- Search engine
- Security and performance
- Purpose and legal basis for processing
- What are your rights?
When you visit www.ico.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
We use a cookies tool on our website to gain consent for the optional cookies we use.
Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.
We use a third-party web application firewall from Oracle Dyn to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Dyn processes site visitors’ IP addresses.
We rely on the Privacy Shield Framework to transfer this information to Dyn’s servers which are located in the US. They hold the information for seven days.
We host our website in Microsoft Azure in the UK and keep traffic information for 12 months.
The Browsealoud service allows site visitors to get the site read aloud, simplify and adjust the site, and translate the content into different languages. This is provided by Texthelp.
When requests are made to read the content aloud, the content is encrypted and sent to Texthelp to be converted to audio. It is then sent back using the same encryption. When requests are made to translate the content, the content is similarly sent to and from the Google Translate service.
Browsealoud does not collect or store any identifiable personal information.
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Article 6(1)(a) of the GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests. For example in order to maintain the integrity of our IT systems and the continuity of our business.
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
For more information on your rights, please see ‘Your rights as an individual’.