Ofcom ('the Office of Communications') is the communications regulator for the United Kingdom. It collects and processes personal data that it needs to carry out its statutory functions and to operate as a public body, including employing and contracting staff. This general statement covers all of these various purposes. In most cases we will collect that data from you directly (for example, if you are applying for a licence from us), however from time to time we might need to collect personal data about you from a third party, such as your communications provider.
In accordance with our legal obligations this General Privacy Statement sets out the information you need to know about the way in which Ofcom will collect, process and store your personal data, how long we will keep it for, your rights in connection with that data, and the people with whom we may need to share it.
Whenever we request personal data for a specific purpose that is not covered in this General Privacy Statement we will explain why we need that information and our lawful basis for collecting it. Similarly, if in the future we intend to process your data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information.
Ofcom is committed to protecting your privacy in accordance with data protection legislation.
Ofcom collects personal data that it needs to perform its statutory functions, to operate as an organisation and to comply with its legal obligations.
Ofcom’s statutory functions include (but are not limited to) its duties and powers under the Office of Communications Act 2002, the Communications Act 2003, the Broadcasting Acts 1990 and 1996, the Wireless Telegraphy Act 2006, the Competition Act 1998, the Enterprise Act 2002, and the Postal Services Act 2011.
As an organisation Ofcom needs to employ staff and to contract with third-party service providers. Ofcom’s legal obligations include its obligations under the Equalities Act 2010, for example, and its duties as an employer under applicable employment and tax legislation.
Depending on the purpose and context, the personal data Ofcom collects may include:
In carrying out our functions, Ofcom may from time to time collect personal data which users of online media platforms (for example, Twitter, Facebook, Instagram, YouTube, news websites and other public blogs/forums) have chosen to make publicly available.
Ofcom may use your personal data for the purposes of carrying out its statutory functions, including Ofcom’s law enforcement functions, and complying with its legal obligations. Ofcom may also use your personal data where there are reasons of substantial public interest to do so, or where it has otherwise obtained your consent.
In particular, Ofcom may use your personal data for one or more of the following reasons:
Ofcom may also, from time to time, need to share your personal data with other third parties, including:
We may use machine learning programmes to help us as we analyse large datasets, but we will not use automated means to take decisions about individuals.
Ofcom will determine the period for which it needs to keep your personal data having regard to the reasons and purposes for which it was collected, our statutory duties and other legal obligations, the exercise and defence of any legal claims, including the period within which any current or potential future legal claims may be brought.
Ofcom has put in place appropriate technical and organisational measures to protect your personal data and to prevent any unauthorised or unlawful processing and any accidental loss, destruction or damage to it.
From time to time, Ofcom may need to transfer personal data to other countries, for example, where personal data is being stored securely in the cloud and the relevant servers are located overseas. We will, in these circumstances, first ensure that the relevant country has the appropriate safeguards in place to protect your personal data.
Like most websites, we use cookies to improve the quality of the website and your experience of it. Our cookies statement explains more.
As your employer (including where you are on secondment to Ofcom, or may be working for us as a freelance contractor), or prospective employer or where you perform a role for Ofcom as a non-executive member of a Committee, Board or Panel (whether or not you are directly employed by Ofcom), Ofcom is required to keep and process information about you for normal employment purposes. The information we hold and process will be used only for our management and administrative use, to carry out our employment or related tasks, or to comply with our legal obligations. We will hold and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, in connection with the recruitment process, whilst you are an Ofcom employee (or whilst you are appointed as a non-executive member of a Committee, Board or Panel), at the time when your employment or appointment ends and, usually, for a period of 6 years after you have left or cease to be a non-executive member of a Committee, Board or Panel. This includes using information to enable us to:
Much of the information we hold will have been provided by you but some may come from other sources such as your line manager, referees, or current employer where this is not Ofcom.
The sort of information we may collect and hold includes:
In some circumstances, we may also collect information that, under the GDPR, is deemed to be sensitive personal data. This includes:
We may also monitor computer use, as detailed in our Acceptable Use Policy. We also maintain records of the hours that colleagues work by way of the timesheets which include sickness absence recording.
We may also need to share your data with the third-parties who provide our pension, health insurance schemes and/or other ‘Choices’ benefits to our employees.
Where we have collected your personal data for the purposes of our employment functions, we will retain it for a period of 6 years after you have left Ofcom. Online job applications will be held for up to 3 years for unsuccessful candidates for trend activity reporting purposes and to contact applicants in the future about jobs that they may be interested in. We will retain interview notes and/or any supporting recruitment information for all applicants for a period of 6 months.
As set out in our General Privacy Notice, if, in the future, we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information.
Under data protection legislation, you have rights to access your personal data and, in certain circumstances to: object to the processing of the data, or to request that it be rectified or erased; request that the processing of the data is restricted; and to data portability of that data. Where Ofcom is relying on your consent in order to use your personal data you may withdraw that consent at any time (however this will not affect the lawfulness of the data processing before your consent was withdrawn).
Should you wish to confirm whether or not Ofcom holds personal data about you, request copies of that data, or make any other request in relation to your personal data, you should send this to Ofcom’s Information Requests team at: information.requests@ofcom.org.uk
If it would be helpful, you can use the form below to make your request:
Should you wish to make a request for personal data that we may hold about someone other than yourself, for example because you are carrying out an investigation under statutory powers, you may wish to use one of the following forms:
Request form - Law enforcement agencies (PDF, 104.7 KB)
Request form - Law enforcement agencies (RTF, 745.2 KB)
Request form - Law enforcement agencies (Marine division) (PDF, 105.6 KB)
Request form - Law enforcement agencies (Marine division) (RTF, 748.1 KB)
Ofcom’s handing of personal data is overseen by our Corporation Secretary, who is Ofcom’s Data Protection Officer. Should you wish to query the way Ofcom is handling your personal data or submit a complaint about this you should address this to our Data Protection Officer at:
Corporation Secretary
Ofcom
Riverside House
2a Southwark Bridge Road
London
SE1 9HA
Tel: 020 7981 3000
If you are unhappy with the way that Ofcom is dealing with your personal data, and have already raised your complaint with Ofcom, you can make a complaint to the Information Commissioner’s Office at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Email: casework@ico.org.uk.