Privacy Notice for Business Continuity Communications with Cabinet Office staff (HTML)
Published 9 August 2024
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Your data
Purpose
The purpose(s) for which we are processing your personal data is(are):
- To enable Cabinet Office Security & Resilience to quickly and reliably disseminate information and instructions to staff during a critical incident or when crisis management is triggered.
- To ensure staff are provided with the instructions they need in a crisis, improving recovery times in restoring business functions, reducing confusion and possible risks to staff wellbeing
To achieve the above your personal data will be used to send voice messages, texts and emails (or a combination of these) with information or instructions during a critical event (or test).
This is a key part of business continuity, allowing the department to continue to function in the event of a crisis. It provides resilience, mitigating the impact a critical incident may have on overall business operations, and possibly on normal Cabinet Office OFFICIAL communication channels.
We use your Employee Number as a unique reference point for employees in order to correctly tag staff in the Business Continuity Platform groups (e.g. BC Managers, ExCo).
The data
We will process the following personal data:
- Full name
- Employee number
- Desk phone number
- Work mobile number
- Personal mobile number
- Work email address
- Personal email address
Legal basis of processing
The legal basis for processing your personal data is:
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case, processing is necessary to ensure that the department continues to function during a crisis or incident. It is in the public interest to facilitate the restoration of Cabinet Office’s functions as quickly as possible, and reduce its impact.
This legal basis is relied upon for general communications to support operational continuity.
Comply with a legal obligation on the controller. The Health and Safety At Work etc. Act 1974 places an obligation on employers “to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all his employees”. A core element of this is a capability to quickly communicate with all staff about security and safety incidents.
This legal basis is relied upon for communications that could affect the safety and/or security of staff
Recipients
Your personal data will be shared by us with Everbridge (a third party company that provides an emergency notification capability) as our contracted data processor. .
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
Retention
Your personal data will be kept by us for whilst you are employed by the Cabinet Office and will be deleted 4 months after you leave the Cabinet Office.
Where personal data have not been obtained from you
Your personal data were obtained by us from the contents of the SOP system.
Your rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to object to the processing of your personal data.
International transfers
As your personal data is stored on our Corporate IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall
London
SW1A 2AS
or 0207 276 1234, or you can use this webform.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.