Last update: 12 February 2025

GOV.UK Internal Access is an access platform for government departments, agencies and crown bodies. In order to make the service secure and available we need to collect, process and store personal data.

• What data we collect
• Recipients
• Retention
• Data subject rights
• International transfers
• Cookies
• Questions and complaints
• Changes to this notice

What data we collect

The personal data we collect may include:

• your email address
• the organisation you work for
• the profession and function you work in
• your IP address
• your browser and connection details

Recipients

Your personal data may be shared with security teams in your organisation in relation to security incidents, for instance if malicious behaviour is detected.

Retention

Your personal data is retained so long as you are an active user of this service, and for one year for security purposes. IP addresses, browser and connection details is retained for one year for security purposes.

Data subject rights

You have the right to:

• request information about how your personal data are processed, and to request a copy of that personal data.
• request that any incomplete personal data are completed, including by means of a supplementary statement.
• request that your personal data are erased if there is no longer a justification for them to be processed.
• request, in certain circumstances (for example, where accuracy is contested), that the processing of your personal data is restricted.
• object to the processing of your personal data where it is processed for direct marketing purposes.
• object to the processing of your personal data.
• withdraw consent to the processing of your personal data at any time.
• request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.

International transfers

All processing is based in the UK on DSIT-managed cloud infrastructure using Amazon Web Services.

Cookies

We only use cookies that are required for the service to work, these include:

• __Host-Session-SSO - a required cookie to manage your user session
• __Host-Browser-SSO - a required cookie that is a security feature
• __Host-RememberMe-SSO - an optional cookie that's set when you use the 'Remember Me' function, this is only set after successful sign in

Questions and complaints

The contact details for our Data Protection Officer are:

You may also make a complaint to the Information Commissioner, who is an independent regulator set up to uphold information rights.

Changes to this notice

We may change this privacy notice. In that case the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, the Department for Science, Innovation and Technology (DSIT) will take reasonable steps to make sure you know.