Skip to main content
Search
HomePoliciesPrivacy PoliciesPrivacy Notice for Civil Service Commission Statutory and Additional Functions

Privacy Notice for Civil Service Commission Statutory and Additional Functions

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Your Data

Purpose

The purposes for which we are processing your personal data will include some or all of the following:

  • Handling and investigating complaints about recruitment into the Civil Service not being on merit after a fair and open process.
  • Handling and investigating complaints about breaches of the Civil Service Code.
  • Deciding whether to grant a request for exception from the normal requirement that recruitment into the Civil Service is on merit after a fair and open process.
  • Conducting a compliance visit or audit to review recruitment practices by public bodies.
  • Chairing senior selection competitions to ensure that the statutory requirement that selection for appointment to the Civil Service is on merit on the basis of fair and open competition is being upheld and not undermined.
  • Providing advice on applications submitted under the Government’s Business Appointment Rules for civil servants at the most senior levels and special advisers.
  • Conducting compliance audits of departments’ application of the Business Appointment Rules.
  • Corresponding with the appropriate department and the complainant directly on the complaint

In addition to the above the Civil Service Commission is required to monitor and advise on potential conflicts of interests when civil servants at SCS3 or SCS4 who are subject to Business Appointment Rules take on a new role for up to 2 years following departure from the Civil Service.

To support the senior civil servants with compliance and ensure this requirement is adhered to the Commission will also monitor for new roles being taken up. This is primarily achieved through routine, limited internet searches undertaken manually and by automated means.

The data

In relation to monitoring departmental compliance with the Recruitment Principles (audit and by chairing the most senior recruitment panels), investigating complaints that Civil Service recruitment has not been consistent with the requirements for merit, fairness and openness and complaints brought by civil servants under the Civil Service Code we will process some or all of the following personal data:

  • Advertisements and job packs,
  • CVs of candidates,
  • application forms and other documents provided at application stage by candidates,
  • telephone number (mobile and landline),
  • email address,
  • postal address,
  • date of birth,
  • information relating to the assessments,
  • information relating to the overall assessment process including sift and interview or exercises carried out,
  • emails between candidates and officials,
  • transcripts of conversations between candidates and officials,
  • panel reports,  
  • panel assessments of the individual’s suitability for the role,
  • correspondence between departmental officials and panel members,
  • contracts of employment for Exceptions and fair and open competitions,
  • HR correspondence between applicants and departmental officials and within the department.

Where a recruitment consultant/other organisation has been engaged to support the competition, we may use the consultant’s written assessment of the suitability of applicants against the criteria for the role, as well as the consultant’s report if they met the candidates to discuss the role and assess their suitability.  Also, relevant correspondence between the departmental officials and the consultant/other organisation. 

Additional information that is submitted as evidence in the case.

Reports on candidates’ suitability for the role at different stages of the selection process and the reasons why they progressed, or did not progress, to the next stage.

Written reports about the candidates relating to other assessment stages for the competition. This may include leadership assessments and the results of psychometric tests which have been commissioned as part of the selection process. There may be written assessments of other selection tests, for example staff-engagement panels and media tests.

References about the candidates, from former employers and others who have experience of them in the working environment.

Notes from the candidates’ meetings with a Minister, including the Minister’s impression of individual candidates and any areas the Minister believes the panel should probe at final interview.

A panel report, completed at the end of the selection process, which will contain some of the information listed above and also the panel’s assessment of the individual’s suitability for the role, drawing on all the evidence gathered. There may be a covering letter to the panel report which also contains some of this information.

Information relating to Civil Service Code complaints / investigations will relate to the complainant (and in the case of out of scope complaints, complainants who are not civil servants), other civil servants, representatives of the Department and HR teams, contractors, and any other person who may be a witness to the case or is in some way implied as part of the complaint / investigation.  This information could be any type of information that might be submitted as evidence to the case, including transcripts of conversations.

In relation to Exceptions, personal information may include

  • name,
  • employment history,
  • description of duties or potential duties.

In relation to the Business Appointment Rules we will process

  • names,
  • telephone numbers,
  • email,
  • postal addresses,
  • employment history (including pre official office),
  • job title or grade,
  • internet search results for publicly available information on recent employed roles,
  • description of duties in office, including who an applicant met with at meetings (third party details) and what was discussed/decisions made,
  • description of the proposed new role details which may include identifiable information,
  • third party contact details (proposed employer contact name and details).

Why we need it

We process your personal data in order to respond to requests for advice, in investigating complaints, making decisions on exception requests, conducting a compliance visit or audit, chairing senior competitions, providing advice on applications made under the Business Appointments Rules and conducting compliance audits of departments’ application of the Business Appointment Rules.

Legal basis of processing

Recruitment Principles

The legal basis for processing your personal data in relation to the publishing of the details of those appointed to the most senior roles (SCS2 and above) either through fair and open competition, or by exception to the requirement for appointments to comply with the recruitment principles, is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is our powers as described in paragraph 8(1) of Schedule 1 to the Constitutional Reform and Governance Act 2010.

Business Appointment Rules

The legal basis for processing your personal data is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. The task is to advise (Government and individuals) directly on the risks identified, and conditions that should be imposed, in relation to applications it receives under the Government’s Business Appointment Rules.

Sensitive Data

The legal basis for processing any sensitive personal data is that it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department.

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Our legal basis for processing any sensitive personal data, or data concerning criminal convictions, is that it is necessary for reasons of substantial public interest for the exercise of a function conferred on a person by an enactment. In addition any of the categories of special data may be processed if such data is volunteered by the applicant.

What we do with it

Personal information, including the names of senior appointees (at grade SCS2 and above), will be published on the CSC website and in the Annual Report & Accounts.

In respect of applications under the BARs we will publish relevant personal details (including; individuals’ name, description of duties in office, including who met with (third party details) and what was discussed and decisions made; and proposed new role details) once advice is formalised and the Commission is informed the appointment has been taken up, on the CSC website and in the Annual Report & Accounts.

Recipients

Your personal data may be shared with DF Press Ltd, who provide press officer services to us, for the purpose of media advice.

Your personal data may be shared with other government departments, public bodies or other organisations in order to carry out tasks as listed above.

We will share your data if we are required to do so by law, for example by court order, or to prevent fraud or other crime.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email and document management and storage services, and with the Cabinet Office who administer those services for us.

How long we keep your data

Personal information gathered for the purposes of responding  to requests for advice, in investigating complaints, making decisions on exception requests, conducting a compliance visit or audit, chairing senior competitions, providing advice on applications made under the Business Appointments Rules and conducting compliance audits of departments’ application of the Business Appointment Rules will usually be deleted 5 calendar years after the case, complaint or competition is closed or concluded. However, information may be

kept if it is sufficiently significant that it should be retained for the historical record, or for other legitimate business reasons. Published information will be retained on the Civil Service Commission’s website indefinitely.

Where personal data have not been obtained from you

Your personal data may have been obtained by us from a government department, and other organisations including potential employers in relation to applications under the Business Appointment Rules for the purposes of the tasks listed above.

International Transfers

As your personal data is stored on our Corporate IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where this is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.

Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.  The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or [email protected] Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for your personal data is the Civil Service Commission. The contact details for the data controller are: Civil Service Commission, G08, I Horse Guards Road, London, SW1A 2HQ or [email protected]

Because we use Cabinet Office IT systems, we consider that the Civil Service Commission and the Cabinet Office are joint data controllers. The Civil Service Commission is the lead data controller for any personal data processed in relation to the above purposes.

The contact details for the Cabinet Office data controller’s Data Protection Officer are:  [email protected].

The Data Protection Officer provides independent advice and monitoring of the Civil Service Commission’s use of personal information.