On this page

 Analytics

When you visit www.ico.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do  collect personal data  through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

Cookies

You can read more about how we use cookies on our Cookies page. We use a cookies tool on our website which relies on implied consent of users.  In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.

Search engine

Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.

Security and performance

We use a third-party web application firewall from Zenedge UK to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Zenedge processes site visitors’ IP addresses.

We rely on the Privacy Shield Framework to transfer this information to Zenedge’s servers which are located in the US. They hold the information  for seven days.

Eduserv hosts our website in the UK and holds traffic information for 12 months..

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.  

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.