In this policy and any linked notice, references to ‘us’, ‘our’ or ‘we’ are to the House of Commons. The Corporate Officer (Clerk of the House) is the Controller of any personal data processed as described in this Privacy Notice. The Data Protection Officer is the Head of Information Rights and Information Security.
If you have any questions about the use of your personal data, please contact us:
House of Commons
- Email: IRIS@parliament.uk
- Telephone: 0207 219 4296
- Post: IRIS Service, House of Commons, SW1A 0AA
House of Lords
- Email: Holinfocompliance@parliament.uk
- Telephone: 0207 219 0100/8481
- Post: Frances Grey, Millbank House, SW1A 0PU
Collection of your personal data
When you contact us, visit us, access or use our services either online, by post, in person or by other means, we may collect, store and use your personal data.
When we collect your data we will notify you about what information we are collecting and our intended uses.
Use of your personal data
The lawful basis for collecting and using the personal data will depend on the specific context in which we collect it. However, we will normally collect personal data from you only:
- where we need to for the purposes of Parliamentary functions
- where we have a legal obligation to collect the personal data from you
- where we need the personal data in relation to a contract we have with you
- where we have your consent to do so
- where the processing is in our legitimate interests and not overridden by your rights
We may also use the personal data you provide us to protect the vital interests of you or others you are associated with if it were to become necessary, for example, whilst visiting the Parliamentary Estate.
We will notify you of the purposes for the processing and the lawful basis which will be one of the following:
- the processing is necessary for Parliamentary functions
- the processing is necessary to fulfil a contractual agreement between you and us
- the processing is necessary to comply with legal and regulatory requirements
- you have consented to the use of your personal data
- the processing is necessary for our legitimate interests when balanced against your interests
Details about the lawful basis for processing personal data can be found on the Information Commissioner’s website.
Storage and retention of your personal data
The House of Commons will retain your personal data for as long as is necessary for the purpose it was collected. In most cases, a retention period will apply which can be found in the Houses of Parliament Authorised Records Disposal Policy on our website.
We will notify you of the retention period when collecting your personal data. At the end of the retention period, your personal data will be disposed of securely.
Disclosure and security of your personal data
We may disclose your personal data to third parties when permitted to do so including:
- with your consent
- where we have a contract with a processor acting on our behalf
- if we have a lawful basis for doing so
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes providing your personal data to other organisations, such as the Police, for the purposes of prevention and detection of crime.
We may also share your personal data with other organisations where there is a lawful basis for doing so, such as the House of Lords administration (who is a separate Controller) for the provision of shared services to you.
We will never share or sell your personal data to other organisations for direct marketing purposes.
We will notify you of whom your personal data will be shared with and where it is stored.
All personal data you provide to the House of Commons will be stored securely, both physically and electronically, in accordance with our policies. We have an information security process in place to oversee the effective and secure processing of your personal data.
In addition, we (or processors acting on our behalf) may also store or process your personal data in countries outside the European Economic Area but only where we are assured of the security of the data. We have put in place technical and organisational security measures to minimise the possibility of the loss or unauthorised access of your personal data.
We will ensure you can exercise your rights in relation to the personal data you provide to us. These are as follows:
- Where we are relying on your consent to use your personal data, you can withdraw that consent or unsubscribe from our services at any time. Instructions are provided when we collect your data.
- You can request access to the personal data we hold about you at any time by contacting the Data Protection Officer whose contact details are found at the top of this notice.
- You can ask us to update your personal data if it changes. In certain circumstances, you can request we erase the personal data we hold, or ask us to stop or restrict processing if you have an objection.
- You can ask for a copy of your information in a machine-readable format to allow you to obtain and reuse your personal data for your own purposes across different services. (the right to data portability).
- If you have any privacy-related questions or unresolved problems relating to the use of your personal data, you may contact us to complain by contacting the Data Protection Officer whose contact details are found at the top of this notice.
- You also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contact at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk.
Further details about your rights and the complaints process can be found on the Information Commissioner’s website.