Functions, Profession and Standards Team: privacy notice
Updated 10 September 2018
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
Purpose
The purposes for which we are processing your personal data are to:
- conduct recruitment campaigns and fill project delivery vacancies across government
- assist in proactively identifying suitable talent for a range of project delivery roles across government
- grow and manage talent within the government project delivery function (including resource management, succession planning, mentoring schemes, and identification of talent and development opportunities)
- manage the Civil Service Project Delivery Early Talent programmes (including matching to roles and monitoring performance and marketing)
- understand and build project delivery capability across government, including determining appropriate development interventions
- to provide the Government Online Skills Tool (GOST) for individuals within the government project delivery profession to assess their own capability against a set of competencies, record their qualifications, and build their own development plan in both their current and future job roles
- manage participation in the Infrastructure and Projects Authority (IPA) or project delivery profession sponsored leadership programmes and learning offers, and to evaluate those programmes
- for audit and statistical purposes
- send you communications that may be of interest to you, including opportunities to provide feedback on our services
- to keep in touch with our alumni with newsletters and events
- to carry out peer review of the performance of IPA assurance reviewers
Your data
We will process the following personal data in relation to recruitment and identification and management of talent:
- name
- contact details (including email address, telephone numbers and address)
- current employer, role, grade and office location
- employment history and future aspirations / suitability
- qualifications, accreditations, licenses or professional memberships
- skills levels
- profession/function
- salary range
- educational and training history
- line manager details
- strengths, development areas and development plans
- security clearance
- photographs and video
- working pattern
- employment type
- hobbies and interests
- previous and current talent ratings
- aspiration and career goals
- previous and current performance markings
- LinkedIn URL
- CV and personal statement
- application forms for government project delivery profession jobs
- interview outcomes, including scores and feedback
- photocopies of personal identification documents collected at interview
- professional and personal referee details
- network relationships (on LinkedIn)
- health or disability information relating to reasonable adjustment requirements
For leadership development programmes, we may process the following personal data:
- name
- contact details
- position
- grade
- department
- role
- date of birth
- gender
- work experience and qualifications
- government profession
- feedback and comments on your performance
- photos and video
- assessment scores
- talent comments
- academic assignments completed
- 360 degree feedback (on you or by you)
- personal development plans
- CVs
- dietary requirements
- health or disability reasonable adjustments
We will process the following personal data in relation to capability assessment and development of members of the project delivery profession:
- name
- contact details (including email address, telephone numbers and address)
- current employer, role, grade and office location
- qualifications, accreditations, licenses or professional memberships
- profession/function
- grade
- line manager
- working pattern
- employment type
- name(s) of projects
- project types
We will process the following personal data in relation to use of GOST:
- name
- email address
- location
- grade
- job role
- skills and qualifications
- photographs
We will process the following personal data in relation to communications and engagement activities:
- contact details
- events you have signed up for and attended
- newsletters you have opened
We will process the following personal data in relation to peer review of assurance reviewers:
- name
- reviewer role
- ID number and date of review
- feedback on your performance
- feedback on the performance of others you have submitted
Legal basis of processing
The legal basis for processing your personal data is:
In relation to photographs and video:
- because you consent
In relation to all other data:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is that in collecting and using your data will mean we are able to perform our function in building the capability needed to deliver government projects. This includes setting the standards for how government delivers projects, developing career pathways, recruiting, growing and managing talent, accrediting people to assure projects and delivering world-class leadership programmes such as the Major Project Leadership Academy (MPLA).
Sensitive personal data
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We may collect health data (which may include dietary preference and disability data) where this is required for us to make reasonable adjustments for candidates or events attendees. Our legal basis for processing this data is that it is necessary for the purposes of performing or exercising our obligations as the controller, or the data subject’s rights, under employment law.
To the extent that any other sensitive personal data is accessed, e.g. in carrying out candidate searches, it is processed on the basis that it is manifestly made public or has been voluntarily provided by the data subject.
Recipients
When you apply for a vacancy, or you are identified as potential talent, your personal data may be shared by us with:
- external and internal recruitment search providers, where we have used them to identify you or contact you
- our application tracking system provider, where you have applied for a vacancy
- vacancy holders in recruiting departments and government organisations, where you have applied for a vacancy
When you are a member of the project delivery profession your personal data may be shared by us with:
- Civil Service, departmental and functional leadership groups
- relevant departmental, functional and Civil Service HR colleagues
- other relevant teams within government departments and government organisations
- project delivery profession teams within the relevant department
- talent governance boards
- our IT providers, who provide email, document management and storage services to us
When you use GOST, your data will be shared with our service provider for storage and processing, and to enable technical support and administration of the site. When you participate in project learning, capability, or leadership programmes, your data is shared with the official deliverer of the programme you are participating in.
If you are an assurance reviewer or peer reviewer, your personal data will also be be shared by us with our IT supplier that provides survey management services. It will also be stored on the Gateway Electronic Management System (GEMS), and thus shared with IT suppliers that provide and host that platform.
If you are speaking at or attending events, your data is shared with the official deliverer of the programme.
Data is shared with relevant government teams or professional bodies hosting events or activities to which project delivery learning and capability / leadership programme alumni are invited.
If you have been identified as a possible candidate through a recruitment search provider, any communications through that recruitment search provider will also be shared with them.
When you are a recipient of:
- an IPA newsletter, your email address is shared with our mailing list management provider
- an event invitation, your email address is shared with our events management service provider
- a survey invitation, you email address and survey responses are shared with our survey service provider
When you join our Knowledge Hub group, your data will be shared with Knowledge Hub.
Retention
Your personal data will be kept by us for:
- for talent identification and management and capability assessment information, we will keep your data for a maximum of 5 years, refreshed annually
- recruitment: we will keep your data for a maximum of 2 years. Where a recruitment campaign has taken place, this will be 2 years following the conclusion of the recruitment campaign
- Early Talent Programme participants: we will hold your data for a maximum of 7 years
- project learning and capability / leadership programmes: we will hold your full data for 7 years. We will retain records of your participation and contact details for the duration of your Civil Service career
- GOST: we will keep your personal data for the duration that you are working on government projects and programmes. Data will be erased after 6 months of deactivation
- assurance reviewer peer review: for the duration of your accreditation as an assurance reviewer. We will ask you to refresh information on a 3 year cycle
Where personal data have not been obtained from the data subject
Where you have not provided your personal data, this may have been obtained by us from:
- publicly available information
- Civil Service HR
- another government department
- Civil Service jobs
- recruitment services suppliers
- (for assurance reviewers) from someone giving feedback on your performance
Your rights
You have the right to:
- object to the processing of your personal data
- request information about how your personal data are processed, and to request a copy of that personal data
- request that any inaccuracies in your personal data are rectified without delay
- request that any incomplete personal data are completed, including by means of a supplementary statement
- request that your personal data are erased if there is no longer a justification for them to be processed
- request in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- object to the processing of your personal data where it is processed for direct marketing purposes
In relation to photographs and video:
- you have the right to withdraw consent to the processing of your personal data at any time
- you have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format
International transfers
As your personal data is stored on our IT infrastructure and shared with our data processors, who provide email, document management and storage services, it may be transferred and stored securely outside the European Economic Area. Where that is the case, it will be subject to equivalent legal protection through the use of Model Contract Clauses.
GOST data is stored and processed by our service provider at its data centre within the European economic area.
Assurance review data is stored on the GEMS and shared with our data processors, so it may be transferred and stored securely outside the European Union. Where that is the case, it will be subject to equivalent legal protection through the use of Model Contract Clauses.
As your email address and survey responses are shared with our data processors for email distribution, events management, and survey management, it may be transferred and stored securely outside of the European economic area. Where that is the case, it will be subject to equivalent legal protection through the supplier’s membership of the Privacy Shield scheme.
Contact details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall
London
SW1A 2AS
Public Enquiries: Online Contact Form
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
casework@ico.org.uk
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.