The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

 Analytics

When you visit www.ico.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We use the information to report on visitor numbers, and to make improvements to our service.

This information is collected only if visitors opt in. The information collected is classed as personal data because Google assigns a unique identifier to each visitor. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

We have measures to protect the information collected, which include: limiting the amount of data collected (including not collecting full IP addresses), setting a retention schedule, restricting access to our Google Analytics data, and regularly reviewing our use of analytics.

We keep analytics data for 14 months from a visitor’s last visit.

Cookies

We use a cookies tool on our website to gain consent for the optional cookies we use.

Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.

Search engine

Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.

Security and performance

We use a third-party web application firewall from Cloudflare to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Cloudflare processes site visitors’ IP addresses.

We host our website in Microsoft Azure in the UK and keep traffic information for 12 months.

Purpose and lawful basis for processing

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the UK GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests. For example in order to maintain the integrity of our IT systems and the continuity of our business.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.