Department for Exiting the European Union External and Stakeholder Contacts Privacy Notice
This privacy notice explains how the Department for Exiting the European Union will process personal data for external and stakeholder contacts
Documents
Details
Privacy notices explain in more detail how the Department will handle your data in specific circumstances. The purpose for which we are processing personal data is to allow external contacts and stakeholders to be contacted, and have information shared where applicable.
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
Purpose
The purpose for which we are processing your personal data is so that we can communicate with you.
The personal information is processed for the purpose of making contact with individuals for the following business purposes:
- making contact with suppliers about services actually or prospectively provided by them (for example, personal information about contact persons at suppliers we use, or about suppliers we may choose to use for occasional tasks).
- making contact with individuals to inform them, or seek their views, about departmental policies or proposals, outside of a formal consultation process (for example, contact details for people in charities or representative bodies).
- making contact with customers or clients about services or information provided to them by the Department.
- making contact with officials in other departments or public bodies (including other governments) to discuss policy proposals or development, communications activity, or operational matters.
The data
We will process the following personal data when we communicate with you:
- name
- email address
- date of birth
Depending on the situation, we may also process one or more of the following:
- address
- organisation name
- organisation address
- job title
- phone number/s
- job type
- employer
- events with HM Government that you have attended
Where we have consulted you for your views, the information may include your opinions.
Legal basis of processing
The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. The task is to ensure the effective development, coordination and implementation of government policy.
Recipients
Your personal data may be shared by us with other government bodies, including government departments and arm’s-length bodies. This would be to assist in the development of government policy.
Your personal data may be shared by us with a GDPR-compliant, approved third party, with the role of distributing large volumes of emails, or who provide events management services. As your personal data will be stored on our IT infrastructure it may also be shared with our data processors who provide email, relationship management, document management and storage services to us.
Retention
Personal data will be held in order to make contact with individuals in particular roles. Personal data may be deleted at any time if you ask us to do so. We will contact you via email periodically following your receipt of the initial notice to check that your contact email address is still accurate and to remind you of the opportunity to check and/or ask us to delete your data.
Where personal data was not collected by the Department, it was obtained by other GDPR-compliant government departments and agencies.
Your rights
You have the right to:
- request information about how your personal data are processed, and to request a copy of that personal data
- request that any inaccuracies in your personal data are rectified without delay
- request that any incomplete personal data are completed, including by means of a supplementary statement
- request that your personal data are erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- object to the processing of your personal data
- object to the processing of your personal data where it is processed for direct marketing purposes
International transfers
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses or the Privacy Shield scheme.
Contact details
The data controller for your personal data is the Department for Exiting the European Union. The contact details for the data controller are:
Department for Exiting the European Union
9 Downing Street
London
SW1A 2AS
United Kingdom
Telephone: 0207 276 1234
Email: dataprotection@dexeu.gov.uk
The contact details for the data controller’s Data Protection Officer (DPO) are:
Stephen Jones
Data Protection Officer
Cabinet Office (DExEU)
70 Whitehall
London
SW1A 2AS
Email: dpo@cabinetoffice.gov.uk
The Data Protection Officer provides independent advice and monitoring of the Department for Exiting the European Union’s use of personal information.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.