On this page
- Search engine
- Security and performance
- Purpose and legal basis for processing
- What are your rights?
When you visit www.ico.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.
Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.
We use a third-party web application firewall from Oracle Dyn to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Dyn processes site visitors’ IP addresses.
We rely on the Privacy Shield Framework to transfer this information to Dyn’s servers which are located in the US. They hold the information for seven days.
Eduserv hosts our website in the UK and holds traffic information for 12 months..
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
For more information on your rights, please see ‘Your rights as an individual’.