Privacy notice relating to correspondence recieved by DSIT
Updated 15 November 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-correspondence-privacy-notice/privacy-notice-relating-to-correspondence-received-by-dsit
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and 14 of the UK General Data Protection Regulation (UK GDPR).
For data protection purposes, the Department for Science, Innovation & Technology (DSIT) is the data controller.
Purpose
We process personal data to respond to letters, emails or other communications from members of the public, Parliamentarians, and representatives of organisations.
What data we collect from you
We will process the following personal data:
- name
- organisation
- occupation
- address
- email address
- phone number
We will also:
- collect details of any concerns raised in your correspondence
- process any other information you volunteer about yourself
We may also process special category data or data about criminal convictions if you volunteer such information.
Special categories of personal data include:
- data about racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- health
- genetic data
- sexual orientation
- biometric data for the purpose of uniquely identifying a natural person, health, or sex life or sexual orientation
Legal basis for processing data
The processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case, that is being accountable and transparent about the functions and policies for which the department is responsible.
Where special category data or data about criminal convictions is volunteered by a correspondent, our legal basis for processing it is:
The processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a minister of the Crown, or a government department. The substantial public interest is being accountable and transparent about the functions and policies for which the department is responsible.
In relation to constituency correspondence we also rely upon:
The processing consists of the disclosure of personal data to an elected representative or a person acting with the authority of such a representative; and it is in response to a communication to the controller from that representative or person which was made in response to a request from an individual; and the personal data is relevant to the subject matter of that communication; and the disclosure is necessary for the purpose of responding to that communication.
Recipients
Your information may be shared with other public bodies, or the devolved administrations, where necessary. This is in order to provide a full answer to you, or where we need to transfer correspondence to a more appropriate body for an answer.
Your information may also be shared with third parties in order to provide a full answer to you.
Your information may be shared with your MP if they are writing on your behalf.
As personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, document management, storage, system troubleshooting and support services. We do not actively share your personal data with data processors.
How we receive personal data
If we did not receive your personal data from you, it may have been provided by your MP, or by another person writing in on your behalf, or by another correspondent with your consent.
Retention
Personal information in correspondence will usually be deleted 3 calendar years after the correspondence or case is closed or concluded.
Public correspondence may be kept if it is sufficiently significant that it should be retained for the historical record.
Automated decision making
Your personal data will not be subject to automated decision making.
International transfers
Your personal data will be processed in the UK, however as it is stored on our IT infrastructure, and shared with our data processors, it may be transferred outside of the UK but will remain within the European Economic Area (EEA). Your data will receive the same level of protection in the EEA as it does in the UK, through the safeguard of adequacy decision.
Your rights
You have the right to:
- request information about how your personal data is processed, and to request a copy of that personal data
- request that any inaccuracies in your personal data are rectified without delay
- request that any incomplete personal data is completed, including by means of a supplementary statement
- request that your personal data are erased if there is no longer a justification for it to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- object to the processing of your personal data
A full list of your rights under the General Data Protection Regulation (GDPR) is available on the ICO website.
Contact us or make a complaint
Contact the DSIT Data Protection Officer (DPO) if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG
You can also make a complaint to the Information Commissioner (supervisory authority), who is an independent regulator.
Contact the ICO:
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Changes to this privacy notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, DSIT will take reasonable steps to make sure you know.
Added details:
- concerning the scope of correspondence to be manged via the CoMS solution
- on the data we will process
- on the special category data
- of the use of data about offences/convictions.
- details regarding the use of AI
- details on the data processors
Last updated: 15 November 2024.