TAC appointment: privacy notice
Updated 23 June 2021
Current or former employees, contractors, consultants, temporary workers of the Department for International Trade (DIT)
1. The purpose of this document
The Department for International Trade (DIT) is committed to protecting the privacy and security of your information. This privacy notice described how we collect and use personal information about you in accordance with UK Data Protection legislation, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
DIT is a ‘controller’. This means that we are responsible for deciding how we hold and use personal information about you.
This notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share information about you during the application process. We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
2. What data we collect about you
If you are an employee of DIT, we process (collect, store, and use) the following personal information about you:
- your name (including any previous names and the dates when you were known by these names)
- your contact details (including your current and previous addresses, telephone numbers and e-mail addresses)
- your gender
- your date of birth
- your National Insurance Number (NIN)
- evidence of your right to work both in the UK and overseas (if applicable) including information about your immigration status (where relevant), such as copy of your passport, full birth certificate, visa, National Identity cards or biometric residence permit
- evidence of your security clearances
- proof of your current address, such as a bank or credit card statement, or council tax statement, or utility bill
- information collected as part of the talent acquisition process, for example interviews, tests and assessments, details of the pre-employment checks we carry out and outcomes
- bank account details and payroll information, including salary and benefits package and pension and tax information
- performance reviews, appraisals and learning and development records
- employment history with DIT including absence information, any disciplinary proceedings and outcomes, and any grievances
- details of your emergency contact, including their name, their relationship to you and their contact details
- information about your current financial status, including details of any financial defaults, unsatisfied county court judgments (CCJs), individual voluntary arrangements (IVAs), or any other undischarged bankruptcy proceedings
- details relating to your driving licence and car insurance if you drive as part of your role
- details of your travel for work including your passport details and appropriate visas if you travel abroad
- correspondence which you send using our systems including emails you send (whether these are business or personal)
- information gathered through DIT’s monitoring of its IT systems, building access records and CCTV recordings
- details about internal investigations performed in exceptional circumstances when there is suspect of criminal activity or other serious misconduct
- recording of our calls with you and calls which you make or receive using DIT’s telephone systems, and smartphones
- information relating to health and safety at work and accidents at work
We may also collect information about your mental and physical health where we need to do so in order to:
- make reasonable adjustments to your working environment
- manage your absence including paying you sick pay or maternity/paternity pay
- dealing with any accidents at work
- help you to return to work and assess whether you are still able to perform your role
We will also ask you to inform us about any criminal convictions you may have, and we carry out a criminal record check as part of our pre-employment checks. For more information, please refer to the section on ‘Criminal record check’ below.
We may also collect details about your trade union memberships for the purpose of managing our relations with you as an employee.
For independent contractors and consultants, we may process fewer personal data than those listed per bullet points above. However, the same data protection regime as employees will apply. We may however quite often rely on third parties – such as recruitment agencies – to process your information on our behalf. Where this is the case, we will explain what happens in detail in the section ‘Who do we share your information with?’ below.
You must make sure that the information we hold about you is up to date and you must notify us of any changes so that we can make sure that we keep your records accurate, complete and up to date.
If you don’t provide us with relevant and accurate information, we will not be able to manage your relationship with us as a colleague and meet our obligations to you. Further, due to security vetting, you are required to keep us updated on changes to your circumstances (that is criminal). For more details, please refer to “Criminal record check” paragraph below.
2.1 Pre-employment checks
As part of our talent acquisition process, we will verify your identity and your legal right to work in the UK or in the overseas country you are applying for.
We will confirm the information you provide to us by contacting your former employers, and your university or further education establishments, for several years, period which may vary depending on the role.
Professional and character references may also be collected.
We may collect publicly accessible information about you, for example through a Google search, to make sure that you are suitable for the role you are applying for.
If you are due to work overseas on behalf of DIT, we may undertake any further checks which are required to comply with the local laws of the country where you will be travelling to. We do this in order to comply with local laws and regulations.
2.2 Criminal record check
We will ask you to tell us about any criminal convictions you may have and we carry out a criminal records check as part of our pre-employment checks. If you apply for an internal vacancy, we may carry out further checks depending on the nature of the role you apply for. Before we carry out any checks, you will be asked to complete a background check form or similar which will explain which checks we intend to carry out.
We will use the services of the Disclosure and Barring Service to undertake on your behalf, a criminal record check which details unspent convictions under the Rehabilitation of Offenders Act 1974 to verify the information you provide us in your application form. If you have worked overseas, we will also do an overseas criminal check on you.
More information about the Disclosure and Barring Service is available at www.gov.uk/government/organisations/disclosure-and-barring-service.
We may also use the information we collect about your criminal convictions for the purposes of crime and fraud prevention and for complying with our obligations under the anti-money laundering and counter-terrorist financing legislation. For these purposes, we may also share with third parties where the law allows us to do so.
We only collect the minimum amount of information about your criminal convictions that we need for the purposes of determining whether you are suitable for the role with DIT.
We collect information about your criminal convictions on the basis that we are required to do so to comply with our legal, professional, regulatory and other corporate governance obligations and – since we are a public authority – for reasons in the public interest and/or for our legitimate interests or those of a third party.
2.3 Check with other government’s departments
If you have worked for the government before, we may also cross-check your records with other government’s departments’ in order to prevent fraud, or unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused employment.
2.4 Other checks from publicly available sources
Depending on the type of role you accept with DIT, we may also carry out:
- a check of the electoral roll
- a director’s search at Companies House
- a sanctions’ check
- a Financial Conduct Authority check
- media check
The personal information we have collected from you may be shared with CIFAS. We do this to prevent fraud, unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these is detected, you could be refused certain services or employment. For more details about how your information will be used by us and CIFAS, please refer to the CIFAS privacy notice.
3. Why we need your data and how we use it
We will typically collect and use this information for the following purposes. Other purposes that may also apply are explained in our Privacy Notice Policy [underway]. For a copy of the Privacy Notice Policy, please contact our DPO at [email protected] (for full contact details, please refer to section on “Contacting us” at the end of this privacy notice):
We need your information to manage your relationship with us as a DIT colleague on a day-to-day basis for the purposes of performing your employment contract with us. This includes:
- processing your payroll information and paying your salary
- providing tax information and payments to HMRC
- providing you with a pension and other benefits you have chosen, or you are entitled to receive
- monitoring your performance and providing you with feedback
- providing you with training and opportunities to improve your knowledge and skills
- communicating with you about your employment with DIT
- managing any absences including your return to work and assessing your ability to do your role
- dealing with any grievances you may have and carrying out any necessary disciplinary proceedings
- making reasonable adjustments to your working environment if you have a health condition
Whilst you are using our digital platforms and tools, we are processing your information with the purposes of:
- providing DIT staff with access to data sets that DIT owns and manages
- managing access to data sets to ensure legal, regulatory and commercial compliance
- analysing usage of the service, track data access and evaluate impact
We also use your information to comply with our legal, profession, regulatory and other corporate governance obligations, for example, to:
- comply with our obligations under the employment rights and pensions legislation
- comply with our obligations under the right to work legislation
- make sure that we provide you with a safe working environment as required by the Health & Safety at Work legislation
- make sure that we treat everyone fairly and equally as required by the equal opportunities’ legislation
- comply with immigration law requirements for both staff in the UK and overseas
- comply with obligations under the anti-money laundering and counter-terrorist financing legislation and for crime
- prevent or detect fraud. Colleagues found guilty of committing fraud will be subject to action in line with both the Discipline Policy and the National Fraud Initiative privacy notice.
If we need information relating to your health for any of the above purposes, we will collect this information either from you directly or from someone you have authorised to share this information with us, e.g. a family member, an occupational therapist, or any other medical professional. We will only collect and share information with those people if you have agreed we can do so, which we may ask you to confirm in writing. Please see the sections ‘Special categories of personal data’ below for more details.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
4. Legal basis of processing
The legal basis for processing your personal data is:
-
Contractual: it is necessary for the performance of a contract to which you are a party - an employment contract. This relates to information that we need to recruit and employ you.
-
Legal obligation: it is necessary to comply with a legal obligation placed on us as the data controller - we are required to report on equality of opportunity; and onboarding processes have specific requirements
-
Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case, Civil Service Jobs facilitates recruitment of high-quality candidates to roles across government departments, agencies and other public bodies. It provides recruitment tools and processes that support Civil Service recruitment strategy, and we also monitor the effectiveness of recruitment processes.
-
Consent: Where we rely on your consent to process your personal information, you have the right to withdraw your consent to processing for that purpose at any time. To withdraw your consent, please contact the DPO at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely and in line with our Retention and Disposal Policy [underway]. Please refer to section ‘How long we keep your data’ or contact our DPO at [email protected].
-
Legitimate Interests: Where our processing of your information is based solely on our legitimate interests (or those of a third party), you have the right to object to that processing if you give us specific reasons why you are objecting, which are based on your particular situation. If you object, we can no longer process your information unless we can demonstrate legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. Please refer to the section on ‘Your rights’ for more information on how to exercise your right to object or contact our DPO at [email protected].
Special category personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
The legal basis for processing your special category of personal data is:
-
it is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice; and an appropriate policy document is in place. Civil Service Jobs facilitates recruitment of high-quality candidates to roles across government departments, agencies and other public bodies. It provides recruitment tools and processes that support Civil Service recruitment strategy.
-
it is necessary for the purposes of performing or exercising our obligations or rights as the controller, or your obligations or rights as the data subject, under employment law, social security law or the law relating to social protection. External recruitment is required to follow the Civil Service Commission Recruitment Principles. Personal data is processed to ensure that these requirements are met. We are required under the Equality Act 2010 to make appropriate reasonable adjustments for candidates with a disability.
-
processing is of a specific category of personal data and it is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified (in paragraph 8(2) of Part 2 of Schedule 1 to the Data Protection Act 2018) in relation to that category with a view to enabling such equality to be promoted or maintained; and it is not carried out for the purposes of measures or decisions with respect to a particular data subject; and you have not declined consent; and you have not given notice that you do not wish your data to be processed for these purposes; and the processing is not likely to cause substantial damage or substantial distress to an individual. Diversity and inclusion data is used anonymously: ethnicity, religion, community background (Northern Ireland vacancies only), and sexual orientation.
-
it is necessary for archiving purposes, scientific or historical research purposes or statistical purposes, and it is in the public interest. Analysis of applications and recruitment outcomes (including online tests), impact on protected groups, timescales for recruitment, and other research may be carried out.
The processing by us of personal data relating to criminal convictions and offences or related security measures is not carried out under official authority, but is authorised because it meets the following condition:
- it is necessary for reasons of substantial public interest. This is ensuring that individuals with access to official information and assets will meet the required standards of propriety.
Further details on how we handle special category personal data and information relating to criminal convictions and offences are set out in our Data Protection Policy [underway]. To view a copy of our Data Protection Policy, please contact our DPO at [email protected] (for full contact details, please refer to the section on “Contacting us” at the end of this privacy notice).
5. Where do we obtain your information from?
5.1 Information that you give us
You give us information about yourself, your work experience and other relevant experience, your education, your qualifications and your circumstances:
- during the talent acquisition process
- by completing our onboarding forms
- by filling in our internal forms or surveys or submitting requests
- by signing on and using our digital platforms and tools
- as part of the day-to-day management of your relationship with us as a DIT colleague
- by using our IT systems, phones and smartphones
- by entering our buildings and passing through our security and CCTV monitoring systems
5.2 Information that we collect about you
We may collect information about you from our internal government’s sources and publicly available sources, for example, from:
- other government’s departments (e.g. if you have previously worked for the government)
- the Disclosure and Barring Service (DBS)
- Companies House, if you have been Director of limited companies
- the Financial Conduct Authority for example if you have previously covered an approved role
- CIFAS
- regulatory bodies (if you are a member of a regulated profession)
We may also collect data about you available via internet, such as:
- through a Google search
- news and social media reports
- entries in online directories
Where you use our systems to:
- send emails (including personal emails), we reserve the right to inspect, examine or monitor those emails without further notice
- browse the internet, we monitor the types of sites you access, the extent and frequency of your use of the internet
We will also capture and review all card purchases and payments made over our internet (including card details) to prevent and detect fraud and potential breaches of our Information Security Policy.
5.3 Information that you ask us to collect from third parties
If you specifically ask us to collect information from a third party, we will do so in accordance with your request, which we may ask you to put in writing. This may include:
- in certain circumstances, the previous provider of your private medical insurance or other benefits if appropriate, and if you are transferring your existing insurance or benefits when you become a DIT colleague
- organisations who are providing you with support such as mental health support or occupational health support
We may use third party recruitment agencies to carry out pre-employment checks about you. For more details, please refer to the above section on “What pre-employment checks do we carry out”.
5.4 Information that we obtain from our digital platforms
If you use our websites as part of your day to day job or for any reason, we may process the information that you share with us. This is done in order to:
- to manage access for all DIT users - including staff, International Trade Advisers, Local Enterprise Partners, devolved administrations, contracted individuals and agencies and Investment Support Service Team - to DIT Digital services such as Data Hub and Digital Workspace
- create an account and verify your email address
- enable you to sign-in onto our digital platforms
- allow you to use DIT digital services, for example Export opportunities, Trade Profiles, Selling online overseas
5.5 Information we obtain from call recordings
We may monitor and/or record calls for the purposes of training, improving our quality and service standards and resolving issues with customers, clients or colleagues.
For details of when we may share call recordings with third parties, please see the section “Who do we share your information with?” below.
5.6 Information we obtain from CCTV images and building access
We operate CCTV at all our premises. Whilst you are on site at any of our offices, you may be recorded by our CCTV system.
For details of when we may share CCTV images with third parties, please see the section “Who do we share your information with?” below.
We also collect information about which areas of our premises you visit through our building access systems.
We may combine the information that you give us with the information we collect about you from any of the sources listed above.
6. How we may share your information
We will only share your personal information with third parties for the purpose of taking steps to enter a contract with you, or to fulfil our contractual obligations to you. Other purposes are also listed in the section on ‘Why we need your data and how we use it’ above. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you undergo pre-employment checks prior to appointment, your data may be shared with:
- Government Recruitment Service
- Customer relationship management system
- Capita
- Capita Security Watchdog
- Disclosure and Barring Service
- Access NI criminal record checks
- Disclosure Scotland criminal record checks
- occupational health providers
- APS Group Translation Services
- Civil Service Pensions
- the recruiting department
- the recruiting department’s shared service provider (if a third party supplier is used)
- the UK Security Vetting team, as well as the Security Cluster department for the relevant employer (which will be either HMRC, DWP, Home Office, MoD, or the FCDO)
6.1 Information that we share with other government’s departments
We may share information about you from other Government’s Departments, for example with the FCDO and HMG:
- so that we able to provide talent acquisition and other HR related services to DIT across all platforms and internationally
- for our internal administrative purposes including creating and analysing management information and HR reports
- to monitor our compliance with our legal, professional, regulatory and other corporate governance obligations
6.2 Information that we share with HMRC
We are required by law to share information about you, including details of your salary and benefits with HMRC for the purposes of HMRC’s tax collection activities.
6.3 Information that we share with the providers of our pension scheme
As your employer, we are required to automatically enrol you (if you are eligible) into our pension scheme. To do this we need to share information about you including your name, address, date of birth, your National Insurance number, your salary and the amount of your pension contributions.
6.4 Information that we share with the providers of our employee benefits
As part of our benefits package, we offer you the opportunity to choose from several benefits, such as:
- life assurance
- critical illness insurance
- private medical insurance
- dental insurance
- medical cash plan
- childcare vouchers
- taste card
- gourmet card
- retail discounts
- Give As You Earn
If you choose to receive any of these benefits, we will share your information with the provider of the specific benefits you have chosen, so that they can provide you with those benefits.
6.5 Information that we share with law enforcement and emergency services
If we identify evidence of fraud, money laundering or any other crime (whether financial or otherwise) in relation to your employment, including where you have been the victim of identity theft, we will share those details with the police, the National Crime Agency and other law enforcement agencies. If colleagues are investigated because of fraud, they will be subject to discipline action in line with the Discipline Policy. Their personal information will be processed in line with the National Fraud Initiative privacy notice, referred to in the Discipline Policy.
We may also share information with HM Revenue and Customs where appropriate.
Where relevant we may also share CCTV images and call recordings with the police, the National Crime Agency and other law enforcement agencies.
6.6 Information that we share with third-party recruitment agencies
We share the following information with third party recruitment agencies so that they can carry out pre-employment checks for us, or payroll related services for our independent contractors and consultants:
- your name
- your contact details (including your current and previous addresses, email addresses and telephone numbers)
- the information you provide when completing our background check form or equivalent that we will send to you if you accept an offer of employment with us
- copies of your references in circumstances where they process these for us
6.7 Information that we may share with CIFAS
The personal information we have collected from you may be shared with CIFAS who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. For more details about how your information will be used by us and CIFAS, please see the CIFAS privacy notice.
6.8 Information that we share with regulatory bodies and professional associations
If you are a member of a regulated profession, such as a solicitor, we may share information with your regulatory body or professional association such as The Law Society.
If you have previously held a role as an approved person, we may also share information with the Financial Conduct Authority.
If you make a complaint to the Information Commissioner’s Office (ICO), we may have to share information about you.
6.9 Information that we share with our Commercial Clients
We may share information about you with our Commercial counterparties for the purposes of quality assurance, resolving issues and evidence of our compliance with our contractual and / or public duty obligations to clients.
6.10 Information that we share with other third-party suppliers
We use several carefully selected third parties to supply us with other products and services, such as payroll, occupational therapy services, HR systems and IT services.
The information that we share with our suppliers will depend on the nature of the products and services that they provide to us but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need.
More specifically, as you are using our digital platforms, we will share your information with the following suppliers:
- Gov.UK PaaS
- Amazon Web Services (AWS)
- Google Cloud
who provide cloud storage services and other technology services.
Further, aggregated analyses of data may also be shared with the Information Commissioner’s Office (ICO) the Government Internal Audit Agency (GIAA) and the National Audit Office (NAO) and UK Export Finance.
Sometimes your information will be shared or stored outside of the UK and outside the European Economic Area. For more details about how we make sure your information is protected if it is shared or stored outside the UK and the European Economic Area, please see the section “Where is your information stored” below.
6.11 Information shared as part of FOI
Information provided whilst using our digital services, including personal information, may be published or disclosed in accordance with access to information regimes, primarily the Freedom of Information Act 2000 (FOIA), in addition to the Data Protection legislation. For this purpose, we may anonymise or aggregate data to ensure that your private information is kept confidential, unless the law requires us to disclose it.
7. How long we keep your data
We only keep your information for as long as we need it to fulfil our lawful purposes and in line with our Retention and Disposal Policy and Schedule (underway).
The policy has been written by considering all the different types of information that we hold about you, understanding how long we need to keep it to meet our legal and regulatory requirements and our obligations to you.
For more details, please refer to our Retention and Disposal Policy [underway]. To view a copy of our Retention and Disposal Policy, please contact our DPO at [email protected] (for full contact details, please refer to the section on “Contacting us” at the end of this privacy notice).
8. How we protect your data and keep it secure
As your personal data is stored on Civil Service IT infrastructure, and shared with their data processors who provide email, and document management and storage services, it may be transferred and stored securely outside the European Economic Area. Where that is the case it will be subject to equivalent legal protection such as the use of Model Contract Clauses.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. This will be done in line with our Data Protection Policy [in progress]. For a copy, please write to our DPO at [email protected] (for full contact details, please refer to section “Contacting us” at the end of this privacy notice.Your information is generally stored on servers and filing systems in the UK or the European Economic Area. From time to time, it may be stored in or accessed from countries outside the European Economic Area. If you require more information about where outside the EEA your data might be transferred to – or accessed from - please contact the DPO at [email protected].
Where this may happen, we always make sure that there is:
- an adequacy decision between the EU and the third country
- the EU-US Privacy Shield, for transfers from the EEA to the US
Or, in the absence of the above, appropriate safeguards must in place, such as:
- a legally binding and enforceable instrument between public authorities or bodies, which provides appropriate safeguards for your rights and freedoms and it is legally binding and enforceable
- binding corporate rules
- standard contractual clauses adopted by the European Commission, which have been recognised as providing adequate protection to personal information transferred outside the EEA. When these clauses are included in a contract with one of the companies we work with, it means that if they transfer your information outside the EEA, they must make sure that your information is just as safe as it is in the EEA.
- standard data protection clauses adopted by a supervisory authority and approved by the European Commission. They are likely to be similar to those adopted by the Commission (per above), but they will be first adopted by the supervisory authority and then approved by the Commission
- a code of conduct approved by a supervisory authority together with binding and enforceable commitment to it by the receiver outside the EEA
- certification under an approved certification mechanism together with the binding and enforceable commitment of the receiver outside the EEA
- contractual clauses authorised by a supervisory authority (Note: At present the ICO is not authorising such contractual clauses)
- administrative arrangements between public authorities or bodies (such as a Memorandum of Understanding) which include enforceable and effective rights for the individuals whose personal data is transferred, and which have been authorised by a supervisory authority
In order to guarantee that your information – and your rights – are protected to the same high standard as under UK law.
You can obtain a copy of the safeguards we have in place by writing to our DPO at [email protected] (for full contact details, please refer to section “Contacting us”).
8.1 Exemptions under art 49(1) GDPR
In the absence of an adequacy decision or appropriate safeguards, the law allows us to go ahead with the transfer outside the EEA if:
(a) you have explicitly consented to the proposed transfer, after we have informed you of the possible risks of such transfers
(b) the transfer is necessary for the performance of a contract between DIT and yourself or the implementation of pre-contractual measures taken at your request
(c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between DIT and another natural or legal person
(d) the transfer is necessary for important reasons of public interest
(e) the transfer is necessary for the establishment, exercise or defence of legal claims
(f) the transfer is necessary in order to protect your or someone else’s life, where the data subject is physically or legally incapable of giving consent
(g) the transfer is made from a public register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest
(h) we are making a one-off restricted transfer and it is in our compelling legitimate interests
9. Your rights
9.1 Your rights in connection with personal information
Under the data protection laws, you have several rights in respect of your information and the way we use it. Some of these rights only apply in certain situations. We explain below what rights you have, what these mean and how they apply to the way we use your information.
9.2 Access your information
You can ask for:
- confirmation that we process your personal information
- a copy of your personal information that we hold
- other information about how we process your information
We will provide you with a copy of your personal information which we hold unless the data protection laws provide an exception that we decide to rely on, for example where there are ongoing court proceedings. We may also edit out the names of any other individuals to protect their privacy.
Wherever possible, we will provide you with a copy of your personal information in the same manner you make your request unless we agree otherwise with you.
9.3 Have your information rectified
You can ask us to rectify your information if it is not accurate, complete or up to date.
We will update or correct your information, although sometimes we may need to ask you to provide evidence to confirm the changes, for example a copy of your marriage certificate if you are changing your name because you have got married.
9.4 Have your information erased
This is also known as the right to be forgotten.
You can ask us to delete your information where:
- we no longer need it
- we rely on your consent to use your information and you withdraw it
- you object to our processing it and we have no overriding legitimate grounds to continue processing it
- we are legally required to delete it
This right does not apply where we:
- are legally required to keep your information, for example under the laws which require us to check you have a right to work in the UK
- have a compelling legitimate ground for using your personal information
- need your information to establish, exercise or defend legal claims, for example where there are ongoing court proceedings
As we rely on the fact that we need your information to (a) take steps at your request prior to entering into an employment contract with you (b) comply with our legal obligations or (c) protect you where it is a matter of life and death for most processing of your personal information, we will only be able to delete your personal information:
- if you have the right to object to our processing your personal information and to carry out your request, we must erase your information
- where we no longer need your information. Although our retention policy means that we will delete your information once we no longer need it. Please see the section How long do we keep your information? above for more details.
9.5 Restrict our processing of your information
You may ask us to restrict our processing of your personal information where:
- you believe the information we hold about you is inaccurate while we check whether it is accurate
- we no longer need your information, but you need it to establish, exercise or defend a legal claim
We will not process your personal information whilst we consider your request. However, we will still be able to process your personal information for the purposes of any ongoing court or other legal proceedings.
We will inform you if we begin processing your personal information again and explain why.
9.6 Have your information transferred to you and/or a third party
This is also known as the right to data portability. You can ask us to provide you with a copy of the information which you have provided to us and which we hold electronically.
This right only applies to the information which you have provided to us which we hold electronically. It does not apply to information that we collect to comply with our legal obligations such as evidence of your right to work in the UK.
We will provide this information to you in a commonly used and machine-readable format.
9.7 Object to our processing of your information, including profiling
You can object to our use of your information, including profiling unless we:
- have compelling legitimate grounds for using your information
- need to use your information to establish, exercise or defend a legal claim, for example where there are ongoing court proceedings
We don’t carry out any profiling of our colleagues who work for DIT either in the UK or internationally.
We don’t use your information for direct marketing.
9.8 Not to be subject to an automated decision
You can ask us to review any automated decision which has a legal or significant effect for you. You can provide us with your point of view and any additional information that you think we need and ask for a human to reconsider our decision.
However, once you have accepted an offer of employment with us, we do not make any automated decisions about you either in the UK or overseas. This is unless security clearance runs out and up until is renewed, in which case a new check must be completed, and information is again requested.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the DPO in writing at [email protected]. For full contact details, please refer to section ‘Contacting us’.
We will always do our best to respond to your request within one month of receiving it and any additional information we need to confirm your identity and understand your request.
However, sometimes we may need some more time to deal with your request, particularly if it is complicated. Where this happens, we will write to you within one month and let you know why we need some more time and when we will provide you with our response.
If we are unable to carry out your request, we will send you a response explaining why.
10. Accessibility
If you require a paper copy of this privacy notice, or a large print copy, or to hear it in audio version, please contact the Data Protection Officer at:
Data Protection Officer
Department for International Trade
Old Admiralty Building
Admiralty Place
Whitehall
London
SW1A 2DY
United Kingdom
11. Complaints
If you have any issues, queries or complaints regarding the processing of your personal data please contact
Data Protection Officer
Department for International Trade
Old Admiralty Building
Admiralty Place
Whitehall
London
SW1A 2DY
United Kingdom
If you are unsatisfied with the handling of your personal data by DIT, then you have the right to lodge a complaint to the data protection authority:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
12. Contacting us
If you have any questions about this privacy notice or how we handle your personal information, you can also write to us at:
Data Protection Officer
Department for International Trade
Old Admiralty Building
Admiralty Place
Whitehall
London
SW1A 2DY
United Kingdom
You can also make a complaint to the Information Commissioner, who is an independent regulator. [email protected]
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
13. Changes to this privacy notice
We reserve the right to update this privacy notice at any time and we will provide you with a new privacy notice if we make any substantial updates.
14. Identity and contact details
The Department for International Trade are registered as a Controller under the General Data Protection Regulation and Data Protection Act 2018.
Our contact details are:
Data Protection Officer
Old Admiralty Building
Admiralty Place
Whitehall
London
SW1A 2DY
United Kingdom
Email: [email protected]