Menu
UK Parliament

Privacy Notice for Lords members' staff

1. Controller and Data Protection Officer

The House of Lords’ Controller is the Corporate Officer (Clerk of the Parliaments). The Data Protection Officer is the Head of Information Compliance. The Data Protection Officer can be contacted at holinfocompliance@parliament.uk or on 0207 219 5693.

This notice relates to personal data processed by the House of Lords Administration. This notice does not apply to personal data in cases where individual members of the House are the controller of the data. You should receive a separate privacy notice from the member for whom you work.

2. Personal data collected, purpose and legal basis for processing

Personal data collected

The House of Lords Administration collects a limited amount of personal data about members’ staff. The personal data we process about you may include:

  • your name and contact details
  • information to enable us to authorise a parliamentary security pass and parliamentary network account
  • information required for the Register of Interests of members’ staff
  • photograph and CCTV images
  • details of enquiries you may make to the Library and/or Archives
  • any reasonable adjustment made to office facilities provided
  • a record of training you have undertaken
  • details of any complaints or issues you may have raised with the House of Lords Administration
  • confidential information about your use of the Parliamentary Health & Wellbeing Service
  • feedback you have provided about our services

Images of passholders may be captured by the security cameras on the Parliamentary Estate. Our security camera policy (pdf, 323KB) is published on the Parliamentary website.

Purpose

We process your personal data so we can:

  • provide you with goods, facilities or services
  • meet our legal obligations
  • support the functioning of Parliament
  • explain and promote the work of Parliament
  • convey information about your workplace

Legal bases

The legal bases allowing us to process your personal data are that it is necessary for us to do so for:

  • performing a contract (see article 6(1)(b) of the UK General Data Protection Regulation (“the UK GDPR”)
  • complying with a legal obligation to which the controller is subject (see article 6(1)(c))
  • performing a task carried out in the public interest (see article 6(1)(e)) which includes the exercise of a function of either House of Parliament
  • processing of data concerning your health where it is necessary to assess the need and/or make reasonable adjustments to facilities provided (articles 6(1)(b) and 9(2)(h)
  • furthering our legitimate interests (see article 6(1)(f)), in particular, to publicise and promote events in the House of Lords and also, so that we can bring or defend any legal proceedings

3. Who we share personal data with

Where necessary, we may share personal data with:

  • the House of Commons Service
  • providers of goods and services contracted by the House of Lords

The House Administration may receive requests for information constituting your personal data from applicants under the Freedom of Information Act 2000 and in most cases will consider whether disclosure of any relevant data it holds would contravene article 5(1)(a). This involves consideration as to whether the legitimate interests pursued by a third party (the applicant) are overridden by your interests or fundamental rights and freedoms as the data subject. The lawful basis for any disclosure itself is article 6(1)(c).

We may also share your data when permitted to do so or when there is a legal requirement to do so.

4. Transfer to third countries

Some personal data we control are held outside the UK. These data are predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance. If personal data are transferred to third countries outside the EEA, the adequacy of the data protection regimes of those countries and organisations holding the data is assessed to ensure appropriate safeguards are in place.

5. How long we keep personal data

Personal data collected about you are kept in accordance with Parliament’s Authorised Records Disposal Practice (ARDP). The length of time different types of personal data are kept depends on the purpose of their collection and legal requirements. The ARDP is published here.

6. Data subject rights

You have the right to:

  • access
  • request rectification of
  • request erasure of
  • restrict the processing of
  • object to the processing of
  • data portability of

your personal data held by the House of Lords Administration. This is subject to the exceptions in the Data Protection Act 2018. Further information is available on the parliamentary website.

7. Right to withdraw consent

Where the House of Lords Administration has relied on consent to process your data, you have the right to withdraw it at any time. To withdraw consent, please contact the Data Protection Officer at holinfocompliance@parliament.uk or on 0207 219 5693.

8. What if you do not provide your data?

You are required to provide certain information to enable us to authorise a parliamentary security pass and network account for you. Also, in accordance with resolutions of the House of Lords, persons who hold parliamentary security passes or email accounts as secretaries or research assistants to members of the House of Lords are required to provide certain information which will be entered in the Register of Interests of House of Lords Members’ Staff and made available for public inspection. Failure to provide certain data may mean that you will not be given a parliamentary security pass and network account, and any existing pass or network account may be withdrawn.

There are certain other circumstances where we rely on your personal data to facilitate services to you. Whilst there is no obligation to provide your personal information in these cases, it may affect the range of services you can access.

9. Right to complain

If you are unhappy with the use of your personal data by the House of Lords Administration you should contact the Data Protection Officer in the first instance.

You also have the right to complain to the supervisory authority if you consider that the House of Lords Administration is in breach of its data protection obligations. The supervisory authority is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The ICO’s website is here.


Updated November 2022 v.2