This information charter sets out the standards you can expect from the Department for Digital, Culture, Media and Sport when we collect, hold or use your personal information.
Personal data charter and privacy notice
The data controller
The Department for Digital, Culture, Media & Sport (DCMS) is the “data controller”. This means that we are responsible for any of your personal data that we collect or use. We will ensure that we will treat all personal information in accordance with data protection legislation, including the General Data Protection Regulation and Data Protection Act 2018.
When the DCMS or its agencies collects, holds, uses or processes in any way your personal data, you are entitled to be told:
- the purpose for which the data is being used, and our lawful basis for processing it
- how long we will keep your data, who we will share it with
- whether it will be transferred or accessed outside the UK or EU, and what legal safeguards are in place to protect it
- about any rights you may have, including the right to access your information, or to object to its being used
- about your right to complain to the Information Commissioner if you feel that your personal information has been mishandled
- about the identity of our Data Protection Officer (an independent advisor on data protection matters)
Why we collect the data
When we ask for your personal data, we promise only to ask for what we need, and to make sure you know why we need it. If it includes contact details, we will also tell you anything else that we may use it to contact you about and whether you can say no. If you do say yes to us contacting you about other things, you can withdraw your consent at any time.
Why we are legally allowed to process your data
The reasons that we can use to collect or use your personal data are set out in law. Most of the time, this will be because it is necessary for us in our work as a public body (Article 6(1)(e) of the General Data Protection Regulation, the law which applies to personal data).
When we collect or use your personal data under any other lawful basis we will let you know which part of the law we are using.
Sharing your data
We will let you know if we are going to share your personal data with other organisations – and whether you can say no. You can ask us for details of agreements we have with other organisations for sharing your information.
If you write to us on a subject that is not our policy area, and the response needs to come from another government department, we will transfer your correspondence, including the personal data, to that department.
You can also ask us for details of any circumstances in which we can pass on your personal data without telling you. This might be, for example, to prevent and detect crime or to produce anonymised statistics.
We won’t make your personal data available for commercial use without your specific permission.
Keeping your data
We will only keep your personal data as long as we continue to have a lawful basis to do so. This will usually mean that it is still necessary for our work as a public body. This will be decided by our ongoing business need and any laws or government policies that affect how long we keep it. We have a “retention schedule” that sets out how long we will keep different types of information for.
The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:
(a) know that we are using your personal data
(b) see what data we have about you
(c) ask to have your data corrected, and to ask how we check the information we hold is accurate
(d) ask to have your data deleted
(e) complain to the Information Commissioner’s Office (see below)
In some circumstances you may also have the right to withdraw your consent to us having or using your data, to have all data about you deleted, or to object to particularly types of use of your data. We will tell you when these rights apply.
You can also make a complaint to the Information Commissioner, who is an independent regulator:
Information Commissioner’s Office
Telephone: 0303 123 1113
Textphone: 01625 545860 Monday to Friday, 9am to 4:30pm
Sending data overseas
We will not usually send your data overseas. If we need to do so, we will let you know.
Automated decision making
We will not normally use your data for any automated decision making. If we need to do so, we will let you know.
Storage, security and data management
Your personal data will be stored securely and will be protected to make sure nobody has access to it who shouldn’t.
You can ask us for details of our instructions to staff on how to collect, use and delete your personal data.
What we ask of you
So that we can keep your personal data reliable and up to date, please:
give us accurate information tell us as soon as possible if there are any changes, such as a new address
How to access your personal information
If you would like a copy of any personal information that we hold about you, please contact the relevant team or agency in the DCMS. We will require proof of ID.
If you do not know who holds your information, or you do not know who to ask, please contact the general contact address and provide as much information as possible about what information you think we hold.
Department for Digital, Culture, Media and Sort
100 Parliament Street
Telephone enquiries 020 7211 6000
Data Protection Officer
If you have any concerns about how the department is handling your personal data, you may contact the department’s Data Protection Officer (DPO).
The DPO provides independent advice and monitoring of DCMS’s use of personal information. They can be contacted at the following postal and email addresses:
Data Protection Officer
Department for Digital, Culture, Media & Sport
100 Parliament Street
Site usage tracking
To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. Most big websites do this too.
They improve things by:
- remembering settings, so you don’t have to keep re-entering them whenever you visit a new page e.g. your details when commenting on posts
- remembering information you’ve given (eg your postcode) so you don’t need to keep entering it
- measuring how you use the website so we can make sure it meets your needs
Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better.
Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.
Analytics data is anonymised at the point of collection.
The following cookies are set by Google Analytics:
Name Typical Content Expires
_utma randomly generated number 2 years
_utmb randomly generated number 30 minutes
_utmc randomly generated number when you close your browser
_utmx randomly generated number 2 years
_utmxx randomly generated number 2 years
_utmz randomly generated number and information on how the site was reached (e.g. direct or via a link, organic search or paid search) 6 months
_ga used to distinguish users 2 years
_gid used to distinguish users 24 hours
_gat used to throttle request rate 1 minute
For further details on the cookies set by Google Analytics, please refer to the Google Analytics documentation.
ii) Log files
Log files allow us to record visitors’ use of the site. These logs are automatically generated from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you.