Privacy and cookies
Privacy notice: how we use your data
Last update: March 17 2021
The House of Commons respects your rights to privacy. In line with our responsibilities under the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, this Privacy Notice explains the personal data that we collect and how we use the information.
The Petitions site lets you start and sign petitions to raise issues with the UK Government and Parliament.
The Petitions service is provided by the Government and the House of Commons. We need to collect, process and store some personal data to enable you to do this.
A data controller determines how and why personal data is processed. The Cabinet Office (part of the Government) and the House of Commons are joint data controllers of this site.
Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
Read the House of Commons entry in the Data Protection Public Register for more information.
The data controller for the House of Commons is the Clerk of the House.
What data we collect from you
The personal data we collect from people who start and sign petitions will include:
- your name
- your email address
- your postcode
- the country you live in
- whether you are a British citizen
- the IP address you use when starting or signing a petition
The legal basis for processing this data is public task – allowing you to raise issues with the UK Government and Parliament.
Why we need your data
We use this information to:
- make sure that people only sign a petition once
- check that you’re eligible to sign a petition
- contact you about petitions you start
- if you consent, email you updates about what happens in Parliament petitions you’ve signed
What we do with your data
If you start a petition and we accept it, your name will be published with the petition. We won’t publish any other personal information about you.
If you’ve signed a petition, we won’t publish any personal information about you.
We’ll use your postcode to work out how many people in each parliamentary constituency have signed a petition.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.
What we’ll email you about
If a petition you’ve started or signed gets a response from the Government, we’ll email the response to you.
If you’ve started or signed a petition, we might contact you to let you know about relevant things that are happening in Parliament and Government. That might include: debates that you can watch or read, chances to respond to a consultation, or ways to let MPs know why the petition is important to you.
You can stop these emails by clicking the “unsubscribe” link in the email.
How long we keep your data
We will retain your personal data from the date you start or sign a petition, until 6 months after that petition closes – a maximum of 12 months in total.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
All personal data on Petitions is processed, stored and managed entirely in the European Economic Area (EEA), and will not be transferred outside of it. This means that it is covered by EU Data Protection regulations.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for us are required to keep that data secure.
What are your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, please get in touch with us - you can find contact details below.
Changes to this notice
We may change this privacy notice. In that case the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to make sure you know.
Questions and complaints
Contact us if you either:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
You can contact the Data Protection Officer for the House of Commons (part of Parliament) at:
Head of Information Rights and Information Security
House of Commons
You can contact the Data Protection Officer for the Cabinet Office (part of the Government) here:
Data Protection Officer
You may also make a complaint to the Information Commissioner, who is an independent regulator set up to uphold information rights.
Information Commissioner's Office
0303 123 1113