GPA Data Privacy Notice: Meeting room technology survey
This notice sets out your rights and how we will use your personal data relating to the GPA's meeting room technology survey.
Documents
Details
The Government Property Agency (GPA) is an Executive Agency of the Cabinet Office. We’re responsible for managing the Government Estate and providing the public sector with great places to work for civil servants, which in turn enables them to provide excellent public services.
More details of our services can be found on our GOV.UK page here
Recent feedback from workplace experience surveys have reinforced the important role technology plays in delivering excellent meeting room experiences. From finding and booking your meeting room to running your hybrid or in-person meetings, the ways in which you interact with technology needs to be efficient, effective and easy.
Your feedback is essential as this provides valuable insight into the reality of how the technology is performing for you on an everyday basis.
This notice sets out your rights and how we will use your personal data. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (UK GDPR), part of the UK Data Protection Act (2018).
Purpose of the Processing
We will process your (personal) data with the purpose to better understand your use of the technology offered and identify what is working well and what needs to improve.
THE DATA
We do not seek to identify individuals who participate in providing feedback, or to attribute feedback to specific individuals. Feedback once received, is anonymised and reviewed only in aggregated form.
However, limited personal data may be collected as part of the process that includes;
- Any data that may be temporarily relatable to the individual participating in the survey when logged into the system (eg, temporary IP address, system log data, etc).
- Any personal data submitted in your answers to the survey questions.
LAWFUL BASIS FOR THE PROCESSING
We are tasked with enhancing the workplace experience for the Civil Service, to increase efficiencies, productivity and effective engagement with technology.
Any data you provide is done so voluntarily. Where you do choose to provide data, our legal basis for processing your personal data is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
RECIPIENTS
Personal data may be shared with our selected IT supplier who provides online survey services.
As your data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
DATA RETENTION
Your data will be kept by us in identifiable form for 12 months.
YOUR RIGHTS
Under the UK Data Protection Act (2018), incorporating UK GDPR, you have the right:
- to request information about how your personal data is processed, and to request a copy of that personal data;
- to request that any inaccuracies in your personal data are rectified without delay;
- to request that any incomplete instances of personal data are completed, including by means of a supplementary statement;
- to request that your personal data is erased if there is no longer a justification for it to be processed;
- in certain circumstances (for example, where accuracy is contested), to request that the processing of your personal data is restricted;
- to object to the processing of your personal data where it is processed for direct marketing purposes, or any other reason that we will then consider; and
- to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
DATA TRANSFERS
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside of the UK / EEA.
Where that is the case it will be subject to equivalent legal protection through the use of Standard Contract Clauses (SCCs) or International Data Transfer Agreements (IDTAs).
ACCESSING YOUR PERSONAL DATA
You can action your data rights by making a valid Subject Access Request (SAR) to us as the data controller of your personal data.
Contact us to action a Subject Access Request (SAR) via post or email.
GPA Data Protection Team
Government Property Agency
23 Stephenson Street
Birmingham
B2 4BH
Email: dataprotection@gpa.gov.uk
Please be specific in your request, clearly explaining what you are asking for and ensure that you provide means for us to positively identify you.
We are prohibited from releasing personal data to any individual, unless we are sure it is the personal data solely of the individual actioning the SAR. We may not release personal data to a third party, organisation or family member without prior written consent. We are prohibited to release personal data of multiple data subjects to one individual.
We will respond within 30 days – unless we contact you to indicate a valid reason why we need to extend this period, in line with data protection legislation parameters.
CONTACT DETAILS
Please use the contact details above for any other queries relating to data protection or how we process your personal data.
If you require further information regarding our data processing activities, the contact details for the our Data Protection Officer (DPO) are:
Data Protection Officer
Cabinet Office
70 Whitehall
London
SW1A 2AS
Email: dpo@cabinetoffice.gov.uk
The Data Protection Officer provides independent advice and is charged with monitoring our use of personal information.
COMPLAINTS
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.
The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
or 0303 1231113, or casework@ico.org.uk.
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.