HMPPS is an Executive Agency/Arm’s Length Body of the Ministry of Justice (MoJ). MoJ is the data controller for the personal information we hold. HMPPS collects and processes personal data for the exercise of its own and associated public functions. These include: providing safe and secure prison services, including those related to the management and rehabilitation of offenders.
About personal information
Personal data is information about you as an individual. It can be your name, address or telephone number. It can also include information about the payments you make and the prisoner you are paying.
We know how important it is to protect customers’ privacy and to comply with data protection laws. We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent.
Types of personal data we process
We only process personal data that is relevant for the services we are providing to you. If you make a payment, this includes:
- your name, postal address, email address, payment card details, your IP address and details about your contact in prison
If you provide feedback to us, this includes:
- your email address or other contact details you give us
- any personal information you include in questions, queries or feedback you leave
Information about how you use the site is collected using cookies and page tagging techniques (Google Analytics). It does not contain any personal data and is only collected if you consent to this. It is shared with the Government Digital Service.
Purpose of processing and the lawful basis for the process
We collect personal data so that you can safely send money digitally to someone in prison. If we don’t have all the personal data we ask for, the payment can not be processed.
It helps us to:
- complete the payment transactions
- prevent, detect and investigate suspicious payment
- prevent, detect and investigate suspected crime or unlawful activity
- respond to your feedback if you have asked us to
The data you give us will be monitored to prevent and detect financial fraud, money laundering and other criminal activity.
The data is processed in accordance with the General Data Protection Regulation and Data Protection Act 2018 and the lawful basis for processing is substantial public interest.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we will comply with all aspects of the data laws. The organisations we share your personal information with are:
- Zendesk to handle any feedback that you leave. See the terms & conditions attached to this service.
- Selected individuals employed in contracted-out prisons.
We may also share your data with the police and other law enforcement agencies where criminal or unlawful activity is suspected.
Details of transfers to third country and safeguards
Data collected is stored within the UK and Ireland. However, due to the global nature of the internet, data may transit through other countries outside of the European Economic Area (EEA) while going to and from the database. Data is not stored in a non-EEA country.
Feedback about the service may be stored outside of the EEA, where it could be viewed by our staff or suppliers. By submitting your personal data, you agree to this.
Retention period for information collected
Data is retained for seven years in accordance with HM Prison and Probation Service retention policy.
Access to personal information
You can find out if we hold any personal data about you by making a ‘subject access request’. This process is set out in the Ministry of Justice personal information charter.
When we ask you for personal data
We promise to inform you why we need your personal data and ask only for the personal data we need and not collect information that is irrelevant or excessive;
- You can withdraw consent at any time, where relevant;
- You can lodge a complaint with the supervisory authority;
- We will protect it and make sure no unauthorised person has access to it;
- Only where appropriate and necessary share it with other organisations for legitimate purposes;
- Make sure we don’t keep it longer than is necessary;
- Not make your personal data available for commercial use without your consent; and
- Consider your request to correct, stop processing or erase your personal data.
You can get more details on:
- Agreements we have with other organisations for sharing information;
- Circumstances where we can pass on personal information without telling you, for example, to help with the prevention or detection of crime or to produce anonymised statistics;
- Our instructions to staff on how to collect, use or delete your personal information;
- How we check that the information we hold is accurate and up-to-date; and
- How to make a complaint;
For more information about the above issues, please contact:The Data Protection Officer
Ministry of Justice
3rd Floor, Post Point 3.20
10 South Colonnades
For more information on how and why your information is processed please see the information provided when you accessed our services or were contacted by us.
When we ask you for information, we will keep to the law. If you consider that your information has been handled incorrectly, you can contact the Information Commissioner for independent advice about data protection. You can contact the Information Commissioner at:Information Commissioner’s Office
Telephone: 0303 123 1113