Personal information charter
The Commission for Countering Extremism's personal information charter tells you about how and why we use your personal information and your rights.
The Commission for Countering Extremism (CCE) is an arm’s length entity which aims to bolster public awareness and understanding of extremism, including radicalisation into terrorism, and scrutinise the approaches needed to counter extremism.
The Commissioner as a public appointee provides independent advice, critique, and review of government work on countering extremism. The Commissioner is the designated ‘Data Controller’.
Our contact details
Commission for Countering Extremism
28 Kirby Street
Farringdon
London
EC1N 8TE
The type of personal information we collect
We currently collect and process the following information:
- personal identifiers, including name, date of birth, passport, national insurance number and employee data
- contact details, including address, telephone numbers and email address
- special categories of data, such as race, religious or philosophical beliefs, and political opinions
- feedback and opinions
- incident, civil litigation, and accident details
- complaint data, including complaints to the Prevent Standards and Compliance Unit
How we get the personal information and why we have it
Most of the personal data we process is provided to us directly by you for one of the following reasons, but not limited to:
- you are a CCE Secretariat staff member (including prospective members of staff)
- you have explicitly subscribed to communications or given permission to be contacted for survey/consultation purposes
- you have submitted a complaint to the Prevent Standards and Compliance Unit
- you have contacted us directly and submitted a request for information
- to fulfil any contractual obligations
- you have made manifestly public
- business monitoring and planning purposes
- research
The CCE does not conduct any automated processing of personal data.
We may also receive personal information indirectly, from the following sources in the following scenarios:
- other government departments and agencies
- research institutions and Think Tanks
- civil society organisations
- academic institutions
- persons making an enquiry or complaint
We may use the information that you have given us in order to:
- support the Commissioner in their role and the delivery of day-to-day business of the secretariat - this includes collating publicly available information on individuals or organisations to brief the Commissioner prior to meetings/engagement, maintaining and building relationships with key stakeholders
- undertake research as part of the core business of the Secretariat and the role for which the Commissioner has been tasked with
- pass Prevent complaints to the relevant statutory organisation for actioning
- analyse and report on trends in the Prevent programme based on complaints data
The CCE’s default position will be to only share personal data with permission from the data subjects (e.g., stakeholder contact details); except for the data used to draft the engagement summary within our annual End of Year Report, which outlines all engagements the Commissioner has conducted, and data required for reporting trends in the Prevent programme to the Prevent Ministerial Oversight Board.
All personal data in the engagement summary is anonymised, except for engagements with public officials. All personal data used for reporting to the Prevent Ministerial Oversight Board is anonymised, except for where this data is essential to an investigation tasked by Ministers.
Any other processing of personal data will be decided upon with advice from Home Office Legal Advisors. However, where necessary the CCE may share this information with other public sector organisations so that the Commissioner can carry out their functions, or to enable others to perform theirs.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing of personal data (including special category data) are one or more of the following:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6(1) (a) UK GDPR) - you are able to remove your consent at any time by contacting [email protected]
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1) (e) UK GDPR)
Under Article 9 (2) of the UK GDPR the conditions we apply for processing special category data are:
- processing relates to personal data which are manifestly made public by the data subject (Article 9(2) (e) UK GDPR)
- processing is necessary for reasons of substantial public interest, (with a basis in law) which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject (Article 9(2) (g) UK GDPR)
How we store your personal information
Your information is stored on secure IT systems that are provided by the Home Office, who acts as a ‘processor,’ working to the instructions of the ‘controller’. General data will be kept for 12 months for the purpose for which it is being processed and in line with the Home Office retention policies. Data related to the Prevent Standards and Compliance Unit will be held for 6 years, for the purpose of casework and reporting past trends. This is in line with Prevent data handling policy.
CCE Stakeholder lists and contact names, details will be reviewed annually (every 12 months); this will be owned by the Business Manager, and the EO Policy Officer. All out of date contacts (moved from post, no longer relevant) will be deleted at annual intervals.
Responses to routine subject access requests, erasure requests, some admin records will be reviewed every 6 months and disposed of after one year; this will be owned by the Business Manager and the EO Policy Officer.
Your stored personal information will not be transferred outside of the UK nor will access be provided to any individuals outside of the CCE. CCE staff who access personal information must have the appropriate security clearance and a business need for accessing the information.
Your data protection rights
Under data protection law, you have rights including:
- your right of access - you have the right to ask us for copies of your personal information
- your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate - you also have the right to ask us to complete information you think is incomplete
- your right to erasure - you have the right to ask us to erase your personal information in certain circumstances
- your right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances
- your right to object to processing - you have the right to object to the processing of your personal information in certain circumstances
- your right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, it will be actioned within the statutory deadline of one calendar month (or 20 working business days). A pseudonymised record of information requests is maintained.
Please contact us at [email protected] if you wish to make a request.
The Data Protection Officer for CCE can be contacted at:
Email: [email protected]
Or write to:
Office of the DPO
Home Office
Peel Building
2 Marsham Street
London
SW1P 4DF
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].
You also have the right to complain to the supervisory authority ICO, if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113