Privacy notice

The Information Commissioner’s Office of the United Kingdom (hereafter “we”) currently acts as co-chair and Secretariat for the Common Thread Network (CTN). 

As part of its CTN Secretariat work, we process the personal data of CTN members, applicants and observers to the CTN and members of the public who proactively engage with us via our communication channels.

Data is processed by us to further international cooperation amongst authorities overseeing data protection and privacy legislation in the Commonwealth and to fulfil our role as the CTN Secretariat. This role includes data processing to handle member and observer applications, handle matters relating to the establishment of relevant CTN Working Groups, facilitate CTN events and communicate CTN news and press releases to all interested parties (CTN members and observers as well as other stakeholders).

The lawful basis that we rely on to process this personal data is Article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

Where the information processed is special category data, the lawful basis that we rely on to process this data is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of individuals’ fundamental rights and Schedule 1 part 2(6) of the UK Data Protection Act 2018, which relates to statutory and government purposes.

We process names and contact details to communicate with relevant individuals about the work of the CTN and its events. We may also process photographs and biography information, or survey information received from members or individuals involved in CTN activities or, where it is the case, attending CTN events.

We will use your name and contact details to correspond with you about the CTN. This will include communicating with you about news and events and to distribute key messages from the CTN membership. 

Where we hold contact information for representatives of the media, we will use this to send you any press releases concerning the work of the CTN. 

Data will be shared with our data processors (see section on data processors below) when required to fulfil our role as CTN Secretariat.

We will retain this data for the duration of our tenure as Secretariat of the CTN and transfer the data to another authority when our tenure as Secretariat ends.

We process your personal data for our regulatory purposes, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which will depend on why we are processing it.

We rely on your consent to process your contact details for the purpose of sending you CTN news. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If at any point you want to withdraw your consent to receive news updates or to our processing of your data more generally please email CTN-secretariat@ico.org.uk or call us on (+44) 0303 123 1113 with your request. If you do that, we will update our records to reflect your wishes. 

For more information on your rights, please see ‘Your data protection rights‘.

Yes – we use the following data processors:

• 1&1 Ionos (web host)

• Twitter (social media)

• SnapSurvey

• Microsoft (email)

We only use cookies that are necessary for functionality, security and accessibility of the website.

Yes – we transfer data overseas from the United Kingdom, primarily to Ghana, whose Data Protection Commission acts as co-chair of the CTN, as well as to other members of the CTN, a list of which is available on this website.

The Information Commissioner’s Office (ICO) of the United Kingdom currently acts as the Secretariat and controller for the CTN.

Our Data Protection Officer is Louise Byers. You can contact her at dpo@ico.org.uk or via the details given below.

There are many ways you can contact us, including by phone, email, live chat and post. More details can be seen here.

If you remain dissatisfied after having contacted our DPO, you can make a complaint about the way we process your personal information to the ICO as the UK supervisory authority. Complaints about us are handled in the same way as a complaint about any another organisation.