Privacy Notice and Rights (Fair Processing Notice)
Who we are and what we do
IPSA was created out of the Parliamentary Standards Act 2009, and fulfils three primary data controller responsibilities:
1. Regulate MPs’ business costs and expenses
2. Determine MPs’ pay and pension arrangements
3. Provide financial support to MPs for their parliamentary business
IPSA is independent of the Government, allowing research and recommendations into the above. We publish much of this in the public interest, with some redaction for privacy and security reasons.
What is a Privacy Notice (FPN)?
Definitions: personal vs sensitive. These have particular meanings where personal is information that can be used to identify a living person or a combination of what is already known or likely to be acquired; sensitive describes ethnicity, politics, religion, Trades Union membership, health, sexual life, criminal history and allegations, and certain personal financial information.
This notice helps to describe our purposes in using your information and outlines your rights and remedies. In particular that we process your information fairly and lawfully and maintain adequate security and safe guards during processing, and safe and secure disposal when finished.
For third parties, we will normally need at least contact details and any reference material in order to handle enquiries. This gives us legitimate interest in helping resolve the enquiry.
For employees, as a matter of employment contracts, information will need to be processed.
For MPs and staff, personal and financial information will be needed to conduct our business as provided in the Parliamentary Standards Act 2009. Some information will be shared with the House of Commons, and partners, who provide supporting services including HR and Pensions.
Sharing your Information
There may be times when we share your information, and we only do so when we are sure your information rights are still respected and data is secured. This may involve data processors who help us – the controller – out, by processing information on our behalf and we decide what they can do. There may be shared interest to assist you. Complaints will be shared with the investigating body. We work closely with the House of Commons on related matters. We share payroll data with the pension provider. There are other reasons, such as when we are legally obliged to.
Principles and (Subject) Rights
Generally speaking, processing requires a form of consent, contract performance or legal obligation. The Information Commissioner’s Office at https://ico.org.uk has detailed explanations of the below.
Under the Data Protection principles, data will be:
- processed fairly and lawfully, with additional conditions outlined
- obtained only for specified and limited purposes
- adequate, relevant and not excessive
- accurate and kept up to date
- not kept for longer than necessary, subject to obligations
- processed in accordance with the rights of data subjects
- protected by appropriate technical and organisational security
- stored within the European Economic Area and only transferred outside if that country or territory can ensure similar levels of respect and rights for data subjects
As a ‘data subject’ you have the following rights:
- Informed and confirm what we are processing and why
- Inspect personal data for accuracy, correction (‘subject access request’)
- Object to processing, restriction, and erasure
- Prevent direct marketing
- Prevent fully automated decision making and profiling
- Data portability
Compliance and Law
- Parliamentary Standards Act 2009 (with Constitutional Reform and Governance Act 2010)
- Common law duty of confidentiality
- Data Protection Act 1998 and Freedom of Information Act 2000
- Computer Misuse Act 1990
- Relevant financial and H.R. laws concerning regulation and records retention
Contacts and Complaints
If you wish to exercise your rights or have questions please write to:
Email: firstname.lastname@example.org OR
Post: IPSA, 4th Floor, 30 Millbank, London SW1P 4DU
Please include your name, organisation, full address, and telephone (if possible) and clearly lay out questions and expectations. We aim to answer, depending on complexity, within a calendar month.
In the event we are unable to help and you wish to complain, contact the ICO.
ICO helpline 0303 123 1113 or, for more options: https://ico.org.uk/global/contact-us/