The ICO exists to empower you through information.

Purpose and lawful basis for processing

Our purpose for processing this information is so we can assess codes of conduct or certification scheme criteria submitted to us for approval and respond to you.

The lawful basis we rely on to process your personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

What we need

To assess the applications and approve codes of conduct or certification scheme criteria, we need the name and contact details of your organisation’s main point of contact and any representatives where applicable.

Why we need it

We use the data collected to assess the code of conduct or certification criteria, issue the approval and notify you of the outcome.

What we do with it

We’ll publish approved codes of conduct or certification criteria, but these will not contain any personal data.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We process personal data for the code of conduct or certification criteria application in our capacity as regulator, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?