Privacy notice for the GOV.UK One Login website

Last updated: 20 November 2023

Who we are

GOV.UK One Login (sign-in.service.gov.uk) is provided by the Government Digital Service (GDS), part of the Cabinet Office.

GOV.UK One Login will let end users sign in to government services. This privacy notice is for government service teams who are interested in using GOV.UK One Login.

Cabinet Office is the data controller for pages starting with sign-in.service.gov.uk.

A data controller determines how and why personal data is processed. For more information, read the Cabinet Office’s entry in the Data Protection Public Register.

What data we collect

The personal data we collect from you includes:

  • your name, email address, job title and other information about the government service you run if you register your interest in using GOV.UK One Login or contact us to report an issue with a live service that’s using GOV.UK One Login.
  • your Internet Protocol (IP) address, and details of which version of web browser you used

We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.

Why we need your data

We collect your data to:

  • analyse the information you have provided about your service so that we can understand which services might use GOV.UK One Login
  • contact you about GOV.UK One Login
  • respond to any queries or feedback you send us, if you’ve asked us to

We also collect data to monitor use of the site to identify security threats.

Our legal basis for processing your data

The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of GOV.UK.

The legal basis for processing all other personal data is that it’s necessary:

  • to perform a task in the public interest
  • in the exercise of our functions as a government department

What we do with your data

We may share your data with our technology suppliers, for example our hosting provider.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

  • it is needed for the purposes set out in this document
  • the law requires us to

We will keep your feedback data for 2 years and any queries you raise for 1 year, unless you ask us to delete it.

We will delete access to log data after 14 days.

Children’s privacy protection

Our pages are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area(EEA).

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Privacy Team at gds-privacy-office@digital.cabinet-office.gov.uk

Contact us or make a complaint

Contact the Privacy Team at gds-privacy-office@digital.cabinet-office.gov.uk if you:

  • have a question about anything in this privacy notice
  • think that your personal data has been misused or mishandled

You can also contact our Data Protection Officer (DPO):

Data Protection Officer
DPO@cabinetoffice.gov.uk
Data Protection Officer
Cabinet Office
70 Whitehall
London SW1A 2AS

The DPO provides independent advice and monitoring of our use of personal information.

You can also make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner’s Office
casework@ico.org.uk

Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, GDS will take reasonable steps to let you know.