GOV.UK app privacy notice: how we use your data
What data we collect from you when you use the GOV.UK app, what we do with your data, how long we keep it for, and how we protect it and keep it secure.
This privacy notice is for the version of the GOV.UK app that will be available to the public from July.
The GOV.UK app is available on Android and iPhone. You can use it to:
- access pages on GOV.UK
- save topics that are relevant to you
- save a link to your local council’s website
- keep a record of pages you’ve visited before
- get notifications
The GOV.UK app is provided by the Government Digital Service (GDS) which is part of the Department for Science, Innovation & Technology (DSIT).
The data controller for GDS is DSIT - a data controller determines how and why personal data can be processed.
This privacy notice is for the GOV.UK app itself. There’s a separate privacy notice for the GOV.UK website.
Data we collect from you
Signing in with GOV.UK One Login
You need to sign in with a GOV.UK One Login to access the app. You can use your existing GOV.UK One Login or create an account.
GOV.UK One Login has its own privacy notice, which is separate from this privacy notice.
Your GOV.UK One Login will only be used to give you access to the app. You cannot use the app to prove your identity with GOV.UK One Login.
We collect the email address you used to create a GOV.UK One Login, so that you can sign in and access the app.
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
Selecting relevant topics
You can customise the app by selecting topics that are relevant to you. These topics will be displayed on the app home page so you can access them quickly.
The topics you’ve selected are stored locally on your phone - we cannot view them. You can choose to delete them at any time and they will be removed from your phone when you delete them.
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
The topics you select in the app may disclose special category data about you, for example if you select ‘Health and disability’. Under UK law, DSIT is required to have an additional legal basis to process it. DSIT processes special category data on the legal basis that the processing is necessary for reasons of substantial public interest. UK law also requires DSIT to meet a specific substantial public interest condition from the UK Data Protection Act 2018. DSIT relies on the following condition:
- statutory and government purposes (paragraph 6, schedule 1, Data Protection Act 2018)
Previous searches
The app will store a list of terms you search for. This list will be displayed when you tap on the search box in the app.
These search terms are stored locally on your phone - we cannot view them. You can choose to delete them at any time and they will be removed from your phone when you delete them.
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
Entering your postcode
You can enter your postcode to add a link from the app home page to your local council’s website. We only use your postcode to find out what your local council is. It’s not saved or shared anywhere.
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
Notifications
You can choose to receive notifications from the app. These notifications will be about things like important dates and deadlines, services you might find useful and new features that have been added to the app.
Our notifications provider, OneSignal, collects information about how you use the app so that we can provide personalised notifications. This information includes:
- when you first used the app
- when you most recently used the app
- how many times you’ve used the app
- how long you spend on the app
See a full list of the information OneSignal collects from you.
OneSignal cannot directly identify you from this data.
The legal basis for processing this data is your consent. When you first open the app you will be asked whether you consent to sharing statistics about how you use the app in order to get notifications.
If you do not give your consent, you will not be able to get notifications, but you will still be able to use the app, and OneSignal will not collect information about how you use the app.
If you do give consent but then change your mind, you can update this at any time in the app’s settings page.
Measuring app use
We collect information about:
- the pages you visit within the app and how long you spend on each page
- what you tap on while you’re on each page
- the terms you search for in the app
- your device’s make and model number
- your device’s Android or iOS version number
- errors that happen while you’re using the app
We store this information on your phone and then send it to Google Analytics and Amazon Web Services.
We make sure that we cannot directly identify you from this data. We do this by removing any personal data from the titles or URLs of the pages you visit. We do not store your IP address.
We will not combine analytics information with other data sets in a way that would directly identify who you are.
We collect this information to:
- make sure the app is meeting the needs of its users
- learn about how users use the app so that we can improve it
- monitor the use of the app for security threats
- monitor the performance of the app to identify inefficiencies and errors
The legal basis for processing this data is your consent. When you first open the app you will be asked whether you consent to sharing statistics about how you use the app. If you do not give your consent, you will still be able to use the app. If you do give consent but then change your mind, you can update this at any time in the app’s settings page.
Strictly necessary data
We store a small file on your device to remember essential information about whether you’ve:
- opened the app before
- already agreed to share statistics about how you use the app
- already agreed to share information about topics you’re interested in
This is so you’re not asked the same questions every time you open the app.
You cannot use the app without this data.
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
When you contact us
If you contact us about the GOV.UK app we’ll collect:
- your email address
- your device’s make and model number
- your device’s Android or iOS version number
- any other personal information you choose to include in your message
We use your email address to respond to your message, if you’ve asked us to. We’ll use the other data to:
- help users resolve problems they’re having with the app
- understand the problems users are having with the app so that we can improve the app
- monitor the performance of the app to identify inefficiencies and errors
The legal basis for processing this data is:
- it’s necessary to perform a task in the public interest
- it’s necessary in the exercise of our functions as a government department
What we do with your data
The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
How long we keep your data
We will only keep your personal data for as long as:
We will only keep your personal data for as long as:
- the law requires us to
- we need it for the purposes listed in the ‘Data we collect about you’ section of this privacy notice
You can customise the app by selecting topics that are relevant to you. These topics will be displayed on the app home page so you can access them quickly. The topics you’ve selected are stored locally on your phone - we cannot view them. You can choose to delete them at any time and they will be removed from your phone when you delete them.
We make sure that we cannot directly identify you from data about how you use the app. We do this by removing any personal data from the titles or URLs of the pages you visit. We do not store your IP address.
We will not combine analytics information with other data sets in a way that would directly identify who you are.
We will keep data we collect about how you use the app for up to 38 months.
We will keep data we collect when you contact us for 1 year after the last message you send to us.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible, both while it’s processed and when it’s stored.
All personal data is stored in the United Kingdom or European Economic Area (EEA).
Data collected by Google Analytics and OneSignal may be transferred outside the EEA for processing.
Where data processing happens in the US, suppliers need to meet the certification standards set out in the UK-US data bridge agreement. This facilitates flows of personal data to certified US companies that have opted in to the EU-US Data Privacy Framework.
Who we share your data with
As part of the GOV.UK app, we share your personal data with data processors who:
- provide us with tracking and analysis of usage statistics
- provide us with error reporting
- allow us to respond to user feedback and support requests
- allow us to send notifications to users
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS are required to keep that data secure.
Children’s privacy protection
We do not design or promote services for children who are 13 years of age or younger, and we do not intentionally collect or keep data about anyone under the age of 13.
Your rights
You have the right to request:
- information about how your personal data is processed, and to request a copy of that personal data
- that any inaccuracies in your personal data is rectified without delay
- that any incomplete personal data is updated - you can include the missing information in your request
- that your personal data is erased if there is no longer a justification for it to be processed
- that the processing of your personal data is restricted in certain circumstances - for example, where accuracy is contested
If you gave your consent for us to collect and process your data, you have the right to:
- withdraw your consent - this can be done at any time
- request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format
Questions and complaints
Contact the GDS Privacy Office if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request
The contact details for the data controller are:
Government Digital Service
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG
gds.data.protection@dsit.gov.uk
The contact details for the data controller’s Data Protection Officer are:
DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG
dataprotection@dsit.gov.uk
The Data Protection Officer provides independent advice and monitoring of DSIT’s use of personal information.
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
casework@ico.org.uk
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.