When you call our main helpline (0303 123 1113), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it’s not withheld). We hold a log of the phone number, date, time and duration of the call, but do not audio record the call itself. We hold this information for 90 days.
We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.
We don’t audio record any calls, but we might make notes to help us answer your query. Other ICO staff may also listen in during your call for training or quality assurance purposes.
We sometimes conduct surveys on our helpline to help us identify trends in the enquiries we receive and improve how we operate. If you are a controller we may ask if you have paid your data protection fee and enquire about your use of our website and guidance resources. If you require a follow up call we will also ask you to provide us with your contact details.
We use a translation service provided by Language Line Limited for customers when English is not their first language. We don’t retain call scripts and neither do Language Line. It is processed live for the purposes of translating the call.
We welcome calls in Welsh on 0330 414 6421. Rydym yn croesawu galwadau yn Gymraeg ar 0330 414 6421.
We operate a textphone service which is particularly useful if you are deaf, hard of hearing or speech impaired. We do not keep any call information or messages left on the phone.
We also hold statistical information about the calls we receive for a number of years, but this does not contain any personal data.
We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations.
We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint. When contacting the ICO through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.
We use a third-party provider, GCI, to supply and support our live chat service.
If you use our live chat service we’ll collect the contents of your live chat session and if you choose to provide it your name and email address. GCI retains this data for us for 100 days.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.
We use machine learning tools to review the content of emails sent to us. We use this information to train our systems, gain insight into demand for our services and to improve how we operate. You may receive an automatic reply, your original email request will remain unaltered and will be processed by ICO staff.
We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
The lawful basis we rely on to process personal data for the above purposes is article 6(1)(e) of the UK GDPR which allows us to process personal data when this is necessary to perform our public task as a regulator.