Guidance

User support privacy notice

Updated 13 April 2026

User support for the GOV.UK website and other GDS services is provided by the Government Digital Service (GDS), which is part of the Department for Science, Innovation and Technology (DSIT)

The GDS and DSIT user support teams provide assistance and guidance for people using the GOV.UK website and other GDS and DSIT services. We answer most enquiries directly, but in some cases we will forward the user’s information onto the relevant government department so that they can provide more detailed and specific advice.

We currently use Zendesk to process and store records of communications with users.

The data controller is DSIT, as the parent organisation for GDS. A data controller determines how and why personal data is processed.  Read DSIT’s registration details with the Information Commissioner’s Office for more information.

What data we need

The personal data we collect from you includes:

• questions, queries or feedback you leave, including your email address if you contact GOV.UK
• your Internet Protocol (IP) address

The legal basis for processing this data is to perform a task in the public interest that is set out in law - specifically to answer questions and provide other assistance to public enquiries.

If we get sensitive personal data

If we get enquiries that contain sensitive personal data (for example National Insurance numbers or credit card or bank details) we will:

• delete this immediately
• tell you what we’ve done
• tell you not to share similar information with us in future
• give you details of government organisations that could help you (if relevant)

Once we’ve deleted sensitive personal data it cannot be retrieved by GDS or DSIT staff. Your email and contact details will however be kept, in line with our retention schedule.

Why we need your data

We need to retain user email addresses for a limited period of time in order to provide responses to user enquiries.

What we do with your data

We will reply with the relevant information to the email address you provide, or direct your request to the department, agency, or other government body best placed to provide a response.

In line with security and information assurance protections, we will also retain email addresses for spam contacts submitted in order to reduce the incidence of such spam and free up time to deal with legitimate enquiries.

We will not:

• sell or rent your data to third parties
• share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

• it is needed for the purposes set out in this document
• the law requires us to

In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 16 months.

We’ll delete the names, email contact details, and complete records of previous email contacts from members of the public who have contacted us previously if we have heard nothing further for at least 1 year.

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may, throughout the course of its processing at GDS, be transferred outside of the European Economic Area (EEA). Where this is the case, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right:

• to request information about how your personal data is processed, and to request a copy of that personal data
• to request that any inaccuracies in your personal data are rectified without delay
• to request that any incomplete personal data is completed, including by means of a supplementary statement
• to request that your personal data is erased if there is no longer a justification for them to be processed
• in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
• to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If such changes affect how your personal data is processed, GDS and DSIT will take reasonable steps to let you know.

How to contact us

Contact the GDS and DSIT Data Protection Team if you:

• have any questions about anything in this document
• think that your personal data has been misused or mishandled
• want to make a subject access request (SAR)

GDS Data Protection Team
gds.data.protection@dsit.gov.uk

The contact details for our Data Protection Officer are:

Data Protection Officer
dataprotection@dsit.gov.uk

If you have a complaint, you can also contact the Information Commissioner’s Office, which is an independent regulator set up to uphold information rights.

Information Commissioner's Office

Email icocasework@ico.org.uk

Telephone 0303 123 1113

Textphone 01625 545 860