On this page

 Analytics

When you visit www.ico.org.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do  collect personal data  through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

Cookies

We use a cookies tool on our website to gain consent for the optional cookies we use.

Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.

You can read more about how we use cookies, and how to change your cookies preferences, on our Cookies page.

Search engine

Our website search and decision notice search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.

Security and performance

We use a third-party web application firewall from Oracle Dyn to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Dyn processes site visitors’ IP addresses.

We rely on the Privacy Shield Framework to transfer this information to Dyn’s servers which are located in the US. They hold the information  for seven days.

We host our website in Microsoft Azure in the UK and keep traffic information for 12 months.

Browsealoud

The Browsealoud service allows site visitors to get the site read aloud, simplify and adjust the site, and translate the content into different languages. This is provided by Texthelp.

When requests are made to read the content aloud, the content is encrypted and sent to Texthelp to be converted to audio. It is then sent back using the same encryption. When requests are made to translate the content, the content is similarly sent to and from the Google Translate service.

Browsealoud does not collect or store any identifiable personal information.

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.  

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.