Privacy notice for email and subscription services

About us

The House of Commons and House of Lords are separate Data Controllers but have a legally joint department (the Parliamentary Digital Service) that provides both Houses with digital services.

Some email subscription services that can be accessed from the Parliament website share a common platform, but the mailing lists subscribed to are managed by the relevant House that provides the content. Because of this, in some cases the Data Controller will be the Corporate Officer of the House of Commons (Clerk of the House), and in others, the Data Controller will be the Corporate officer of the House of Lords (Clerk of the Parliaments).

There are also some joint services, where a team or office is based in one House but provides a service to both Houses, in these cases the Houses are considered joint Data Controllers of the personal data held by that service.

If it is not immediately obvious when you sign up to a mailing list, or from the content of the email you receive which House is responsible, the Data Protection Officers of either House will be able to help.

The Data Protection Officer for the House of Commons is the Head of Information Rights and Information Security.

• Email: IRIS@parliament.uk
• Phone: 0207 219 4296
• Address: IRIS Service, House of Commons, SW1A 0AA

The Data Protection Officer for the House of Lords is the Head of Information Compliance.

• Email: holinformationcompliance@parliament.uk
• Phone: 0207 219 0100
• Address: Lords Information Compliance, House of Lords, SW1 OPW

Collection of your personal data

When you subscribe to an email alert or newsletter service we collect:

• your name, email address, subscription preferences and any other information you choose to provide to us
• we may also collect information about how you use our emails - for example whether you open them and which links you click on
• details of which version of web browser you are using
• information on how you use the site, using cookies and page tagging techniques

When we collect your data we will notify you about what information we are collecting and our intended uses.

Use of your personal data

The lawful basis for collecting and using the personal data will depend on the specific context in which we collect it.

However, we will normally collect personal data from you only:

• where we have your consent to do so
• where we need to for the purposes of Parliamentary functions
• where the processing is in our legitimate interests and not overridden by your rights

Where you have signed up to receive email alerts or to subscribe to bulletins on subject areas through the Parliamentary website, we are relying on the lawful basis of consent.

We will use the personal data you have provided to us to send you email alerts and gather feedback to improve our email alerts. We may also occasionally contact you to improve our service.

Details about the lawful bases for processing personal data can be found on the Information Commissioner’s website.

Storage and retention of your personal data

We will retain your personal data for as long as is necessary for the purpose it was collected.

In most cases, if you have subscribed to an email alert or subscription service, we will keep your personal data for as long as you are subscribed to that service and delete that data once you have requested to be removed. The Houses of Parliament also has an Authorised Records Disposal Policy (PDF 1 MB) on our website, which provides details on retention periods for the types of data we collect. We will notify you of the retention period when collecting your personal data. At the end of the retention period, your personal data will be disposed of securely.

Disclosure and security of your personal data

We may disclose your personal data to third parties when permitted to do so including:

• with your consent
• where we have a contract with a processor acting on our behalf
• if we have a lawful basis for doing so
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes providing your personal data to other organisations, such as the Police, for the purposes of prevention and detection of crime.

We may also share your personal data with other organisations where there is a lawful basis for doing so, such as either House of Parliament for the provision of shared services to you.

We will never share or sell your personal data to other organisations for their direct marketing purposes.

We will notify you of whom your personal data will be shared with and where it is stored.

All personal data you provide to us will be stored securely, both physically and electronically, in accordance with our policies. We have an information security process in place to oversee the effective and secure processing of your personal data.

In addition, we (or processors acting on our behalf) may also store or process your personal data in countries outside the European Economic Area but only where we are assured of the security of the data. We have put in place technical and organisational security measures to minimise the possibility of the loss or unauthorised access of your personal data.

Data processors

Whilst some email lists are managed in house using only Parliamentary IT systems, we do use some third-party companies as data processors to provide the technology for email alerts and subscription services. Where we use third party providers, information will be provided to you when you subscribe to that service. Details of the more widely used third-party email subscription services are below.

Email subscriptions and Mail Chimp

We use Mail Chimp to manage subscription lists, preferences and send emails for those that have signed up to emails via our subscription manager.

Mail Chimp has staff based outside the European Economic Area, and stores your data in the US. Mail Chimp is certified under the EU-US Privacy Shield framework.

You can find out more about Mail Chimp’s privacy policy information.

Your rights

We will ensure you can exercise your rights in relation to the personal data you provide to us. These are as follows:

• where we are relying on your consent to use your personal data, you can withdraw that consent or unsubscribe from our services at any time. Instructions are provided when we collect your data.
• you can request access to the personal data we hold about you at any time by contacting the Data Protection Officer whose contact details are found at the top of this notice.
• you can ask us to update your personal data if it changes. In certain circumstances, you can request we erase the personal data we hold, or ask us to stop or restrict processing if you have an objection.
• you can ask for a copy of your information in a machine-readable format to allow you to obtain and reuse your personal data for your own purposes across different services. (the right to data portability).
• if you have any privacy-related questions or unresolved problems relating to the use of your personal data, you may complain to us by contacting the Data Protection Officer whose details are found at the top of this notice.
• you also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contact at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk.

Further details about your rights and the complaints process can be found on the Information Commissioner’s website.

Data protection and privacy

Find out about the different controllers in Parliament, their responsibilities, your rights, and how to contact them.

• Data protection and privacy policy