Office of the Commissioner for Public Appointments Privacy Notice
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
The purpose(s) for which we are processing your personal data will include some or all of the following: To enable the Commissioner to form a decision on whether an appointment without holding a fair and open competition, using an exemption from the Governance Code for Public Appointments, is compliant with the principles in the Code.
Investigating a complaint into the running of a competition regulated by the Office for the Commissioner of Public Appointments
For the purpose of conducting a compliance visit or audit. This is one of the Commissioner’s core statutory activities to ensure that an appointments process is compliant with the Governance Code for Public Appointments.
We will process some or all of the following personal data:
In relation to applications for exemptions, or compliance visits or audits:
potential appointee’s name; job title, whether they hold any other public appointments, information on any potential conflicts of interests, any political activity relevant to the role in question; CVs, or role descriptions. In instances where there is an appointment without fair and open competition, or where the Minister is minded to appoint a candidate found unappointable by a selection panel, a panel report will be requested from the government department. For consultations on the extension of an existing appointment, a performance appraisal for the individual concerned, taken by the public body involved, may be requested and supplied.
In relation to those making complaints or triggering investigations:
Your name, contact details and opinions
In relation to complaints or investigations:
CVs or statements of candidates
Records of sifts
Transcripts of conversations between officials, Ministers and candidates, interview panel reports and assessments
Information about candidates’ conflicts of interest or political activity
Any reports or interviews by recruitment consultants
References about the candidates from former employers
Details of those who were considered but were unsuccessful
Details of those encouraged to apply but who did not apply
Internal departmental advice on the appointment
Sensitive personal data and criminal convictions personal data
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Where we hold sensitive personal data, or criminal convictions personal data, our legal basis for processing it is that processing is necessary for reasons of substantial public interest for the exercise of a function conferred on a person by an enactment.
Legal basis of processing
The legal basis for processing your personal data is as follows:
In relation to complaints and investigations:
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case it is the functions of the Commissioner set out in The Public Appointments Order in Council dated 13th July 2016, or being accountable and transparent about the functions and policies for which OCPA is responsible..
In relation to applications for exemptions, compliance visits and audits:
It is necessary to comply with a legal obligation placed on us as the data controller. These are set out in the Public Appointments Order in Council 2017.
The names of public appointees may be published on the OCPA website and in the Commissioner’s Annual Report.
Your personal data may be shared with the department or public body responsible for the appointment, and with the Centre for Public Appointments at the Cabinet Office.
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
Your personal data may also be shared with our data processor DF Press Ltd., for the purposes of media comment and advice.
Information in relation to an investigation or complaint will be deleted or destroyed as soon as the case has been resolved, usually within a period of 6 months. The OCPA secretariat will only retain the original complaint and the Decision notice published by the Commissioner for a period of 3 years.
Information in relation to a compliance visit will be retained for up to 6 months only, after which time it will be destroyed.
In relation to exemptions requests, the personal information provided to OCPA from third parties for the purposes of casework advice will usually be deleted 3 years after a case is closed or concluded.
Where personal data have not been obtained from you
Your personal data may have been obtained by us from a government department for the purposes of the tasks listed above.
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
In relation to complaints and investigations:
You have the right to object to the processing of your personal data.
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner’s Office
0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
The data controller for your personal data is the Office of the Commissioner for Public Appointments. The contact details for the data controller are:
The Commissioner for Public Appointments
1 Horse Guards Road
Tel: 020 7271 6729 / 0207 271 3305
The contact details for the data controller’s Data Protection Officer (DPO) are:
Data Protection Officer
The Data Protection Officer provides independent advice and monitoring of OCPA’s use of personal information.
The Commissioner for Public Appointments (CPA) website puts small files (known as ‘cookies’) onto your computer to collect information about how you browse the site.
Cookies are used to:
You can find out more about how to manage cookies, including how to delete and block them, on the Information Commission Officer’s (ICO) website. How cookies are used on the CPA website:
We use Google Analytics software to collect information about how you use this site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
Google Analytics stores information about:
It doesn’t collect or store your personal information (e.g. your name or address) so this information can’t be used to identify who you are. We don’t allow Google to use or share our analytics data. Google Analytics sets the following cookies:
You can opt out of Google Analytics cookies.
You may see a banner when you visit the Public Appointments Commissioner website inviting you to accept cookies or review your settings. We’ll set cookies so that your computer knows you’ve seen it and not to show it again, and also to store your settings.
|seen_cookie_message||Lets us know if you’ve seen our cookie message||1 year|
|cookie_policy||Saves your cookie consent settings||1 year|
This website is built using the WordPress content management system. WordPress uses the following cookies to enable registered users to log into the website:
|wordpress_test_cookie||When you close your browser|
|wordpress_logged_in_(ID)||When you close your browser|
|wordpress_sec_(ID)||When you close your browser|
If you click on our homepage timeline Twitter may receive information including the homepage URL, your IP address, browser type, operating system, and cookie information.
Twitter will never associate this web browsing history with users’ names, email addresses, phone numbers, or Twitter handles, and they delete, obfuscate, or aggregate it after no longer than 30 days.
Twitter sets the following cookies:
|_twitter_sess||When you close your browser|
Twitter also own the cdn.syndication.twimg.com domain which places the following language cookie, enabling Twitter to determine the language settings of your browser, to better show you relevant information in the right language.
|lang||When you close your browser|
We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
|YSC||When you close your browser|
|remote_sid||When you close your browser|
We welcome your feedback. If you contact us asking for information, we may need to contact other government departments to find that information. If your question is technical, we may need to pass it to our technology suppliers.
We do not pass on any of your personal information when dealing with your enquiry, unless you have given us permission to do so. Once we have replied to you, we keep a record of your message for audit purposes.
Under the Data Protection Act, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it.
We may share your details with a third party as set out above.