Personal information charter

This information charter sets out the standards you can expect from the Department for Digital, Culture, Media and Sport when we collect, hold or use your personal information.

Personal data charter and privacy notice

The data controller
The Department for Digital, Culture, Media & Sport (DCMS) is the “data controller”. This means that we are responsible for any of your personal data that we collect or use. We will ensure that we will treat all personal information in accordance with data protection legislation, including the General Data Protection Regulation and Data Protection Act 2018.

When the Department for Digital, Culture, Media and Sport or its agencies collects, holds, uses or processes in any way your personal data, you are entitled to be told:

  • the purpose for which the data is being used, and our lawful basis for processing it
  • how long we will keep your data, who we will share it with
  • whether it will be transferred or accessed outside the UK or EU, and what legal safeguards are in place to protect it
  • about any rights you may have, including the right to access your information, or to object to its being used
  • about your right to complain to the Information Commissioner if you feel that your personal information has been mishandled
  • about the identity of our Data Protection Officer (an independent advisor on data protection matters)

Why we are collecting the data
When we ask for your personal data, we promise only to ask for what we need, and to make sure you know why we need it. If it includes contact details, we will also tell you anything else that we may use it to contact you about and whether you can say no. If you do say yes to us contacting you about other things, you can withdraw your consent at any time.

Why we are legally allowed to process your data
The reasons that we can use to collect or use your personal data are set out in law. Most of the time, this will be because it is necessary for us in our work as a public body (Article 6(1)(e) of the General Data Protection Regulation, the law which applies to personal data).

When we collect or use your personal data under any other lawful basis we will let you know which part of the law we are using.

Sharing your data
We will let you know if we are going to share your personal data with other organisations – and whether you can say no. You can ask us for details of agreements we have with other organisations for sharing your information.

If you write to us on a subject that is not our policy area, and the response needs to come from another government department, we will transfer your correspondence, including the personal data, to that department.

You can also ask us for details of any circumstances in which we can pass on your personal data without telling you. This might be, for example, to prevent and detect crime or to produce anonymised statistics.

We won’t make your personal data available for commercial use without your specific permission.

Keeping your data
We will only keep your personal data as long as we continue to have a lawful basis to do so. This will usually mean that it is still necessary for our work as a public body. This will be decided by our ongoing business need and any laws or government policies that affect how long we keep it. We have a “retention schedule” that sets out how long we will keep different types of information for.

Your rights
The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:
(a) know that we are using your personal data
(b) see what data we have about you
(c) ask to have your data corrected, and to ask how we check the information we hold is accurate
(d) ask to have your data deleted
(e) complain to the Information Commissioner’s Office (see below)

In some circumstances you may also have the right to withdraw your consent to us having or using your data, to have all data about you deleted, or to object to particularly types of use of your data. We will tell you when these rights apply.

You can also make a complaint to the Information Commissioner, who is an independent regulator:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Telephone: 0303 123 1113
Textphone: 01625 545860 (Monday to Friday, 9am to 4:30pm)

Sending data overseas
We will not usually send your data overseas. If we need to do so, we will let you know.

Automated decision making
We will not normally use your data for any automated decision making. If we need to do so, we will let you know.

Storage, security and data management
Your personal data will be stored securely and will be protected to make sure nobody has access to it who shouldn’t.

You can ask us for details of our instructions to staff on how to collect, use and delete your personal data.

What we ask of you
So that we can keep your personal data reliable and up to date, please:
give us accurate information tell us as soon as possible if there are any changes, such as a new address

How to access your personal information
If you would like a copy of any personal information that we hold about you, please contact the relevant team or agency in the DCMS. We will required proof of ID.

If you do not know who holds your information, or you do not know who to ask, please contact the general contact address and provide as much information as possible about what information you think we hold.

Department for Digital, Culture, Media & Sport
100 Parliament Street
London SW1A 2BQ

Telephone: 020 7211 6000

Data Protection Officer
If you have any concerns about how the department is handling your personal data, you may contact the department’s Data Protection Officer (DPO).

The DPO provides independent advice and monitoring of DCMS’s use of personal information. They can be contacted at the following postal and email addresses:

Tom Hughes DPO
Department for Digital, Culture, Media & Sport
100 Parliament Street
London SW1A 2BQ