The ICO exists to empower you through information.

We meet visitors at our head office, including:

  • dignitaries;
  • external training providers;
  • job applicants;
  • suppliers and tradespeople;
  • stakeholders; and
  • organisations we may be interviewing about their processing.

If your visit is planned, we’ll send your name and visit information to reception before your visit – so that we can print a personalised badge for your arrival.

If you arrive without an appointment, you will be given a generic visitor badge.

You must wear a pass throughout your visit. Personalised badges will be destroyed when you leave the premises.

We ask all visitors to sign in and out at reception and show a form of ID. The ID is for verification purposes only, we don’t record this information.

Closed-circuit television (CCTV) operates outside the building for security purposes. The information is viewed by us on a live feed and we don’t record it.

The purpose for processing this information is for security and safety reasons. The lawful basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. 

We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password.

We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received.

We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.

The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The lawful basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. We use a data processor, Palo Alto Networks, for VPN and Proxy services.

We sometimes record audio and video of training sessions delivered by external training providers for distribution to ICO staff not in attendance. We don’t do this without the prior agreement of the training provider and no recordings are shared outside of the ICO. The lawful basis we rely on to process personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when it is necessary for the performance of our public task. 

For information about how long we hold personal data, see our retention schedule.

We ask visitors to our regional offices to show some form of ID, but this will not be recorded anywhere and is purely for ID verification.

Any CCTV used in our regional offices or London office is not operated by us, so we are not the controller. It will be under the control of the relevant building landlord.