Privacy notice for Civil Service Learning
This notice sets out how we use your personal data, and your rights. It is made under Article 13 of the General Data Protection Regulation (GDPR).
We process the following personal data:
- your personal contact details, for example, name, telephone number and email address
- your manager’s personal contact details, for example, name and email address
- your role assignment details, for example, grade, organisation, job role, location, qualifications, employment type, working pattern, profession and staff number
- details relating to your use of the service, for example, the learning you've taken
- your user feedback, for example, evaluation feedback that you’ve provided and survey responses
- your personal information, for example, age range, ethnic origin, gender, disability and health (such as dietary requirements)
We process your personal data to provide a platform for mandatory and optional learning services, and to tailor our learning products to you. This includes communicating with you about learning opportunities, tracking and responding to bookings, monitoring participation rates, providing management information to employer departments and profession teams.
We also process your data to develop and improve our service, for example, through your feedback.
We also process your diversity data for the purpose of equality monitoring.
Legal basis of processing
The legal basis for processing your data is that it is necessary for the performance of a task, which is carried out in the public interest or in the exercise of official authority vested in the controller. In this case that is our function to provide the Civil Service with access to learning and development opportunities.
We also process your data on the legal basis that it is necessary, as part of your contract of employment, for us to provide you with access to learning and development opportunities,
We also process your data so that we can monitor your personal development and manage your performance as part of your employment contract.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. The legal basis for processing your sensitive personal data relating to disability and dietary requirements is:
- it is necessary for the purposes of performing or exercising our obligations or rights as the controller, or the data subject’s obligations or rights, under employment law, social security law or the law relating to social protection, that is, public sector equality duty
The legal basis for processing your sensitive personal data relating to diversity characteristics is:
- processing is of a specific category of personal data and it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people
Personal data may be shared by the Cabinet Office with your department and with Civil Service profession teams.
Your personal data will be stored on our IT infrastructure and will be shared with our data processors, these are:
- Our IT provider/s who provide:
- email, document management and storage services
- survey services
- booking services
- mailing list management services
- Our learning suppliers KPMG, Korn Ferry Hay Group and Knowledgepool, who provide us with learning products and services
- Our Apprenticeship Programme suppliers KPMG, Knowledgepool, Premier Partners, QA, BC Arch and CIPFA
- Our IT provider/s and KPMG, who provide support services
- Korn Ferry Hay Group, who provide coaching and mentoring services
- Our IT provider/s, KPMG, Korn Ferry Hay Group, Knowledgepool and client departments, who provide booking services
- Our IT provider/s, KPMG, Korn Ferry Hay Group, Knowledgepool, Premier Partners,QA, BC Arch and CIPFA, who provide evaluation services
- Our IT provider/s and our learning providers, KPMG, Korn Ferry Hay Group, Knowledgepool, Premier Partners, QA, BC Arch and CIPFA, who provide management information reporting services
Management information (including learning activities, bookings, etc ) will be retained by the Cabinet Office for no more than 3 financial years. Data may be retained by your department for the purposes of reporting beyond this period.
If you have not accessed the CSL website for a minimum period of 2 years and 60 days, your personal data and learning record will be deleted.
Your personal data will be shared by us with our 3rd-party suppliers, who will retain your data for the duration of our contract with them or according to the timescales provided above, whichever is sooner.
You have the right to request information about how your personal data is processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data is completed, including by means of a supplementary statement.
You have the right to request that your personal data is erased if there is no longer a justification for it to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
You have the right to object to the processing of your personal data.
As your personal data is stored on our IT infrastructure, and shared with our data processors who provide email, document management and storage services to us it will be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of model contract clauses.
As your data will be shared with our IT suppliers who provide mailing list management and event booking services, it will be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Privacy Shield.
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
The data controller for your data will vary depending on the data being collected:
- the data controller for your profile, email services, evaluations, feedback, coaching and mentoring is the Cabinet Office
- the Cabinet Office and the department that employs you are joint data controllers for your learning record, learning and development plans, bookings and management information
The contact details for the lead data controller are:
Civil Service Organisation Development, Design and Learning
50 Victoria Street
Please contact us if you have any queries relating to your rights and how we use your personal data.
The contact details for the lead data controller's data protection officer are: Stephen Jones, Data protection officer, Cabinet Office, 70 Whitehall, London, SW1A 2AS, or email@example.com
The data protection officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, we share it with other parties.