IT secure platform privacy notice
Updated 18 November 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/government-digital-service-it-platform-privacy-notice/it-secure-platform-privacy-notice
The IT platform and operating system are provided by the Government Digital Service (GDS) which is part of the Cabinet Office.
The data controller for GDS is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
Why we need your data
We process your personal data in order to:
- provide a secure IT platform and operating system so that staff can do their jobs
- set up and remove user accounts
- test and pilot new technology to develop, expand or upgrade the platform
- monitor the system for potential abuses of the ICT Acceptable Usage Policy, or for fraudulent or criminal activity
- monitor threats to the system, identifying and fixing technical issues, and identifying and tackling cyber security risks
- support the GDS threat intelligence team in producing daily, weekly and monthly threat updates for staff by creating algorithms and programs that help us spot problem accounts and take remedial activities to support our systems
- compile anonymised office occupancy statistics and report on overall numbers of staff attending Cabinet Office locations, in order to monitor overall office usage and help inform the Cabinet Office’s future estates strategy
What data we collect from you
We process the following personal data:
- name
- job title
- email addresses
- telephone numbers
- office location and team membership
- web access logs and records of usage of the system including all emails
- IP address
The legal basis for processing your personal data is legitimate interest.
Our legitimate interest relates to monitoring threats to the system, identifying and fixing technical issues, and identifying and tracking cyber security risks. This is necessary to maintain the integrity of our IT system and the continuity of our business.
It’s also necessary for the performance of your employment contract.
Who we share your data with
As part of communications between government departments, we share your personal data with data processors who provide us with a collaboration service and IT software.
You can read Mailchimp’s own privacy policy.
How long we keep your data
Your personal data will be kept for as long as you are in a role where you use the secure IT platform. Once you leave that role, the information will be deleted when the local records are updated. This will be at least once a year.
For Mailchimp, data will be retained for as long as the accounts are maintained and data will be deleted once the accounts are closed.
Your rights
You have the right:
- to request information about how your personal data is processed, and to request a copy of that personal data
- to request that any inaccuracies in your personal data are rectified without delay
- to request that any incomplete personal data is completed, including by means of a supplementary statement
- to request that your personal data is erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- to object to the processing of your personal data where it is processed for direct marketing purposes
In relation to monitoring threats to the system, identifying and fixing technical issues, and identifying and tackling cyber security risks:
- you have the right to object to the processing of your personal data
In relation to all other data:
- you have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format
Where your data is stored
Your data is stored in Mailchimp and our internal IT systems.
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses and the suppliers membership in the Privacy Shield scheme.
We also design, build and run our systems to make sure that your data is as safe as possible at every stage, both while it’s processed and when it’s stored.
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.
Questions and complaints
Contact the GDS Privacy Team if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SARS)
Cabinet Office (Government Digital Service)
The White Chapel Building
10 Whitechapel High Street
London
E1 8QS
Email: gds-privacy-office@digital.cabinet-office.gov.uk
The contact details for our Data Protection Officer are:
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email icocasework@ico.org.uk
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860