Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made a complaint or enquiry to us.
- You have made an information request to us.
- You wish to attend, or have attended, an event.
- You subscribe to our e-newsletter.
- You have applied for a job or secondment with us.
- You are representing your organisation.
We also receive personal information indirectly, in the following scenarios:
- We have contacted an organisation about a complaint you have made and it gives us your personal information in its response.
- Your personal information is contained in reports of breaches of data protection law (‘breach reports’) given to us by organisations.
- A complainant refers to you in their complaint correspondence.
- Whistleblowers include information about you in their reporting to us.
- We have seized personal information as part of an investigation.
- From other regulators or law enforcement bodies.
- An employee of ours gives your contact details as an emergency contact or a referee.
If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information.
As part of the Information Commissioner’s statutory and corporate functions, we process special category data and criminal conviction data. Please read our Safeguards Policy – special categories of personal data and criminal convictions here.