incomplete personal data are completed, including by means of a supplementary statement
• in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
• to object to the processing of your personal data

You may have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

3. International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

4. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

5. Contact details

The data controller for your personal data is the Cabinet Office. In some cases your employing organisation may also be a data controller. This is only in cases where Cabinet Office has shared individual-level survey responses with an organisation (via a qualified analyst who has signed a data sharing agreement, as outlined above).

The contact details for the lead data-controller are:

Cabinet Office
70 Whitehall
London
SW1A 2AS
csps@cabinetoffice.gov.uk

The contact details for the lead data-controller’s Data Protection Officer (DPO) are:

Stephen Jones (DPO)
Cabinet Office
70 Whitehall
London
SW1A 2AS
dpo@cabinetoffice.gov.uk

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.