Open Notes email newsletter privacy notice: how we use your data
Open Notes is a newsletter about the work at the Government Digital Service (GDS), provided by GDS, which is part of the Cabinet Office. The data controller for GDS is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
The newsletter is managed and sent via Mailchimp. Mailchimp is the data processor.
What data we collect from you
The personal data we collect from you will include:
- email address
Our legal basis for processing your data
The legal basis for processing this data is Consent. You consent to receiving a newsletter via email.
Why we need your data
We collect personal data in order to:
- add you to the Open Notes mailing list
- send you the Open Notes newsletter
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only keep your personal data for as long as you subscribe to Open Notes. If you withdraw your consent at any time, we will remove you from the mailing list, and delete your personal data. At regular intervals we will draw subscribers attention to their right to withdraw their consent (unsubscribe).
Who we share your data with
As part of delivering the Open Notes newsletter we share your personal data with an email service provider which acts as the data processor.
Where your data is processed and stored
As your personal data is stored on our IT infrastructure and shared with our data processors, it may be transferred and stored securely outside the United Kingdom. Where that is the case it will be subject to equivalent legal protection through the use of International Data Transfer Agreements or Adequacy Decisions.
We also design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. To prevent unauthorised access or disclosure we have put in place technical and organisational procedures to secure the data we collect about you – for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.
Children’s privacy protection
We don’t design or promote services for children who are 13 years of age or younger, and we don’t intentionally collect or keep data about anyone under the age of 13.
You have the right to:
- withdraw consent to the processing of your personal data at any time
- request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format
Find out more information about your rights.
Questions and complaints
Contact the GDS Privacy Office if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SAR)
The contact details for the data controller are: Cabinet Office (Government Digital Service), The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS, or email@example.com.
The contact details for the data controller’s Data Protection Officer are: Stephen Jones, Data Protection Officer, Cabinet Office, 70 Whitehall, London, SW1A 2AS, or firstname.lastname@example.org.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or email@example.com.
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Changes to this notice
We may change this privacy notice. When we make changes to this notice, we will add a change note at the bottom of the page. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.