The ICO exists to empower you through information.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

Cookies

We use a cookies tool on our website to gain consent for the optional cookies we use.

Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.

Analytics

We use Silktide analytics on our website. Silktide analytics collects information about how visitors use our website. We use the information to compile reports and to help us improve the website. We collect information including the number of visitors to the website, where visitors have come to the website from and the pages they visited. The information is collected and processed in a way that does not directly identify anyone. Once the information is collected, the IP address and browser details of a visitor is used to create a 'magic number' that changes every 24 hours. The IP address and specific browser details are immediately forgotten. We rely on consent as our lawful basis for processing and only collect the analytics information if you opt-in to the use of non-essential cookies and similar technology.

Search engine

Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.

Security and performance

We use a third-party web application firewall from Cloudflare to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Cloudflare processes site visitors’ IP addresses.

We host our website in Microsoft Azure in the UK and keep traffic information for 12 months.

We use Shout Digital Ltd to develop and support our website and digital services. They may have access to the personal data you share with us via our website, but only where this is necessary for them to provide us with this support.

Purpose and lawful basis for processing

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the UK GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests. For example in order to maintain the integrity of our IT systems and the continuity of our business.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.