Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made a complaint or enquiry to us.
  • You have made an information request to us.
  • You wish to attend, or have attended, an event.
  • You subscribe to our e-newsletter.
  • You have applied for a job or secondment with us.
  • You are representing your organisation.
     

We also receive personal information indirectly, in the following scenarios:

  • We have contacted an organisation about a complaint you have made and it gives us your personal information in its response.
  • Your personal information is contained in reports of breaches of data protection law (‘breach reports’) given to us by organisations.
  • A complainant refers to you in their complaint correspondence.
  • Whistleblowers include information about you in their reporting to us.
  • We have seized personal information as part of an investigation.
  • From other regulators or law enforcement bodies.
  • An employee of ours gives your contact details as an emergency contact or a referee.
     

If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information. ​