User support privacy notice
Published 17 May 2018
User support for the GOV.UK website and other GDS services is provided by the Government Digital Service (GDS), which is part of the Cabinet Office.
The GDS user support team provides assistance and guidance for people using the GOV.UK website and other GDS services. We answer most enquiries directly, but in some cases we will forward the user’s information onto the relevant government department so that they can provide more detailed and specific advice.
We currently use Zendesk to process and store records of communications with users.
The data controller for GDS is the Cabinet Office. A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.
What data we need
The personal data we collect from you includes:
- questions, queries or feedback you leave, including your email address if you contact GOV.UK
- your Internet Protocol (IP) address
The legal basis for processing this data is to perform a task in the public interest that is set out in law - specifically to answer questions and provide other assistance to public enquiries.
If we get sensitive personal data
If we get enquiries that contain sensitive personal data (for example National Insurance numbers or credit card or bank details) we will:
- delete this immediately
- tell you what we’ve done
- tell you not to share similar information with us in future
- give you details of government organisations that could help you (if relevant)
Once we’ve deleted sensitive personal data it cannot be retrieved by GDS staff. Your email and contact details will however be kept, in line with our retention schedule.
Why we need your data
We need to retain user email addresses for a limited period of time in order to provide responses to user enquiries.
What we do with your data
We will reply with the relevant information to the email address you provide, or direct your request to the department, agency, or other government body best placed to provide a response.
In line with security and information assurance protections, we will also retain email addresses for spam contacts submitted in order to reduce the incidence of such spam and free up time to deal with legitimate enquiries.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only retain your personal data for as long as:
- it is needed for the purposes set out in this document
- the law requires us to
In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 16 months.
We’ll delete the names, email contact details, and complete records of previous email contacts from members of the public who have contacted us previously if we have heard nothing further for at least 1 year.
Children’s privacy protection
Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
Your personal data may, throughout the course of its processing at GDS, be transferred outside of the European Economic Area (EEA). Where this is the case, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it to be processed
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Data Protection Officer.
Changes to this policy
We may change this privacy policy. In that case, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.
If such changes affect how your personal data is processed GDS will take reasonable steps to let you know.
How to contact us
Contact the Data Protection Officer if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
If you have a complaint, you can also contact the Information Commissioner, who is an independent regulator set up to uphold information rights.
Information Commissioner's Office
Email [email protected]
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860