Menu
UK Parliament

Privacy Notice for House of Lords Members

1. Controller and Data Protection Officer

The House of Lords’ Controller is the Corporate Officer (Clerk of the Parliaments). The Data Protection Officer is the Head of Information Compliance. The Data Protection Officer can be contacted at holinfocompliance@parliament.uk or on 0207 219 5693.

2. Personal data collected, purpose and legal basis for processing

Personal data collected

The House of Lords Administration collects a variety of personal data about Members of the House of Lords. This includes but is not limited to:

Names, addresses, personal contact details, bank account/credit card details, photographs, videos, biographical information, registerable interests, and in some cases details of next of kin, spouses and children or data concerning a Member’s health. The House of Lords Administration may occasionally collect special category personal data if required to provide security measures for Members.

Images of passholders may be captured by the security cameras on the Parliamentary Estate. Our security camera policy (pdf, 323KB) is published on the Parliamentary website.

Purpose 

Processing these personal data is necessary to:

  • enable the provision of services to you as a Member
  • support the functioning of Parliament
  • explain and promote the work of Parliament
  • meet our legal obligations and legitimate interests

Legal bases

The legal bases for processing these personal data are that:

  • processing is necessary for the performance of a contract (article 6(1)(b) of the UK General Data Protection Regulation – “the UK GDPR”)
  • processing is necessary for compliance with a legal obligation to which the controller is subject (article 6(1)(c))
  • processing is necessary for the performance of a task carried out in the public interest (article 6(1)(e)), which includes the exercise of a function of either House of Parliament
  • processing is necessary for the purposes of legitimate interests pursued by the House or third parties (article 6(1)(f))

Examples

  • names, addresses and personal contact details are used for communicating with Members about their parliamentary work and for supporting the system of financial support for Members (article 6(1)(e))
  • credit/debit card details are used for catering accounts or personal events (article 6(1)(b))
  • photographs, videos and biographical information are used for explaining and promoting the work of the House of Lords and publishing details about Members’ participation in the work of the House (article 6(1)(e))
  • information required for the Register of Lords’ Interests (article 6(1)(e))
  • information relating to complaints by or about Members, including information relating to any restrictions on Members’ access to service that may result from complaints (article 6(1)(e) or (f))
  • special category personal data about Members where it is necessary to provide security measures (articles 6(1)(e) and 9(2)(g))
  • processing of data concerning a Member’s health where it is necessary to assess the requirement for additional support to the Member (articles 6(1)(b) and 9(2)(h))
  • dealing with requests under the Freedom of Information Act 2000 (article 6(1)(c) and (f)) – see below

Consent

Where a task or service for which the House of Lords Administration would like to use your personal data is not necessary for the provision of services to you as a Member, to support the functioning of Parliament, to explain and promote the work of Parliament, or to meet our legal obligations and legitimate interests, the Administration will seek your consent under article 6(1)(a) and/or article 9(2)(a) of the UK GDPR.

3. Who we share personal data with

Where necessary, the House of Lords Administration may share your personal data with:

  • the House of Commons Service
  • His Majesty’s Government, for example the provision of your address to the Ministry of Justice for the issuing of your Writ of Summons
  • the general public, for example via the internet or in a media notice, about your participation in the work of the House of Lords
  • providers of goods and services contracted by the House

The House of Lords Administration may receive requests for information constituting your personal data from applicants under the Freedom of Information Act 2000 and in most cases will consider whether disclosure of any relevant data it holds would be consistent with the requirement in the UK GDPR to process the data lawfully, fairly and in a transparent manner (Article 5(1)(a)). This involves consideration as to whether the legitimate interests pursued by a third party (the applicant) are overridden by your interests or fundamental rights and freedoms as the data subject (Article 6(1)(f)). The lawful basis for any disclosure itself is Article 6(1)(c).

The House of Lords Administration may also share data when there are other legal requirements to do so. The House of Lords Administration will not give information about you to anyone without your consent unless the law or the House of Lords Administration’s policies require it.

4. Transfer to third countries

Some personal data controlled by the House of Lords Administration are held outside the UK. These data are predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance. If personal data are transferred to third countries outside the EEA, the adequacy of the data protection regimes of those countries and organisations holding the data is assessed to ensure appropriate safeguards are in place.

5. How long we keep personal data

Personal data collected about you are kept in accordance with Parliament’s Authorised Records Disposal Practice (ARDP). The length of time different types of personal data are kept depends on the purpose of their collection and legal requirements. The ARDP is published here.

6. Data subject rights

You have the right to:

  • access
  • request rectification of
  • request erasure of
  • restrict the processing of
  • object to the processing of
  • data portability of

your personal data held by the House of Lords Administration. This is subject to the exceptions in the Data Protection Act 2018. Further information is available on the parliamentary website.

7. Right to withdraw consent

Where the House of Lords Administration has relied on consent to process your data, you have the right to withdraw it at any time. To withdraw consent, please contact the Data Protection Officer at holinfocompliance@parliament.uk or on 0207 219 5693. 

8. What if you do not provide your data?

There are certain circumstances where the Administration relies on personal data to facilitate services to you as a Member. Whilst there is no obligation to provide such personal information it may affect the range of services provided.

9. Right to complain

If you are unhappy with the use of your personal data by the House of Lords Administration you should contact the Data Protection Officer in the first instance.

You also have the right to complain to the supervisory authority if you consider that the House of Lords Administration is in breach of its data protection obligations. The supervisory authority is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The ICO’s website is here.

Updated November 2022 v.6
Reviewed January 2024

Annex - our legal bases for processing your personal data

Here are more details of the legal reasons, referred to above, which allow us to process your personal data:

Performance of a contract: Articles 6(1)(b) and 9(2)(h) of the UK GDPR

  • “processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract”; and
  • (in the case of special categories of personal data) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.”

Compliance with a legal obligation: Article 6(1)(c)

  • “processing is necessary for compliance with a legal obligation to which the controller is subject.”

Performance of a task carried out in the public interest: Article 6(1)(e)

  • “processing is necessary for the performance of a task carried out in the public interest”, which under the Data Protection Act 2018 includes the exercise of a function of either House of Parliament.

Legitimate interests: Article 6(1)(f)

  • “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”