Skip to main content
Search
HomePoliciesPrivacy PoliciesPrivacy Notice for Civil Service Commission – correspondence, statutory requests and external contact details

Privacy Notice for Civil Service Commission – correspondence, statutory requests and external contact details

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Your data

Purpose

The purposes for which we are processing your personal data are:

  • to respond to letters, emails or other communications from members of the public, Parliamentarians, and representatives of organisations.
  • to record and respond to freedom of information requests and data subject requests received by the department
  • so that we can communicate with you for the following business purposes:
    • making contact with suppliers about services actually or prospectively provided by them (for example, personal information about contact persons at suppliers we use, or about suppliers we may choose to use for occasional tasks)
    • making contact with individuals to inform them, or seek their views, about policies or proposals, outside of a formal consultation process
    • making contact with customers or clients about services provided to them by us
    • making contact with officials in other departments or public bodies (including other governments) to discuss policy proposals or development, communications activity, or operational matters

The data

We will process the following personal data:

In relation to correspondence:

  • your name
  • address
  • email address
  • details of any concerns raised in your correspondence
  • any other information you volunteer about yourself

In relation to freedom of information requests and subject access requests:

  • your name
  • address
  • email address
  • your request
  • any other personal data if you volunteer it.

In responding to subject access requests we may process any data on you held by the Commission.

In relation to external contact details:

  • your name
  • address
  • email address
  • job title
  • phone number
  • signature
  • employer

Where we have consulted you for your views, the information may include your opinions.

Legal basis of processing

The legal basis for processing your personal data is:

In relation to correspondence:

The legal basis for processing the personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case, that is being accountable and transparent about the functions and policies for which the Commission is responsible.

In relation to freedom of information requests and subject access requests:

The legal basis for processing your personal data is that it is necessary to comply with a legal obligation placed on us as the data controller.

In relation to external contact details:

The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. The task is the development of policy, or the management of our public body.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. The legal basis for our processing your sensitive personal data is:

In relation to correspondence:

Where special category data or data about criminal convictions is volunteered by a correspondent, our legal basis for processing it is:

The processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. The substantial public interest is being accountable and transparent about the functions and policies for which the Commission is responsible; and:

In relation to constituency correspondence we also rely upon:

The processing consists of the disclosure of personal data to an elected representative or a person acting with the authority of such a representative; and it is in response to a communication to the controller from that representative or person which was made in response to a request from an individual; and the personal data is relevant to the subject matter of that communication; and the disclosure is necessary for the purpose of responding to that communication.

In relation to freedom of information requests and subject access requests:

The legal basis for processing your sensitive personal data, or data about criminal convictions, is that processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. The function is meeting our legal obligations to answer subject access requests.

Recipients

As personal data will be stored on our IT infrastructure it will be shared with the Cabinet Office, who provide our IT, and our data processors who provide email, and document management and storage services.

In relation to correspondence:

Your information may be shared with other public bodies, or the devolved administrations, where it is necessary in order to provide a full answer to you, or where it is necessary to transfer correspondence to a more appropriate body for answer.

In relation to external contact details:

Your personal data will be shared by us with officials in other public bodies. This would be to assist in the development of policy, or for operational reasons.

Retention

In relation to correspondence:

Personal information in correspondence will usually be deleted 3 calendar years after the correspondence or case is closed or concluded.

Public correspondence may however be kept if it is sufficiently significant that it should be retained for the historical record.

In relation to freedom of information requests and subject access requests:

Your personal data will be kept by us for up to three years since your last contact with us. Copies of identity verification documents will be destroyed after we have verified your identity.

In relation to external contact details:

Your personal data will be kept by us for the purposes of contacting individuals in particular roles, and once they leave those roles the information will be updated and or deleted. This should take place at least once a year.

Where personal data have not been obtained from you

In relation to correspondence, where we did not receive your personal data from you, it was received from your MP, or by another person writing in on your behalf, or by another correspondent.

Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

In relation to correspondence and external contact details:

You have the right to object to the processing of your personal data.

International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

Contact details

The data controller for your personal data is the Civil Service Commission. The contact details for the data controller are: Civil Service Commission, G08, I Horse Guards Road, London, SW1A 2HQ, or [email protected].

The contact details for the data controller’s Data Protection Officer are: Stephen Jones, Data Protection Officer, 70 Whitehall, London, SW1A 2AS, or [email protected].

The Data Protection Officer provides independent advice and monitoring of our use of personal information.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.  The Information Commissioner can be contacted at:  Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or [email protected].  Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.