Bluepoint privacy notice
Published 19 June 2018
Bluepoint is the visitor management tool used by Derwent, the owners of the White Chapel Building where the Government Digital Service (GDS) is based. Bluepoint is used to invite and track external visitors in the building. Derwent needs accurate information about visitors to make sure the building meets security, and health and safety standards.
The data controller is Derwent – a data controller determines how and why personal data can be processed. Bluepoint is the processor of Derwent’s personal data and also the processor of personal data for GDS’s visitors to the building.
GDS staff add visitor names to the Bluepoint system by using the Bluepoint website.
Bluepoint is provided by Digital Forge Ltd. Read Bluepoint’s privacy notice.
What data we collect from you
The personal data we collect from you will include:
- your name
- your email address - only if the GDS person arranging your building pass sends you an invitation through the Bluepoint website
The legal basis for processing this data is:
- vital interest - Derwent needs to make sure visitors to the building are aware of health and safety procedures in case of fire or security incidents
- legal obligation - Derwent needs information for compliance with building and site regulations
- legitimate interests - Derwent uses Bluepoint to process this data so that GDS can use White Chapel Building services (like the reception desk)
Why we need your data
We need your data to:
- make sure we have accurate information about who enters the building and when they leave
- maintain the safety and security of all building tenants
What we do with your data
The Bluepoint system is a visitor management system only. The data processed is used by:
- the White Chapel Building reception team (as Derwent employees)
- Bluepoint software (provided by Digital Forge Ltd)
- GDS’s estates management team
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only keep your personal data for as long as:
- the law requires us to
- we need for the purposes listed above
This means that we will only hold your personal data for 1 year from the time of your last visit to the building.
Where your data is processed and stored
All personal data on Bluepoint is processed, stored and managed entirely in the European Economic Area (EEA), and will not be transferred outside of it. This means that it is covered by EU data protection regulations.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for GDS are required to keep that data secure.
Children’s privacy protection
We don’t design or promote services for children who are 13 years of age or younger, and we don’t intentionally collect or keep data about anyone under the age of 13.
Your rights
You have the right to request:
- information about how your personal data is processed
-
a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that we only process your data in certain circumstances
If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.
Questions and complaints
Contact the Data Protection Officer if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SAR)
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email [email protected]
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860