Privacy and cookies

Privacy notice: how we use your data

Last update: November 24 2021

The House of Commons respects your rights to privacy. In line with our responsibilities under the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, this Privacy Notice explains the personal data that we collect and how we use the information.

The Petitions site lets you start and sign petitions to raise issues with the UK Government and Parliament.

The Petitions service is provided by the Government and the House of Commons. We need to collect, process and store some personal data to enable you to do this.

A data controller determines how and why personal data is processed. The Cabinet Office (part of the Government) and the House of Commons are joint data controllers of this site.

Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

Read the House of Commons entry in the Data Protection Public Register for more information.

The data controller for the House of Commons is the Clerk of the House.

What data we collect from you

The personal data we collect from people who start and sign petitions will include:

  • your name
  • your email address
  • your postcode
  • the country you live in
  • whether you are a British citizen
  • the IP address you use when starting or signing a petition

The legal basis for processing this data is public task – allowing you to raise issues with the UK Government and Parliament.

Why we need your data

We use this information to:

  • make sure that people only sign a petition once
  • check that you’re eligible to sign a petition
  • contact you about petitions you start
  • if you consent, email you updates about what happens in Parliament petitions you’ve signed

What we do with your data

If you start a petition and we accept it, your name will be published with the petition. We won’t publish any other personal information about you.

If you’ve signed a petition, we won’t publish any personal information about you.

We’ll use your postcode to work out how many people in each parliamentary constituency have signed a petition.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

What we’ll email you about

If a petition you’ve started or signed gets a response from the Government, we’ll email the response to you.

If you’ve started or signed a petition, we might contact you to let you know about relevant things that are happening in Parliament and Government. That might include: debates that you can watch or read, chances to respond to a consultation, or ways to let MPs know why the petition is important to you.

You can stop these emails by clicking the “unsubscribe” link in the email.

How long we keep your data

We will retain your personal data from the date you start or sign a petition, until 6 months after that petition closes – a maximum of 12 months in total.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

All personal data on Petitions is processed, stored and managed entirely in the European Economic Area (EEA), and will not be transferred outside of it. This means that it is covered by EU Data Protection regulations.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for us are required to keep that data secure.

What are your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, please get in touch with us - you can find contact details below.

Changes to this notice

We may change this privacy notice. In that case the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, we will take reasonable steps to make sure you know.

Questions and complaints

Contact us if you either:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled

You can contact the Data Protection Officer for the House of Commons (part of Parliament) at:

Head of Information Rights and Information Security

IRIS Service
House of Commons

You can contact the Data Protection Officer for the Cabinet Office (part of the Government) here:

Data Protection Officer

Cabinet Office
70 Whitehall

You may also make a complaint to the Information Commissioner, who is an independent regulator set up to uphold information rights.

Information Commissioner's Office
0303 123 1113

Wycliffe House
Water Lane


This website puts small files (known as ‘cookies’) onto your computer to collect information about how you browse the site.

These essential cookies are used to:

  • remember the notifications you’ve seen so that we don’t show them to you again
  • help prevent people from fraudulently signing petitions

These cookies aren’t used to identify you personally and are strictly necessary to ensure the secure running of this website.

Find out more about how to manage cookies.

Session cookies

We store a session cookie on your computer to help keep your information secure while you use the service.

Name Purpose Expires
_epets_session This keeps your information secure while you use the petitions service When you close your browser
signed_tokens Randomly generated references used to identify what links you’ve clicked to verify your email address. When you close your browser