The ICO exists to empower you through information.

Purpose and lawful basis for processing

Our purpose for processing this information is so we can assess an application for accreditation as a code monitoring body and respond to you.

The lawful basis we rely on to process your personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

What we need

We need the name and contact details of your organisation’s main point of contact and any representatives where applicable. We also need evidence from you to demonstrate your organisation’s compliance with accreditation requirements, which may contain personal data.

Why we need it

We use the data collected to assess your application, issue the accreditation, and evidence the information you provide.

What we do with it

We’ll publish details of your organisation’s accreditation, but this will not contain any personal data.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We process personal data for the monitoring body application in our capacity as regulator, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?