The Participation team is a bicameral department situated within UK Parliament. We respect your rights to privacy. In line with our responsibilities under the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018), this Privacy Notice explains the personal data that we collect from you and how we use the information. In this Privacy Notice, references to ‘us’, ‘our’ or ‘we’ are to the House of Commons and/or House of Lords Administration. Everything that we do with your data – for example storing it, working with it or deleting it – is referred to as “processing”.
1. About Us
The House of Commons and House of Lords are separate organisations. The controllers are the Corporate Officer of the House of Commons (Clerk of the House) and the Corporate Officer of the House of Lords (Clerk of the Parliaments). In some cases, where personal data are being processed on behalf of both Houses, the controllers will act as joint controllers.
The Data Protection Officer for the House of Commons is the Head of Information Compliance:
- Email – IRIS@parliament.uk
- Telephone – 020 7219 4296
- Post – Information Compliance Team, House of Commons, London SW1A 0AA
The Data Protection Officer for the House of Lords is the Head of Information Compliance:
- Email – firstname.lastname@example.org
- Telephone – 020 7219 0100
- Post – Information Compliance Team, House of Lords, London SW1A OPW
2. The personal data we collect
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an enquiry to us.
- You have made a complaint to us, or would like to provide a comment or feedback.
- You wish to attend, or have attended, an event.
- You subscribe to a newsletter.
- You are representing your organisation.
- You have nominated someone for an award
We will process your personal information in order to:
- Provide education and support services to the public
- Support democratic engagement
- Advertise and promote UK Parliament’s services
- Conduct surveys
- Undertake research
- Manage our accounts
- Provide commercial activities and services
- Recognise contributions of individuals and/or organisations through award schemes.
The personal data we process may include:
- Name, age and contact details, including email address, telephone number and geographical location
- Proof of identity and/or personal data required for security purposes, including photograph and film images, CCTV footage
- Bank account/credit card details
- Record of goods or services provided to you, including preferences (dietary, access requirements)
Personal data that you share in content (e.g. on social media), when you contact us by letter, email, phone or other means when making an enquiry, providing survey feedback, making a comment or raising a complaint. In limited circumstances, to support personal preferences, accessibility and the services we offer you, we may also process special categories of data, for example if you are attending an event and have special dietary requirements for religious or health reasons. Special categories include:
- Racial or ethnic origin
- Sex life or sexual orientation
- Religious or philosophical beliefs
- Political opinion
- Health data
3. Lawful bases for processing
The reason we collect your personal data, also known as the lawful basis, defines the purpose for processing the personal information. These bases include:
- UK GDPR Article 6 (1)(a) – we have your consent;
- UK GDPR Article 6 (1)(b) – for the performance of a contract we have with you or have an intention of entering in to;
- UK GDPR Article 6 (1)(c) – in order to comply with or to fulfil a legal obligation to collect the personal data from you;
- UK GDPR Article 6 (1)(d) in order to protect your vital interests or those of another person;
- UK GDPR Article 6 (1)(e) for the performance of our public task as the House of Commons or where the processing is in the public interest;
- UK GDPR Article 6(1)(f) for our legitimate interests (or the legitimate interests of a third party) when fairly balanced against your interests and rights
A further condition for processing is required when processing special categories of data as these require additional control. The condition will differ dependent on the circumstances but might include processing where we have your explicit consent to use the personal data or where it is necessary for substantial public interest.
In compliance with DPA 2018, our Appropriate Policy Document provides further information about the processing of special category and criminal conviction data.
4. Storage and Security
We take the security of your personal data seriously. All personal data you provide to us will be stored securely, both physically and electronically, in accordance with our policies. We have an information security process in place to oversee the effective and secure processing of your personal data. Some personal data controlled by us are held outside the UK. These data are predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance. Regulations under section 17A of the DPA 2018 specify that all countries within the EEA are regarded as providing an adequate level of data protection. If personal data are transferred to a country outside the UK or EEA, the adequacy of that country and the organisations and systems processing the data is assessed to ensure that appropriate safeguards are in place.
We will retain your personal data for as long as is necessary for the purpose it was collected. Retention periods can be found in the Houses of Parliament Authorised Retention and Disposal Policy (ARDP).
5. Your rights
You have certain rights over the personal data you provide to us and we will ensure you can exercise these. You have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected
- in certain circumstances, you can request we erase the personal data we hold, or ask us to stop or restrict processing if you have an objection
If you would like to exercise any of these rights, please contact the relevant Data Protection Officer using the contact details at the top of this notice.
6. Your right to complain
If you are unhappy with the processing of your personal data by Participation, you should contact email@example.com in the first instance. If you remain dissatisfied, you can contact the relevant Data Protection Officer using the details at the top of this notice.
If you remain dissatisfied, you also have the right to complain to the Information Commissioner’s Office. Further details about your rights can be found on the Information Commissioner’s website Your data matters | ICO.
7. How we use your information
When you make an expression of interest in one of UK Parliament’s Participation Team services and activities, or you book a service or activity for yourself or on behalf of your organisation, we will store your details in our Customer Relationship Management (CRM) system. This is to support our activities, help inform us of areas for improvement and provide you with the best service possible.
We will use the CRM to store personal data when you:
- Sign up for a visit or tour
- Request a communities outreach visit
- Request to be included in the Participation Partnership Network
- Order physical resources, such as a loan box
- Sign up for a specific campaign, such as:
- UK Parliament Week
- Your UK Parliament Awards
- Sign up for a House of Commons or House of Lords educational service, which may include:
- An event or workshop – either in person or online
- a special educational needs and disabilities visit
- a schools outreach visit
- The Teacher Network and/or joining the Teachers Ambassadors Programme
- E-learning and online seminars for teachers
8. Who we share your data with
We may disclose your personal data to other organisations where we have a lawful basis or you have given your consent to do so, such as sharing information with organisations holding events at the Houses of Parliament that you are attending. We may also share your data with providers of goods and services who have contracts with us.
Examples may include:
- companies that supply technical solutions and business support
- email and subscription services on (e.g. Mailchimp)
- ticketing providers and booking solutions (e.g. See Tickets, Eventbrite)
- distribution services
- survey solutions
If you choose to subscribe to our services we will use your information to send you updates about services you may be interested in. You can unsubscribe at any time.
For more information about who your data is shared with please contact firstname.lastname@example.org.