Privacy notice

GOV.UK (or www.gov.uk) is provided by the Government Digital Service (GDS), part of the Cabinet Office.

Cabinet Office is the data controller for pages starting with www.gov.uk - for example, www.gov.uk/pip.

If you have a GOV.UK One Login, read the full GOV.UK One Login privacy notice to find out how it stores, processes and shares your personal information.

If you follow a link to a service provided by another government department, agency or local authority, that organisation will:

  • be the data controller
  • be responsible for processing any data you share with them
  • publish and manage their own privacy notice with details of how to contact them

Example

If you make a claim for Universal Credit www.universal-credit.service.gov.uk, the Department for Work and Pensions will be the responsible controller. The service’s own privacy notice will apply.

A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.

What data we collect

The personal data we collect from you includes:

  • questions, queries or feedback you leave, including your email address if you contact GOV.UK
  • your postcode and address if you use a GOV.UK service that includes a postcode or address lookup function (such as the school term and holiday dates service)
  • your email address and subscription preferences when you sign up to our email alerts
  • how you use our emails - for example whether you open them and which links you click on
  • your Internet Protocol (IP) address, and details of which version of web browser you used
  • information on how you use the site, using cookies and page tagging techniques

Where you provide your consent, we use Google Analytics cookies and a Real User Monitoring (RUM) cookie from SpeedCurve to collect information about how you use GOV.UK. This includes IP addresses.

Google Analytics processes information about:

  • the pages you visit on GOV.UK
  • how long you spend on each GOV.UK page
  • how you got to the site
  • what you click on while you’re visiting the site

We also receive the same information from other government digital services.

We make sure you cannot be directly identified by Google Analytics data. We do this by using Google Analytics’ IP address anonymisation feature and by removing any other personal data from the titles or URLs of the pages you visit.

We will not combine analytics information with other data sets in a way that would directly identify who you are.

SpeedCurve RUM software processes anonymised information about:

  • how well the pages performed on your device
  • performance bottlenecks your device experienced
  • JavaScript errors your device encountered

Find out more about how we use Google Analytics and other cookies on GOV.UK.

Why we need your data

We collect your personal data in order to:

  • gather feedback to improve our services, for example our email alerts
  • respond to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • allow you to access government services and make transactions
  • provide you with information about local services
  • monitor use of the site to identify security threats
  • monitor the performance of the site to identify inefficiencies and JavaScript errors

We use the information we collect through Google Analytics and SpeedCurve RUM to see how you use GOV.UK and to see how well the site performs on your device.

We do this to help:

  • make sure GOV.UK is meeting the needs of its users
  • make improvements, for example improving site search
  • make performance improvements, for example improving page load time and data usage

We combine Google Analytics information with similar data from other government digital services to help understand and improve user journeys within GOV.UK and other government digital services.

The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of GOV.UK.

The legal basis for processing data collected with Google Analytics and SpeedCurve RUM on GOV.UK and other government digital services is your consent.

The legal basis for processing all other personal data is that it’s necessary:

  • to perform a task in the public interest
  • in the exercise of our functions as a government department

What we do with your data

The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

The data we collect with Google Analytics cookies is transferred and stored with Google where we analyse it with Google Analytics software (Universal Analytics). We do not allow Google to use or share this data for their own purposes.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

We will:

  • keep your email data until you unsubscribe
  • keep your feedback data for 2 years
  • delete access log data which contain your IP address after 120 days

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics and SpeedCurve RUM may be transferred outside the EEA for processing.

Where data processing happens in the US, suppliers need to meet the certification standards set out in the UK-US data bridge agreement. This facilitates flows of personal data to certified US companies that have opted in to the EU-US Data Privacy Framework.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Privacy Team.

GOV.UK contains links to other websites.

This privacy notice only applies to GOV.UK, and does not cover other government services and transactions that we link to. These services, such as Universal Credit, have their own terms and conditions and privacy policies.

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

If you come to GOV.UK from another website, we may receive personal information from the other website. You should read the privacy policy of the website you came from to find out more about this.

Contact us or make a complaint

Contact the Privacy Team if you:

  • have a question about anything in this privacy notice
  • think that your personal data has been misused or mishandled

You can also contact our Data Protection Officer (DPO):

Data Protection Officer
DPO@cabinetoffice.gov.uk
Cabinet Office
70 Whitehall
London
SW1A 2AS

The DPO provides independent advice and monitoring of our use of personal information.

You can also make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner
icocasework@ico.org.uk
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, GDS will take reasonable steps to let you know.

Last updated 24 November 2023