This privacy statement sets out the standards that you can expect from the Independent Monitoring Board (IMB) when we request or hold personal information (‘personal data’) about you, how you can get access to a copy of your personal data, and what you can do if you think the standards are not being met.
The IMB head office is the data controller for the personal information we hold. The IMB collects and processes personal data for the exercise of its own and associated public functions. These include:
When you apply for a public appointment as an IMB member, you will be asked to provide personal information to support your application, and to determine your eligibility and suitability as a public appointee. This will include the personal information we need to enable us to select the right candidate for the role, and may include things such as past employment details, political activity, skills, and other volunteering activities. If you are successful in the appointment process any personal information provided to us may then form part of your member record which we will hold.
Security vetting checks
Prior to you being appointed, we will use your personal information to carry out the relevant security vetting checks, including criminal record checks.
Information held about you while you are a public appointee may include, but is not restricted to, application forms, personal details (such as name, date of birth, contact and next–of-kin details), copies of proof of identification, bank or building society accounts, investigations into conduct concerns, and records of disciplinary proceedings.
Types of personal data we process
We know how important it is to protect individuals’ privacy to comply with data protection laws. We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent.
We process only personal data that is relevant for the services we are providing. This may include:
- personal details
- financial details
- employment and education details
- racial or ethnic origin
- offences, including alleged offences
- opinions or views
Purpose and lawful basis for the processing
There are six lawful bases for processing information as made express in the General Data Protection Regulations (GDPR). The IMB has identified that the following two bases apply in accordance with the GDPR:
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Under these lawful bases, we will collect your personal information for the purpose of:
- reimbursing your travel and subsistence claims: we process your claims for expenses in conjunction with the central finance team
- managing other aspects of your public appointment: the personal information we collect and use will include (or be included in) information about your role as a public appointee, including (but not limited to) your training records, your member development opportunities, identified conflicts of interest, transfer between boards, security (DBS and CTC) renewals, induction, appraisal, and tenure
- processing complaints about member conduct: including grievances, inter-member disagreements, or breaches of the IMB conduct policy
- contacting you or your nominated contact (next of kin) in the case of an emergency (either yours or ours) as well as for member/Board related issues: we will ask you to provide us with home telephone numbers, mobile numbers and (for next of kin) the names of people
- providing administrative support: we may ask you to share personal information with us to support you in processing Subject Access Requests or Freedom of Information requests
With whom we may share your information
We may disclose certain personal information with external bodies if there is a legal obligation or legitimate interest to share. This will include the Ministry of Justice, the Chair of the Board, interview panel members, and the independent interviewer. It may also include your Regional Representative and your National Chair.
As public appointees, your data may be shared with the Civil Service Commission, The Advisory Committee on Business Appointments and the Office of the Commissioner for Public Appointments.
In respect of your vetting data, this will be shared with HM Prisons and Probation Service, the Home Office, and the Disclosure and Barring Service.
At all times the amount of information disclosed and the manner it is disclosed will be in accordance with data protection laws.
Retention period for information collected
The IMB has a retention and deletion policy that complies with data protection requirements. In general, information is kept for as long as there is a business need or a legal obligation to retain it, and deleted when it is no longer needed.
When we ask you for personal data
When we ask for your personal data, we promise to:
- inform you why we need your personal data and ask only for the personal data we need and not collect information that is irrelevant or excessive
- protect it and make sure no unauthorised person has access to it
- share it with other organisations for legitimate purposes only where appropriate and necessary
- make sure we do not keep it longer than is necessary
- consider your request to correct, stop processing, or erase your personal data
Access to personal information
For more information regarding your rights under the data protection legislation, including:
- how to obtain a copy of the personal data we hold about you
- contact details of the IMB’s Data Protection Officer
- how to make a complaint to the Information Commissioner’s Office
please contact the IMB at: email@example.com.