Skip to main content
Search
HomePoliciesPrivacy PoliciesPrivacy Notice for Civil Service Commission and the Office of the Commissioner for Public Appointments – HR and Finance Information

Privacy Notice for Civil Service Commission and the Office of the Commissioner for Public Appointments – HR and Finance Information

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Your data

Purpose

The purposes for which we are processing your personal data are:

  • Managing your employment/appointment including:
    • Liaising with your pension provider and providing information about changes to employment (promotions, hours).
    • General administration of contracts/terms, including paying salaries, bonuses, or expenses.
    • Conducting performance/talent reviews and managing performance.
    • Managing sickness absence.
    • Making decisions about salary reviews and compensation.
    • Assessing qualifications for jobs, tasks, or promotions.
    • Gathering evidence for grievances, investigations, whistleblowing, or disciplinary matters.
    • Making decisions about continued employment and termination arrangements.
    • Providing education, training, and development.Management planning and reporting.
    • Processing bank cards and ePurchasing Card Solution (ePCS) corporate credit cards.
    • Stationery order processing.Processing taxi bookings, business travel, and hotel accommodation.
    • Using contact details for internal and external business purposes.
    • Providing access to business IT systems (email, telephony).
    • To compile statistics, and contribute to Civil Service statistics.
  • Providing employment-related or appointment-related benefits including:
    • Occupational sick, adoption, maternity, paternity, shared parental, and annual leave and pay (including payslips).
    • Pensions.
    • Advances of salary.
    • Season ticket loans.
    • Childcare vouchers.
    • Reward vouchers and bonuses.

The Data

We will process the following personal data:

  • When you apply for a job/appointment with us:
    • Personal contact details (name, title, addresses, telephone, email).
    • Copies of driving licence, passport, birth/marriage certificates, and decree absolute.
    • Evidence of nationality rules and security clearance.
    • Passport and nationality details, and information about convictions/allegations.
    • Evidence of right to work in the UK/immigration status.
    • Diversity monitoring: race, ethnicity, religion, sexual orientation, and political opinions.
    • Information about criminal convictions/allegations for Baseline Personnel Security Standard checks.
    • CV, personal statement, and suitability information.
  • When you are employed/appointed by us:
    • Dates of birth, marriage, and divorce.
    • Gender.
    • Marital status and dependents.
    • Next of kin, emergency contact, and death benefit nominee(s).
    • National Insurance Number.
    • Bank account details, payroll records, and tax status.
    • Salary, leave, pension, and benefit information (including retirement age and scheme details).
    • Wage-related info: allowances, overtime, bonuses, and miscellaneous payments.
    • Joining and leaving dates.
    • Location of employment/workplace.
    • Recruitment information (right to work docs, references, application materials).
    • Full employment records (contracts, grade, work history, training, professional memberships).
    • Records of appointments.
    • Compensation, performance, and appraisal history.
    • Talent scheme membership.
    • Disciplinary, investigation, whistleblowing, and grievance information.
    • Secondary employment and volunteering information.
    • Information on corporate roles held.
    • Learning, development, and professional training undertaken.
    • Trade union membership.
    • Health information (medical conditions, sickness records).
    • Employee contact details.

Legal Basis of Processing

The legal basis for processing your personal data is:

  • When you apply for a job/vacancy/appointment with us the legal basis for processing your data is necessary in order to take steps at your request prior to entering into a contract. This concerns receiving your application for employment or pre-employment checks.
  • When you are employed, the legal basis for processing your personal data are:
    • Where it is necessary for the performance of a contract to which you are a party. This includes paying you and if you are an employee, deducting tax and National Insurance contributions (or instructing PayCheck as data processor to deduct tax and National Insurance for office holders).
    • Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. This concerns providing information to enable overall management of the Civil Service, monitoring equality of opportunity in line with our public Sector Equality Duty, transparency duties, and to prevent fraud. It also covers the relationship with appointees.
    • Where processing is necessary to comply with a legal obligation placed on us as the data controller. This concerns providing tax and salary information to HMRC, and dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

When you apply for a job/appointment

The legal basis for processing your sensitive personal data and criminal convictions data where it is necessary for reasons of substantial public interest for the exercise of our functions. This concerns information about criminal convictions/allegations and offences to conduct baseline security clearance checks.

When you are employed/appointed by us

The legal basis for processing your sensitive personal data is where it relates to our, or your, employment-related legal rights, including processing health data to make reasonable adjustments. This also concerns:

  • information relating to leaves of absence; this can include sickness absence or family related leave, to comply with employment and other laws
  • trade union membership information to pay trade unions premiums, register the status of a protected employee and to comply with employment law obligations
  • where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

We also process sensitive personal data where it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people. This is why we collect information about your race or ethnic origin, religious beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Recipients

We will publish your employee/appointee contact details, or share them with third parties, for the purposes of facilitating you carrying out your employment/appointment duties.

We will in some circumstances have to share your data with third parties, including third-party service providers, external auditors, internal auditors and other civil service bodies. We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you; where it is in the public interest to do so or where it is necessary for the performance of our functions as Government Department or a function of the Crown. This will, in some circumstances, involve sharing sensitive personal data and, where relevant, data about criminal convictions or allegations.

‘Third parties’ includes third-party service providers (including contractors and designated agents) and other entities within the Civil Service. The following activities are carried out by our third-party service providers:

  • Payroll (Shared Services and PayCheck)
  • Recruitment Administration (Oleeo)
  • Occupational Health provisions (OH Assist)
  • Workplace Adjustment provisions (Civil Service Workplace Adjustments Team)
  • Travel and accommodation bookings (CTM)

As personal data will be stored on our IT infrastructure it will be shared with the Cabinet Office who provide our IT, and our data processors who provide email, and document management and storage services.

Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Personal information relating to contracts of employment/appointment or performance management will usually be deleted 2 years after the person in question has left employment/appointment with the Civil Service Commission or OCPA.

Details of retention periods for different aspects of your personal information such as financial information relating to payments, pension payments, national insurance, tax or expenses are available in our retention policy.

Where personal data has not been obtained from you

We typically collect personal information about prospective employees, appointees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from a third party such as an employment agency or background check provider. These third parties include:

  • former employers
  • credit reference agencies
  • Disclosure and Barring Service (DBS)
  • other background check agencies
  • other Government Departments
  • pensions administrators
  • medical and occupational health professionals
  • professionals who advise the Commission generally and/or in relation to any grievance, conduct appraisal or performance review procedure.

International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where this is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.

Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data.

Contact details

The data controller for your personal data is the Civil Service Commission. The contact details for the data controller are: Civil Service Commission, G08, 1 Horse Guards Road, London, SW1A 2HQ or [email protected]

Because we use Cabinet Office IT systems, we consider that the Civil Service Commission and the Cabinet Office are joint data controllers. The Civil Service Commission is the lead data controller for any personal data processed in relation to the above purposes.

The contact details for the Cabinet Office data controller’s Data Protection Officer are: [email protected]

The Data Protection Officer provides independent advice and monitoring of the Civil Service Commission’s use of personal information.