Privacy notice for GovWifi
Last updated: 8 November 2023
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
Purpose
GovWifi is a secure wifi service. It provides wifi access within government, local authorities and emergency service buildings.
GovWifi is provided by Cabinet Office to deliver guest wifi service across government departments, local authorities and emergency services. As this service is live, we continuously conduct qualitative and quantitative user research. We also carry out surveys and user research to improve the service for end users and admins to ensure it is user-centred and accessible.
Cabinet Office is the data controller for GovWifi. Cabinet Office determines how and why personal data is processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
Your data
To ensure GovWifi works effectively we collect the following data:
- email address or mobile telephone number
- number of authentication attempts you make
- activation and login dates
- identification of the buildings in which you access GovWifi
For GovWifi administrators we also collect:
- names of all administrators registered in your organisations GovWifi admin account
- email addresses for all administrators registered in your organisations GovWifi admin account
- last date an administrator logged into the admin tool and the total number of logins
If participating in user research
We may collect the following items for GovWifi user research from admins and end users:
- full name
- email address
- organisation
- department
- role
- place of work
- video recordings
- types of devices used to connect to GovWifi
- identify the buildings in which you access GovWifi
We require this information to ensure that our research is varied and representative of our user groups.
This data gives us insights from end users and organisations to help us identify ways we can improve GovWifi. It allows us to capture pain points and to broaden our knowledge of how the service is used and seen.
Legal basis for processing your data
The legal basis for processing your personal data is:
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is the running of wifi services.
For user research
The initial use of personal data to send surveys (when data subjects sign up for GovWifi credentials) is on a lawful basis of legitimate interest.
All other processing for user research is on a lawful basis of consent.
Recipients
Your personal data may be shared with other government departments in specific circumstances such as investigations:
- legal investigations
- cyber Security investigations
- HR employment investigations
- if required by court order
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
- share data that monitors or tracks employees
Data stored for user research
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, document management and storage services, as well as our research supplier.
Data retention
We need to process personal data to let users in government, arm’s length bodies and public sector organisations stay connected to a secure wifi service while visiting other departments and moving between buildings.
We need to know when you last used GovWifi so we can delete your account if it has not been used for 12 months.
We need to know your email address or mobile phone number so that we can notify you about major changes to the service or changes to the terms and conditions. For example, if the current inactive account deletion period of 12 months is reduced.
We will keep connection log data for a maximum of 6 months.
User research data retention
Recruitment and consent forms are kept for 24 months.
Any recordings are deleted when the research and design activities are finished.
Data with our research supplier is kept for 3 months.
Your rights
You have the right:
- to request information about how your personal data is processed, and to request a copy of that personal data
- to request that any inaccuracies in your personal data are rectified without delay
- to request that any incomplete personal data is completed, including by means of a supplementary statement
- to request that your personal data is erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- to object to the processing of your personal data where it is processed for direct marketing purposes
- to object to the processing of your personal data where it has been processed on a legal basis of the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller
- to withdraw consent to the processing of your personal data at any time
- to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format
International transfers
As your personal data is stored on our corporate IT infrastructure and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, reliance on Standard Contractual Clauses, or reliance on a UK International Data Transfer Agreement.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email
icocasework@ico.org.uk
Telephone
0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact us
The data controller for your personal data is Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall
London
SW1A 2AS
Alternatively you can use this online form to contact Cabinet Office
Contact the data controller’s Data Protection Officer: DPO@cabinetoffice.gov.uk
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.