Data Protection notice

June 2024

CIISA is currently in development and is not operational. This notice covers our approach to handling information during this development, which covers the engagement we are having with stakeholders on our design.

This notice – and CIISA’s Data Protection approach – will be subject to change as and when CIISA becomes operational.

The Data Protection Act 2018 allows you to see information that any organisation holds about you. We are committed to keeping the information that we hold when doing our work – which includes personal and sensitive information – safe and to process it fairly and lawfully.

How do I make a request for information that you hold about me?

If you would like to receive information that we hold about you, you can ask us for it by emailing us at:

Or write to us at:

22 Wycombe End




When making your request, please include the following details:

  • your name and address (email and/or postal)
  • Any reference number (if you have logged a previous enquiry with us)
  • the type of information or documents you want to look at (for example, you might ask for copies of notes of our telephone conversations with you)
  • how you would like us to send the information to you (for example, hard copy or by email).

When will I hear from you about my request?

We aim to send you a reply as soon as possible and we aim to do so within one month of receipt.

If the request is complex or if a number of requests are submitted, we may extend the time we take to respond by a further two months. If this is the case, we will let you know within one month of receiving your request.

Will I receive everything you hold about me?

If you ask us for your personal information, we will give you as much as we are able to. We are committed to transparency and accountability and want to provide you with as much information as possible.

Unless otherwise stated, our work is carried out in under strict confidence to protect the privacy interests of all the parties involved. The Data Protection Act also contains some other exemptions that allow us to withhold certain types of information (such as the personal data of other people, or legal advice), because the release of that information would be likely to cause harm or affect our ability to do our work.

We will not usually be able to give you all the information that we have gathered if we believe that it will affect the privacy rights of other individuals associated.

How long do you retain my information for?

We only keep personal data for as long as is required to achieve the purpose for which the information was collected.

In CIISA’s developmental stage, we primarily store and retain information for up to seven years from when it is collected (our retention period). This is to help us retain and build up useful organisational knowledge related to the design and development of our service and helps us to provide an audit trail of key decisions. This also is important for keeping a record of our engagement and relationships with stakeholders.

At the end of our retention period, we will either automatically erase information we no longer need, or identify data for review if we believe we this information is important to help us keep a corporate memory of our development or relationships with stakeholders. Should we decide to retain this information for longer than our primary retention period, we will anonymise any relevant personal information.

More information

If you want to know more about your rights of access, please see the Information Commissioner’s website at