Privacy notice: How we use your data
Date last modified: 17/05/2018
Who we are
GOV.UK Registers is a data service that’s built and maintained by the Government Digital Service, part of the Cabinet Office ("GDS", "we", "us", "our"). We and other organisations use GOV.UK Registers to access government data. To do that, we collect, process and store certain data about you.
This privacy notice explains:
- the kinds of data we collect and process in order to provide the service
- how that data is used
- how that data is protected
- how you can find out what rights you have in relation to your data
GOV.UK Registers is provided by the Government Digital Service (GDS).
The data controller for GDS is the Cabinet Office – a data controller determines how and why personal data is processed.
What data we need
The personal data we collect from our users can include:
- your name
- your email address
- your organisation
- your IP address
- unique identifiers, such as session cookies
We need this information to provide a service that is in the public interest. The data we host on GOV.UK Registers can be used by the public to access government information.
Why we need your data
As a government service, we want to make sure GOV.UK Registers works for everyone. We collect and process data about you to help us understand more about our users and improve our service.
We also need to keep personal information for anyone who creates an API key. For example, so we can revoke your API key or update your details if you ask us to. API keys are tokens used to identify the origin of requests to our APIs. We use API keys to track and control how our APIs are being used.
What we do with your data
We store the data you provide to:
- send you updates and notices
- compile usage reports for internal use
- revoke your API key or update your details if you ask us to
We will not:
- sell or rent your data to 3rd parties
- share your data with 3rd parties for marketing purposes
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only retain your personal data for as long as:
- the law requires us to
- we need to provide this service
In general, this means that we will only hold their personal data for a minimum of 90 days and a maximum of 2 years.
Children’s privacy protection
We understand the importance of protecting children’s privacy online. Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
All personal data on GOV.UK Registers is processed, stored and managed entirely in the European Economic Area (EEA), and will not be transferred outside of it. This means that it is covered by EU Data Protection regulations.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All 3rd parties who process personal data for GDS are required to keep that data secure.
What are your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Data Protection Officer.
Changes to this notice
We may change this privacy notice. In that case the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.
Questions and complaints
The data controller for your personal data is the Cabinet Office.
Contact the Data Protection Officer if you either:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
Data Protection Officer
London SW1A 2AS
If you have a complaint, you can also contact the Information Commissioner, who is an independent regulator set up to uphold information rights.
Information Commissioner’s Office
0303 123 1113
Cheshire SK9 5AF