UK Parliament website privacy notice
UK Parliament manages your data in line with our responsibilities under the UK General Data Protection Regulation (UK GDPR), as supplemented by the Data Protection Act 2018. This Privacy Notice explains what personal data we collect from you when you engage with us online and how we use your information.
In this privacy notice, references to ‘us’, ‘our’ or ‘we’ are to UK Parliament. Everything that we do with your data – such as storing it, working with it or deleting it – is referred to as ‘processing’.
- Who we are
- What this notice does not cover
- What data do we collect?
- How we collect your personal data
- How do we use your personal information?
- The lawful basis for collecting your data
- How we protect your data and keep it secure
- Data held outside the UK
- When do we share personal data?
- How long do we keep your data for?
- Your rights
- Cookies and similar technologies
- Email alerts and subscriptions
- Changes to this notice
UK Parliament is comprised of the House of Commons and House of Lords.
The House of Commons and House of Lords are separate Controllers, but have a joint department, the Parliamentary Digital Service. The Parliamentary Digital Service provides both Houses with digital services. In some cases, where personal data is being processed on behalf of both Houses, the Controllers will act as joint controllers.
The controllers are the Corporate Officer of the House of Commons (Clerk of the House) and the Corporate Officer of the House of Lords (Clerk of the Parliaments).
The Data Protection Officer for the House of Commons is the Head of Information Compliance.
Phone: 0207 219 4296
Address: Information Compliance Service, House of Commons, SW1A 0AA
The Data Protection Officer for the House of Lords is the Head of Information Compliance.
Phone: 0207 219 0100
Address: Information Compliance Team, House of Lords, SW1 OPW
This notice covers public facing websites hosted by Parliament.
It does not cover some websites which are not hosted on this domain, or websites and platforms which collect some specific information. For example, the Parliament shop website collects information about purchase history and payments.
These websites have their own privacy notices. You can find out more about who the controller is and how the personal data is collected, stored and used via the links listed below.
Websites not covered by this privacy notice:
When you contact us online, engage with our Parliamentary work online, or access our services online, we may collect, store and use your personal data.
This might include:
- your name
- your email address
- your postcode
- the country you live in
- details of which version of web browser you are using
- your IP address
- information about how you use our emails
- information on how you use the site
Where you provide personal information via our website, it will only be used for the services you requested and as specified on the relevant pages of the site.
We collect your personal data when you:
- respond to surveys, questionnaires or evaluations
- participate in a web forum hosted on our site
- agree to receive communications such as newsletters or marketing material
- submit information to register for an event.
We process your personal data so we can:
support the functioning of Parliament
provide you with goods, facilities or services
explain and promote the work of Parliament
process and manage your event registration and evaluate events.
The lawful basis for collecting and using personal data will depend on the specific context in which we collect it. However, we will normally collect personal data from you only when:
- we need to for the purposes of Parliamentary functions
- we have a legal obligation to do so
- we need the personal data in relation to a contract we have with you
- we have your consent to do so
- the processing is in our legitimate interests and not overridden by your rights.
Details about the lawful bases for processing personal data can be found on the Information Commissioner’s website.
We take the security of your personal data seriously. All personal data you provide to us will be stored securely - both physically and electronically - in accordance with our policies.
We have an information security process in place to oversee the effective and secure processing of your personal data.
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you. For example, we protect your data using varying levels of encryption. All third parties who process personal data for us are required to keep that data secure.
Some personal data we control is held outside the UK. This data is predominantly held in data centres within the European Economic Area (EEA), for the purpose of hosting and maintenance.
We, or processors acting on our behalf, will only store or process personal data in countries outside the European Economic Area (EEA), when we are assured of the security of the data. We put in place security measures to minimise the possibility of the loss or unauthorised access of your personal data.
We use internal and external services to manage your personal data. We may share your personal data with third parties when permitted to do so, including:
- if we have your consent
- if we have a contract with a processor acting on our behalf
- if we have a lawful basis for doing so
- if we are under a duty to disclose or share your personal data to comply with any legal obligation. This includes providing your personal data to other organisations. For example, to prevent fraud or other crime.
Examples of third parties include our product suppliers and delivery partners.
We will never share or sell your personal data to other organisations for direct marketing purposes. We will notify you of whom your personal data will be shared with and where it is stored.
We will keep your personal data for as long as is necessary for the purpose it was collected. In most cases, a retention period will apply which can be found in the Houses of Parliament Authorised Retention and Disposal Policy on our Information and Records Management Service (IRMS) page. We endeavour to notify you of the retention period when collecting your personal data.
The retention period for all other purposes, including contact after events and/or training, is 12 months. After this period, the personal data will be disposed of securely.
We will ensure you can exercise your rights in relation to the personal data you provide to us.
- Where we are relying on your consent to use your personal data, you can withdraw that consent or unsubscribe from our services at any time. Instructions are provided when we collect your data.
- You can request access to the personal data we hold about you at any time by contacting the Data Protection Officer of the relevant House whose contact details are found at the top of this notice.
- You can ask us to update your personal data if it changes. In certain circumstances, you can request we erase the personal data we hold or ask us to stop or restrict processing if you have an objection.
- In certain circumstances, you can ask for a copy of your information in a structured, commonly used and machine-readable format. This is to allow you to obtain and reuse your personal data for your own purposes across different services (the right to data portability).
- If you have any privacy-related questions or unresolved problems relating to the use of your personal data, you should contact the service area you are engaged with in the first instance. If you remain unhappy, you can contact the Data Protection Officer of the relevant House whose details are found at the top of this notice.
- You also have the right to complain to the Information Commissioner’s Office about the collection and use of your personal data. They can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
When you first visit our website, we will ask for consent to set any cookies (and to process any personal data collected by these cookies). These cookies are not strictly necessary to make our pages work and you can set your preferences at any stage by clicking ‘Cookie manager’ in the footer of each page.
Where cookies are strictly necessary, we consider that we have legitimate interest in processing the personal data they collect. This is because having a working website is vital to us supporting the work of UK Parliament.
You can always withdraw your consent by clearing cookies from the cache in your computer and rejecting them next time you visit our site.
We may also use similar technologies to identify when our emails are opened and the links you click on. This allows us to identify whether our email campaigns are effective, and we consider that we are legitimate in doing so.
If you sign up for one of our email subscription services, we will hold the information you submitted (such as your email address) for as long as we are providing you services.
You can unsubscribe from emails at any time by clicking the unsubscribe link at the bottom of each email, or by sending an email notifying us of your wish to unsubscribe.
When you subscribe to an email alert or newsletter service, we collect:
- your name, email address, subscription preferences and any other information you choose to provide to us
- information about how you use our emails - for example whether you open them, and which links you click on
- details of which version of web browser you are using
- information on how you use the site, using cookies and page tagging techniques.
We will use the personal data you have provided to us to send you email alerts and gather feedback to improve our email alerts. We may also occasionally contact you to improve our service.
We may update this privacy notice from time to time. In that case the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to make sure you know.