This privacy notice sets out how the Equality and Human Rights Commission handles, stores, uses and shares your personal information.
When the Commission processes your personal data, it is acting as a 'data controller'.
What we collect and how we use personal data
We process the personal data of individuals, which includes:
- telephone numbers
- email addresses
- financial details
- employment details and educational details
- family details
- visual images
We also process sensitive personal data, or ‘special categories’ of data, which includes:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
- political opinions
- sexual life
- trade union membership
- offences (including alleged offences)
- criminal and legal proceedings, outcomes and sentences
- genetic information
We also process personal information to help us to carry out our duties.
We do not sell personal information to anyone and only share it with third parties who are delivering our services.
Why we collect and use your personal data (the legal basis)
We may process your personal information for at least one of the following reasons:
- you have given your consent to us using the personal information in that way, for example, where you sign up to our e-newsletter
- our use of your personal information is necessary to carry out a contract or take steps to enter into a contract with you
- processing your personal data is necessary to perform a public task, which is carried out in the public interest
- we need to process your personal information to comply with relevant legal or regulatory obligations, which may include making reports to the authorities or government departments
What are cookies and how do you use them?
A cookie is a small file that we store on your computer to collect information about how you use our website. For more information on how we use these, see our cookies policy.
How we share your personal information
We may need to share your personal information with other organisations.
Where such sharing is necessary, we will comply with the requirements of the General Data Protection Regulation (GDPR) on data sharing.
Your rights to your personal information
You have the following rights to your personal information:
- right to request access to your personal information and information relating to our use and processing of your personal information
- right to request that we restrict our use of your personal information
- right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller
- right to object to the processing of your personal information for certain purposes such as direct marketing and profiling
- right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected
- right to withdraw your consent to the use of your personal information where the processing of your data is based on consent
You can make these requests or withdraw your consent by sending an email or writing to the Data Protection Officer (see how you contact us, below).
How long do we keep your personal information for?
We will keep your personal information for no longer than necessary, taking into account the following:
- the reasons why we are processing your personal information, for example, if we need to keep it to fulfil a contract
- whether the law requires us to continue to process your personal information, for example, if a law says we have to keep records
- whether we have a business reason to continue to process your personal information
For more information on how long personal data is retained, please contact the Commission’s Data Protection Officer (see how you can contact us, below).
How we keep your personal information safe
We take appropriate measures to secure your personal information and protect it against unauthorised or unlawful processing, as well as against its accidental loss, destruction or damage, including:
- using secure servers to store your personal information
- using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt confidential data in transit and at rest
- verifying the identity of individuals that access your personal information
- providing access to the minimum personal data necessary, using appropriate restrictions and making the data anonymous or unidentifiable whenever possible
Transfer of your personal information to other countries
We may need to transfer your personal information to countries outside the European Economic Area (EEA) or to an international organisation from time to time.
Where we transfer your personal information outside the EEA, we will ensure that adequate safeguards are used to secure the data.
How you can contact us
If you have any question or concern on how we collect, handle, store or secure your personal information, contact our Data Protection Officer:
Data Protection Officer
Equality and Human Rights Commission
The Arndale Centre
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Telephone: 0303 123 1113
Last updated: 24 May 2018