Personal information charter
This privacy notice explains how the Committee on Standards in Public Life uses the personal information of members of the public.
The Committee on Standards in Public Life (CSPL) advises the Prime Minister on ethical standards across the whole of public life in England. It monitors and reports on issues relating to the standards of conduct of all public office holders. It has no remit to investigate individual cases or allegations of misconduct or breaches of standards.
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Your data
Purpose
The purposes for which we are processing your personal data are:
- collection of evidence in support of reviews undertaken by the Committee, including records of meetings
- contacting members of the public, parliamentarians, suppliers and others
- operation of our website and blog
- operation of our Twitter profile
- relevant data stored on the Committee’s Register of Interests in compliance with the Committee’s Code of Practice and Annual Report, which are published each summer
- dealing with public correspondence including Freedom of Information and Data Protection requests
- other transparency data including stakeholder meeting registers, Committee meeting minutes and agendas, and gifts and hospitality register
- management and administration of Committee members, press officer, and research advisory board members
Data
We will process the following personal data:
During the collection of evidence in support of reviews undertaken by the Committee:
- names, addresses, telephone numbers, email addresses and other contact details
- contents of submissions of evidence as sent by email, post or personal delivery to the Committee
- financial information as relates to reviews undertaken by the Committee
- details of complaints regarding ethical standards in public life
- policy views
- diversity and equality information where the Committee reviews the diversity, equality of opportunity and working ethical standards of Parliament, Parliamentarians and other institutions of democracy and public life
Stakeholder information:
- names
- addresses
- email addresses
- job titles and employers
- phone numbers
- signatures
- photographs
Website and Blog:
- names
- job titles
- photographs
- views and opinions
- email addresses of those signed up for email alerts
- IP addresses
- cookies
- images taken at CSPL events
Social media:
- names
- job titles
- images
- views and opinions
- Twitter handles and/or names of those we retweet
Register of Interests:
- names of Committee members and their private interests (company name, financial information, details of interest), updated as necessary
Annual Report:
- names of Committee members
- terms of appointments
- fees paid
- meetings attended
- names of research advisory report
- photographs
Other transparency data:
- stakeholder meeting register, names, job titles, meeting dates
- meeting minutes and agendas, names, job titles, meeting dates
- gifts and hospitality register, names, financial information
Dealing with public correspondence, responding to requests for information (under the Freedom of Information Act 2000 and/or data protection requests:
- names
- addresses
- email addresses
- any concerns raised in your correspondence
- requests and opinions
- in responding to subject access requests we may process any data on you held by the Committee and its Secretariat
- any other information you volunteer about yourself
Committee members (fee paid members):
- names, addresses, telephone numbers, email addresses and other contact details
- details of date and place of birth and citizenship
- bank account numbers and details
- information on payments of fees and expenses (claims and disbursements)
- details about other paid and unpaid interests collected by the Secretariat and published on your behalf for the purposes of declaring registrable interests in accordance with the Committee ‘Code of Practice’
- information, where required by other laws or policies, on immediate family members and their interests that may impact on your registrable interests as a member of the Committee, in accordance with the Committee ‘Code of Practice’
- biographies, including current and past work and employers
- travel itineraries and diary information, including passport numbers and images
- correspondence with Committee members
- outcomes of security vetting procedures (note: no information collected in the vetting process is held by the Secretariat unless it is separately and expressly sent to the Secretariat by the Committee member); and
- images of Committee members
Press officer (Contractor):
- names, addresses, telephone numbers, email addresses and other contact details
- details of date and place of birth and citizenship
- biography, including proof of and contact information for current and past work and employers
- travel itineraries and diary information, including passport numbers and images
- business bank account numbers and details
Academic Research Board Members (fee paid members):
- names, addresses, telephone numbers, email addresses and other contact details
- bank account numbers and details
- information on payments of fees and expenses (claims and disbursements)
- Proof of academic qualifications
- biographies, including current and past work and employers
Legal basis of processing
The legal basis for processing your personal data is:
In relation to images used in relation to the website, blogs, or Twitter posts:
- your consent
In relation to staff information and details of contractors:
- it is necessary for the performance of a contract to which you are a party
- it is necessary in order to take steps at your request prior to entering into a contract
In relation to requests under the Freedom of Information Act 2000 or data protection requests (SARs):
- it is necessary to comply with a legal obligation placed on us as the data controller
In relation to all other personal data:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. The Committee processes sensitive personal data in the following circumstances:
- where the Committee reviews the diversity, equality of opportunity and working ethical standards of institutions of democracy and public life
- where it is volunteered to us (for example in correspondence or evidence)
- where it relates to health issues of staff, Committee members, press officers or academic research board members
The legal bases for processing your sensitive personal data are:
- processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment
- processing is of a specific category of personal data and it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with a view to enabling such equality to be promoted or maintained
- it is necessary for the purposes of performing or exercising our obligations or rights as the controller, or your obligations or rights as the data subject, under employment law
- it is necessary for archiving purposes, scientific or historical research purposes or statistical purposes, and it is in the public interest
Recipients
Your personal data will be shared by us with the Cabinet Office who provide us with IT services (through their IT contractors), and HR and finance services.
It will also be shared with our website providers and hosts, and with Twitter where you interact with us on that platform.
Your data may also be shared with our Press Office contractor where we seek communications advice.
Retention
Your personal data will be kept by us for the following periods:
Information comprising evidence from members of the public will be maintained in both the form in which the Committee received it (unredacted) and an altered form (redacted, reproduced) for a minimum of 5 years.
Details of former Committee Members will be retained for a minimum of 3 years to enable the current Secretariat to contact members for events, report launches and correspondence on relevant issues.
External contact details will be retained so long as people remain in those roles and will be updated at least once a year.
Correspondence, Freedom of Information requests and data protection requests (SARs) will be retained for a minimum of 3 years since last contact. For data protection requests your identification documents will be destroyed as soon as your identity is verified.
Images we post to our website, blog and Twitter will be retained for a minimum of 2 years, although we do not have any control over what others may do once information is placed in the public domain.
Your Rights
-
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
-
You have the right to request that any inaccuracies in your personal data are rectified without delay.
-
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
-
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
-
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
-
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
In relation to any information other than images, staff data, or Freedom of Information and data protection requests:
- You have the right to object to the processing of your personal data.
In relation to images:
- You have the right to withdraw consent to the processing of your personal data at any time
In relation to staff information:
- You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
International Transfers
As your personal data is shared with the Cabinet Office, and their data processors who provide our IT infrastructure, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.
Data shared with Twitter may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.
Contact details
The data controller for your personal data is the Committee on Standards in Public Life. The contact details for the Committee are: Secretary to the Committee on Standards in Public Life, 1 Horse Guards Road, London, SW1A 2HQ, tel: 020 7271 2948, email: public@public-standards.gov.uk
The contact details for the data controller’s Data Protection Officer are: Stephen Jones, Data Protection Officer, Cabinet Office, 70 Whitehall, London, SW1A 2AS, or dpo@cabinetoffice.gov.uk.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.
The Information Commissioner can be contacted at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or casework@ico.org.uk.
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.