Privacy notice: how we use your data

The GOV.UK Design System brings together the latest research, design and development from across government to make sure it’s representative and relevant for its users.

To add to and improve the Design System, the team reviews proposals and works with contributors to publish new entries and improve existing ones.

The GOV.UK Design System is provided by the Government Digital Service (GDS) which is part of the Cabinet Office. The data controller for GDS is the Cabinet Office - a data controller determines how and why personal data can be processed.

Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

Why we need your data

For a number of the activities that we undertake to complete our function, we need to process personal data. The purposes are to manage and coordinate the GOV.UK Design System and contributions from the community.

This includes:

  • contribution process, including working with you on contributions, where you’ve proposed to add or improve part of the Design System
  • support, including both the provision of support and responses to user enquiries
  • feedback, including gathering it to improve our services, and responding to it, if you have asked us to
  • community, which includes telling you about updates to the Design System, and how to contribute to the Design System and collaborate with the community, if you’ve asked us to

What data we collect from you

We collect certain information and data about you when you use the GOV.UK Design System.

We collect your:

  • name
  • business contact details
  • user profile on collaboration tools and platforms

If you sign up to our mailing list, we’ll collect your:

  • name
  • email address and business contact details

The legal basis for processing this data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This is because the GOV.UK Design System brings together the latest research, design and development from across government to make sure it’s representative and relevant for its users.

Performance analysis

We also carry out performance analysis to see how you use the GOV.UK Design System and how well the site performs on your device during your visit – we do this to make sure it is meeting the needs of its users and improve it.

Where you provide consent, we collect the following information:

  • your IP address
  • the pages you visit on the GOV.UK Design System
  • how long you spend on each GOV.UK Design System page
  • how you got to the site
  • what you click on while you’re visiting the site

The legal basis for performing web analytics is your consent. You will be asked for your consent when first landing on the page. If you do not give it, you will still be able to use the page. If you do give it and change your mind, you can update your cookie settings.

How long we keep your data

We will only keep your personal data for as long as:

  • the law requires us to
  • we need for the purposes listed above

This means that we will only hold your personal data for a minimum of 1 year and a maximum of 7 years.

If you have signed up to our mailing list, your email address will only be retained while you choose to remain on the list.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may be transferred outside the United Kingdom while being processed by GDS. If this happens, we’ll make sure you’re given the same level of technical and legal protection as you are within the United Kingdom.

Providers we use

As part of GOV.UK Design System we share your personal data with data processors who provide us with:

  • software collaboration platforms when you share research, feedback or make a contribution
  • mailing list providers when you sign up to receive emails from us
  • support providers when you contact us for assistance
  • web analytics services

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS are required to keep that data secure.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected without undue delay

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If your personal data is processed on the basis of consent, you have the right to:

  • withdraw consent to the processing of your personal data at any time
  • request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format

Find out more information about your rights.

Questions and complaints

Contact the GDS Privacy Office if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SAR)

The contact details for the data controller are: Cabinet Office (Government Digital Service), The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS, or gds-privacy-office@digital.cabinet-office.gov.uk.

The contact details for the data controller’s Data Protection Officer are: Stephen Jones, Data Protection Officer, Cabinet Office, 70 Whitehall, London, SW1A 2AS, or dpo@cabinetoffice.gov.uk.

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or icocasework@ico.org.uk.

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.

Last updated 15 September 2021