Guidance

Bluepoint privacy notice

Published 19 June 2018

Bluepoint is the visitor management tool used by Derwent, the owners of the White Chapel Building where the Government Digital Service (GDS) is based. Bluepoint is used to invite and track external visitors in the building. Derwent needs accurate information about visitors to make sure the building meets security, and health and safety standards.

The data controller is Derwent – a data controller determines how and why personal data can be processed. Bluepoint is the processor of Derwent’s personal data and also the processor of personal data for GDS’s visitors to the building.

GDS staff add visitor names to the Bluepoint system by using the Bluepoint website.

Bluepoint is provided by Digital Forge Ltd. Read Bluepoint’s privacy notice.

What data we collect from you

The personal data we collect from you will include:

  • your name
  • your email address - only if the GDS person arranging your building pass sends you an invitation through the Bluepoint website

The legal basis for processing this data is:

  • vital interest - Derwent needs to make sure visitors to the building are aware of health and safety procedures in case of fire or security incidents
  • legal obligation - Derwent needs information for compliance with building and site regulations
  • legitimate interests - Derwent uses Bluepoint to process this data so that GDS can use White Chapel Building services (like the reception desk)

Why we need your data

We need your data to:

  • make sure we have accurate information about who enters the building and when they leave
  • maintain the safety and security of all building tenants

What we do with your data

The Bluepoint system is a visitor management system only. The data processed is used by:

  • the White Chapel Building reception team (as Derwent employees)
  • Bluepoint software (provided by Digital Forge Ltd)
  • GDS’s estates management team

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only keep your personal data for as long as:

  • the law requires us to
  • we need for the purposes listed above

This means that we will only hold your personal data for 1 year from the time of your last visit to the building.

Where your data is processed and stored

All personal data on Bluepoint is processed, stored and managed entirely in the European Economic Area (EEA), and will not be transferred outside of it. This means that it is covered by EU data protection regulations.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for GDS are required to keep that data secure.

Children’s privacy protection

We don’t design or promote services for children who are 13 years of age or younger, and we don’t intentionally collect or keep data about anyone under the age of 13.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format

  • that anything inaccurate in your personal data is corrected immediately

You can also:

If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.

Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.

Questions and complaints

Contact the Data Protection Officer if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SAR)

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

You can also complain to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860