Privacy notice: how we use your data

Last updated
11 January 2023

Who we are

GOV.UK Notify is a service that lets public service teams in the UK send emails, text messages, and letters to users of their service.

GOV.UK Notify is provided by the Government Digital Service (GDS) which is part of the Cabinet Office.

Organisations sending notifications using GOV.UK Notify are the data controller and Cabinet Office is the data processor. The data controller must tell you about what they are doing with your personal data.

For the credentials used to access GOV.UK Notify, Cabinet Office is the data controller.

For more information see the Information Commissioner’s Office (ICO) Data Protection Public Register. The Cabinet Office registration number is: Z7414053

What data we collect from you

The personal data we collect from public sector employees that create a GOV.UK Notify account includes:

  • your name
  • your email address
  • your mobile phone number
  • the IP address you use to access GOV.UK Notify

The legal basis for processing this data is ‘public task’ – allowing you to access GOV.UK Notify to send notifications to users of your public service.

Why we need your data

We need your personal data to ensure that only legitimate users of GOV.UK Notify can use it to send notifications.

What we do with your data

We use your data to check that you are allowed to access GOV.UK Notify and to record your activity when using it. We use third party suppliers to do this.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We’ll keep your personal data for as long as you have a GOV.UK Notify account.

When you ask us to close your account, we will delete your data within 1 year.

When we close your account we’ll delete your:

  • name
  • mobile phone number
  • GOV.UK Notify password

So we can carry out security audits, we’ll keep your email address and IP addresses for 1 year before we delete them.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data will be processed both in the UK and the European Economic Area (EEA). Your data receives the same level of protection in the EEA as it does in the UK through the safeguard of Adequacy Decisions.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. To prevent unauthorised access or disclosure we have put in place technical and organisational procedures to secure the data we collect about you – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.

Children’s privacy protection

We understand the importance of protecting children’s privacy online. Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain data about anyone under the age of 13.

What are your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Data Protection Officer - you can find their contact details below.

Changes to this notice

We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data.

Questions and complaints

Contact the GDS Privacy Team if you either:

  • have questions about anything in this document
  • think that your personal data has been misused or mishandled

GDS Privacy Team
gds-privacy-office@digital.cabinet-office.gov.uk

You can also contact the Cabinet Office Data Protection Officer.

Data Protection Officer
DPO@cabinetoffice.gov.uk
Data Protection Officer
Cabinet Office
70 Whitehall
London SW1A 2AS

If you have a complaint, you can also contact the Information Commissioner's Office (ICO). The ICO is an independent regulator set up to uphold information rights.

Information Commissioner’s Office
icocasework@ico.org.uk
0303 123 1113
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF