Guidance

Budget representations: processing of personal data

Updated 15 January 2021

This notice sets out how we will use your personal data and explains your rights under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

1. Your data (Data Subject Categories)

The personal information relates to you as either a member of the public, parliamentarians, peers, members of the European Parliament, members of devolved administrations and representatives of organisations or companies.

2. The data we collect (Data Categories)

Information may include your name, address, email address, job title, and employer of the correspondent, as well as your opinions. It is possible that you will volunteer additional identifying information about themselves or third parties.

3. Special categories data

Any of the categories of special category data may be processed if such data is volunteered by the respondent.

Where special category data is volunteered by you (the data subject), the legal basis relied upon for processing it is: the processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.

This function is consulting on departmental policies or proposals, or obtaining opinion data, to develop good effective policies.

5. Purpose

The personal information is processed for the purpose of obtaining the opinions of members of the public and representatives of organisations and companies, about departmental policies, proposals, or generally to obtain public opinion data on an issue of public interest.

6. Who we share your responses with

Information provided in response to a consultation may be published or disclosed in accordance with the access to information regimes. These are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act 2018 (DPA) and the Environmental Information Regulations 2004 (EIR).

If you want the information that you provide to be treated as confidential, please be aware that, under the FOIA, there is a statutory Code of Practice with which public authorities must comply and which deals with, amongst other things, obligations of confidence.

In view of this it would be helpful if you could explain to us why you regard the information you have provided as confidential. If we receive a request for disclosure of the information we will take full account of your explanation, but we cannot give an assurance that confidentiality can be maintained in all circumstances. An automatic confidentiality disclaimer generated by your IT system will not, of itself, be regarded as binding on HM Treasury.

Where someone submits special category personal data or personal data about third parties, we will endeavour to delete that data before publication takes place.

Where information about respondents is not published, it may be shared with officials within other public bodies involved in this consultation process to assist us in developing the policies to which it relates. Examples of these public bodies appear at: https://www.gov.uk/government/organisations.

As the personal information is stored on our IT infrastructure, it will be accessible to our IT contractor, NTT. NTT will only process this data for our purposes and in fulfilment with the contractual obligations they have with us.

In addition to the above, representations sent in via post or to public.enquiries@hmtreasury.gov.uk will also be stored securely on our correspondence management system eCase, and be accessible to our eCase contractor, Fivium. They too will only process this data for our purposes and in fulfilment with the contractual obligations they have with us.

7. How long we will hold your data (Retention)

Personal information in responses to consultations will generally be published and therefore retained indefinitely as a historic record under the Public Records Act 1958.

Personal information in responses that is not published will be retained for three calendar years after the consultation has concluded.

Information stored on eCase will be retained for six years from date of receipt.

8. Your rights

  • you have the right to request information about how your personal data are processed and to request a copy of that personal data

  • you have the right to request that any inaccuracies in your personal data are rectified without delay

  • you have the right to request that your personal data are erased if there is no longer a justification for them to be processed

  • you have the right, in certain circumstances (for example, where accuracy is contested), to request that the processing of your personal data is restricted

  • you have the right to object to the processing of your personal data where it is processed for direct marketing purposes

  • you have the right to data portability, which allows your data to be copied or transferred from one IT environment to another

9. How to submit a data subject access request (DSAR)

To request access to personal data that HM Treasury holds about you, contact:

HM Treasury Data Protection Unit
G11 Orange
1 Horse Guards Road
London
SW1A 2HQ

dsar@hmtreasury.gov.uk

10. Complaints

If you have any concerns about the use of your personal data, please contact us via this mailbox: privacy@hmtreasury.gov.uk.

If we are unable to address your concerns to your satisfaction, you can make a complaint to the Information Commissioner, the UK’s independent regulator for data protection. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113

casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

11. Contact details

The data controller for any personal data collected as part of this consultation is HM Treasury, the contact details for which are:

HM Treasury
1 Horse Guards Road
London
SW1A 2HQ
London
020 7270 5000

public.enquiries@hmtreasury.gov.uk

The contact details for HM Treasury’s Data Protection Officer (DPO) are:

The Data Protection Officer
Corporate Governance and Risk Assurance Team
Area 2/15
1 Horse Guards Road
London
SW1A 2HQ
London

privacy@hmtreasury.gov.uk