Guidance

Data science capability audit privacy notice: how we use your data

Published 13 September 2019

The Data Science Capability Audit is being conducted by the Government Digital Service (GDS which is part of the Cabinet Office.

The data controller for GDS is the Cabinet Office - a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

1. What data we collect from you

The personal data we collect from you includes:

  • name
  • job title
  • email address

We use your data because you have consented for us to do so for this particular piece of research.

3. Why we need your data

We need information about you when inviting you to take part in the audit to ensure that you meet the criteria for this research.

We need to collect data during the interview to ensure that we have an accurate record of what happened and what was said. This is important, because we then analyse this information and use it to draw conclusions about how we should improve data science capability across the public sector.

4. What we do with your data

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

When using your responses in reports or presentations, or sharing with other government departments, we will anonymise your data so that you’re not identifiable.

We will share your data with partners in the Government Data Science Partnership, as we’re working together to improve the data science capability in the public sector.

As your personal data will be stored on our IT systems it will also be shared with organisations that provide our email, document management and storage services (for example, Google).

5. How long we keep your data

We will only keep your personal data for as long as:

  • the law requires us to
  • we need it for the purposes listed above

This means that we will only hold your personal data for a minimum of 1 year and a maximum of 3 years.

6. Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may be transferred outside the European Economic Area (EEA) while being processed by GDS. If this happens, we’ll make sure you’re given the same level of technical and legal protection as you are within the EEA.

7. Who we share your data with

Your personal data may be shared with a limited number of people in other organisations outside of GDS, as described above.

Reports containing anonymised findings will be shared beyond GDS. For example, the final report will be shared on GOV.UK.

8. How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS are required to keep that data secure.

9. Your rights

You have the right to request:

  • information about how your personal data is processed, and to request a copy of that personal data
  • that any inaccuracies in your personal data is rectified without delay
  • that any incomplete personal data is updated - you can include the missing information in your request
  • that your personal data is erased if there is no longer a justification for it to be processed
  • that the processing of your personal data is restricted in certain circumstances - for example, where accuracy is contested

If you gave your consent for us to collect and process your data, you have the right to:

  • withdraw your consent - this can be done at any time
  • request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format

10. Questions and complaints

Contact the GDS Privacy Team if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SAR)

Cabinet Office (Government Digital Service)
The White Chapel Building
10 Whitechapel High Street
London
E1 8QS

Email: [email protected]

The contact details for our Data Protection Officer are:

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email [email protected]

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860

Any complaint to the Information Commissioner doesn’t affect your right to seek redress through the courts.

11. Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.