Skip to main content

Privacy and cookies policy

This page explains our privacy policy and how we will use and protect any information about you that you give us when you visit this website.

Office of the Commissioner for Public Appointments Privacy Notice

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).


The purpose(s) for which we are processing your personal data will include some or all of the following: To enable the Commissioner to form a decision on whether an appointment without holding a fair and open competition, using an exemption from the Governance Code for Public Appointments, is compliant with the principles in the Code.

Investigating a complaint into the running of a competition regulated by the Office for the Commissioner of Public Appointments

For the purpose of conducting a compliance visit or audit. This is one of the Commissioner’s core statutory activities to ensure that an appointments process is compliant with the Governance Code for Public Appointments.

The data

We will process some or all of the following personal data:

In relation to applications for exemptions, or compliance visits or audits:

potential appointee’s name; job title, whether they hold any other public appointments, information on any potential conflicts of interests, any political activity relevant to the role in question; CVs, or role descriptions.  In instances where there is an appointment without fair and open competition, or where the Minister is minded to appoint a candidate found unappointable by a selection panel, a panel report will be requested from the government department.  For consultations on the extension of an existing appointment, a performance appraisal for the individual concerned, taken by the public body involved, may be requested and supplied.

In relation to those making complaints or triggering investigations:

Your name, contact details and opinions

In relation to complaints or investigations:

CVs or statements of candidates

Records of sifts

Transcripts of conversations between officials, Ministers and candidates,  interview panel reports and assessments

Information about candidates’ conflicts of interest or political activity

Any reports or interviews by recruitment consultants

References about the candidates from former employers

Details of those who were considered but were unsuccessful

Details of those encouraged to apply but who did not apply

Internal departmental advice on the appointment

Sensitive personal data and criminal convictions personal data

Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Where we hold sensitive personal data, or criminal convictions personal data, our legal basis for processing it is that processing is necessary for reasons of substantial public interest for the exercise of a function conferred on a person by an enactment.

Legal basis of processing

The legal basis for processing your personal data is as follows:

In relation to complaints and investigations:

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case it is the functions of the Commissioner set out in The Public Appointments Order in Council dated 13th July 2016, or being accountable and transparent about the functions and policies for which OCPA is responsible..

In relation to applications for exemptions, compliance visits and audits:

It is necessary to comply with a legal obligation placed on us as the data controller. These are set out in the Public Appointments Order in Council 2017.


The names of public appointees may be published on the OCPA website and in the Commissioner’s Annual Report.

Your personal data may be shared with the department or public body responsible for the appointment, and with the Centre for Public Appointments at the Cabinet Office.  

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.

Your personal data may also be shared with our data processor DF Press Ltd., for the purposes of media comment and advice.


Information in relation to an investigation or complaint will be deleted or destroyed as soon as the case has been resolved, usually within a period of 6 months. The OCPA secretariat will only retain the original complaint and the Decision notice published by the Commissioner for a period of 3 years.

Information in relation to a compliance visit will be retained for up to 6 months only, after which time it will be destroyed.

In relation to exemptions requests, the personal information provided to OCPA from third parties for the purposes of casework advice will usually be deleted 3 years after a case is closed or concluded.

Where personal data have not been obtained from you

Your personal data may have been obtained by us from a government department for the purposes of the tasks listed above.


You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

In relation to complaints and investigations:

You have the right to object to the processing of your personal data.


If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.  The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane

0303 123 1113

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.


The data controller for your personal data is the Office of the Commissioner for Public Appointments. The contact details for the data controller are:

The Commissioner for Public Appointments


1 Horse Guards Road



Tel: 020 7271 6729 / 0207 271 3305

The contact details for the data controller’s Data Protection Officer (DPO) are:

Stephen Jones

Data Protection Officer

70 Whitehall



The Data Protection Officer provides independent advice and monitoring of OCPA’s use of personal information.


The Commissioner for Public Appointments (CPA) website puts small files (known as ‘cookies’) onto your computer to collect information about how you browse the site.

Cookies are used to:

  • measure how you use the website so it can be updated and improved based on your needs
  • remember the notifications you’ve seen so that we don’t show them to you again

You can find out more about how to manage cookies, including how to delete and block them, on the Information Commission Officer’s (ICO) website. How cookies are used on the CPA website:

Measuring website usage (Google Analytics)

We use Google Analytics software to collect information about how you use this site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Google Analytics stores information about:

  • the pages you visit on the site
  • how long you spend on each page
  • how you got to the site
  • what you click on while you’re visiting the site

It doesn’t collect or store your personal information (e.g. your name or address) so this information can’t be used to identify who you are. We don’t allow Google to use or share our analytics data. Google Analytics sets the following cookies:

Name Expires
_ga 2 years
_gat 10 minutes
_gld 24 hours
_ga_HXSF5KTH1X 2 days

You can opt out of Google Analytics cookies.

Cookies message

You may see a banner when you visit the Public Appointments Commissioner website inviting you to accept cookies or review your settings. We’ll set cookies so that your computer knows you’ve seen it and not to show it again, and also to store your settings.

Name Purpose Expires
seen_cookie_message Lets us know if you’ve seen our cookie message 1 year
cookie_policy Saves your cookie consent settings 1 year

Website registration (WordPress)

This website is built using the WordPress content management system. WordPress uses the following cookies to enable registered users to log into the website:

Name Expires
wordpress_test_cookie When you close your browser
wordpress_logged_in_(ID) When you close your browser
wordpress_sec_(ID) When you close your browser

Homepage Twitter timeline

If you click on our homepage timeline Twitter may receive information including the homepage URL, your IP address, browser type, operating system, and cookie information.

Twitter will never associate this web browsing history with users’ names, email addresses, phone numbers, or Twitter handles, and they delete, obfuscate, or aggregate it after no longer than 30 days.

Twitter sets the following cookies:

Name Expires
_twitter_sess When you close your browser
ct0 6 hours
external_referer 1 week
guest_id 2 years
personalization_id 2 years

Twitter also own the domain which places the following language cookie, enabling Twitter to determine the language settings of your browser, to better show you relevant information in the right language.

Name Expires
lang When you close your browser

Read Twitter’s Privacy Policy.

YouTube videos

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.

Name Expires
GPS 30 minutes
PREF 2 years
YSC When you close your browser
remote_sid When you close your browser

Read YouTube’s Privacy Policy.


We welcome your feedback. If you contact us asking for information, we may need to contact other government departments to find that information. If your question is technical, we may need to pass it to our technology suppliers.

We do not pass on any of your personal information when dealing with your enquiry, unless you have given us permission to do so. Once we have replied to you, we keep a record of your message for audit purposes.

The Data Protection Act

Under the Data Protection Act, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it.

We may share your details with a third party as set out above.

Access to your information and contacting us

If you wish to see our records of any correspondence you have sent to us, or if you have a query or complaint about this privacy policy or about the site, you can contact us here.

Changes to this privacy policy

If this privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.