Guidance

User support privacy notice

Published 17 May 2018

User support for the GOV.UK website and other GDS services is provided by the Government Digital Service (GDS), which is part of the Cabinet Office.

The GDS user support team provides assistance and guidance for people using the GOV.UK website and other GDS services. We answer most enquiries directly, but in some cases we will forward the user’s information onto the relevant government department so that they can provide more detailed and specific advice.

We currently use Zendesk to process and store records of communications with users.

The data controller for GDS is the Cabinet Office. A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.

What data we need

The personal data we collect from you includes:

• questions, queries or feedback you leave, including your email address if you contact GOV.UK
• your Internet Protocol (IP) address

The legal basis for processing this data is to perform a task in the public interest that is set out in law - specifically to answer questions and provide other assistance to public enquiries.

If we get sensitive personal data

If we get enquiries that contain sensitive personal data (for example National Insurance numbers or credit card or bank details) we will:

• delete this immediately
• tell you what we’ve done
• tell you not to share similar information with us in future
• give you details of government organisations that could help you (if relevant)

Once we’ve deleted sensitive personal data it cannot be retrieved by GDS staff. Your email and contact details will however be kept, in line with our retention schedule.

Why we need your data

We need to retain user email addresses for a limited period of time in order to provide responses to user enquiries.

What we do with your data

We will reply with the relevant information to the email address you provide, or direct your request to the department, agency, or other government body best placed to provide a response.

In line with security and information assurance protections, we will also retain email addresses for spam contacts submitted in order to reduce the incidence of such spam and free up time to deal with legitimate enquiries.

We will not:

• sell or rent your data to third parties
• share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

• it is needed for the purposes set out in this document
• the law requires us to

In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 16 months.

We’ll delete the names, email contact details, and complete records of previous email contacts from members of the public who have contacted us previously if we have heard nothing further for at least 1 year.

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may, throughout the course of its processing at GDS, be transferred outside of the European Economic Area (EEA). Where this is the case, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

• information about how your personal data is processed
• a copy of that personal data
• that anything inaccurate in your personal data is corrected immediately

You can also:

• raise an objection about how your personal data is processed
• request that your personal data is erased if there is no longer a justification for it to be processed
• ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Data Protection Officer.

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If such changes affect how your personal data is processed GDS will take reasonable steps to let you know.

How to contact us

Contact the Data Protection Officer if you:

• have any questions about anything in this document
• think that your personal data has been misused or mishandled

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

Email DPO@cabinetoffice.gov.uk

If you have a complaint, you can also contact the Information Commissioner, who is an independent regulator set up to uphold information rights.

Information Commissioner's Office

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860