Last updated: 15 January 2021
Who we are
GOV.UK Verify is built and run by the Government Digital Service (GDS), which is part of the Cabinet Office.
GOV.UK Verify allows you to prove your identity when using digital government services, like the service you use to file your Self Assessment tax return.
You can find more detailed information about GOV.UK Verify on the GOV.UK Verify blog.
This privacy notice explains what data we might collect, how it's used and how it's protected.
What data we collect
We collect personal data from you when you:
- sign in to a service with GOV.UK Verify
- send us questions or feedback
When you sign in with GOV.UK Verify
GOV.UK Verify provides a 'hub' between services and companies that prove users' identities on behalf of the government. These companies have met government and industry standards to check and prove users' identities as part of GOV.UK Verify.
After the company proves your identity, they send limited personal data they collect to the hub. The hub will then send it to the service you want to use.
This personal data might include your:
- name (including any previous names)
- address (including any previous addresses)
- date of birth
- age range
- gender (this is usually optional)
- IP address
- persistent identifier (PID) - this is given to you by the company that proved your identity
When you send us a question or feedback
We keep any questions or feedback you send about GOV.UK Verify, as well as details about what we've done to help. We'll also keep some personal data, such as your name and email address.
Cookies and analytics
We use Matomo to collect information about how you use GOV.UK Verify.
Matomo stores information about:
- which pages you visit
- how long you spend on each page
- how you got to the site
- what you click on while you're visiting the site
We also use Google Analytics to share this information within GDS. This information helps us to improve UK government digital services. It is anonymised before we process it.
We do not store your personal data (such as your name or address) on our analytics system or share it with Google Analytics. We make sure this information is not used, or combined with other datasets, to identify who you are.
To protect GOV.UK Verify from crime and fraud, we might sometimes share your personal data with:
- law enforcement agencies
- public sector organisations, for example the Cabinet Office, Home Office and others
- relevant private sector organisations
This personal data might include your:
- family name
- first name
- date of birth
- phone number
- biometric information
- email addresses
What we do with your data
We might share the data we collect with:
- other government departments and agencies
- the company who verified your identity
- other public bodies
We will not:
- sell your data to third parties
- share your data with third parties for marketing purposes
Legal basis for using your data
The legal basis for processing your personal data is that it's necessary to perform a task in the public interest.
Sometimes, you will need to give your consent before any personal data is processed. In that case, you have the right to withdraw your consent at any time.
How long we keep your data for
We will only keep your personal data for as long as:
- it's needed for the purposes set out in this privacy notice
- the law requires us to
Who controls your data
Cabinet Office is the data controller for the data processed by GOV.UK Verify. A data controller determines how and why personal data is processed. For more information, read the Cabinet Office's entry in the Data Protection Public Register.
Where your data is stored
GOV.UK Verify stores your personal data in the European Economic Area (EEA).
You have the right to request:
- information about how your personal data is processed
- a copy of any personal data you've given to us
- that anything inaccurate in your personal data is corrected immediately
- that any incomplete personal data is completed - you can do this by sending us a 'supplementary statement' that explains what's wrong with the data we've collected
- that your personal data is deleted if there's no longer a reason for us to hold it
- that the processing of your personal data is restricted in certain circumstances, for example if we've collected inaccurate information
Links to other websites
GOV.UK Verify is one of the services on GOV.UK and has links to other websites.
This privacy notice only applies to GOV.UK Verify and doesn't cover other government services, companies or digital identity schemes that we link to. Read their own terms and conditions, privacy policies and data controllers if you want to find out how they process your personal data.
Children's privacy protection
We understand the importance of protecting children's privacy online. GOV.UK Verify is not designed for or intentionally targeted at children that are 13 or younger. We will not intentionally collect or keep data about anyone under the age of 13.
How we protect your data and keep it secure
We're committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data. For example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with have an obligation to keep all personal data they process on our behalf secure.
Changes to this notice
We may change this privacy notice. In that case, the 'last updated' date at the bottom of this page will change. Any changes to this privacy notice will apply to you and your data as of that date.
We encourage you to review this privacy notice regularly to find out how we are protecting your data.
Contact us or make a complaint
You can contact the GDS Privacy Team at email@example.com if you:
- have a question about anything in the privacy notice
- think that your personal data has been misused or mishandled
Contact an independent body
You can contact the Cabinet Office Data Protection Officer (DPO), which provides independent advice and monitoring of our use of personal data.
Cabinet Office Data Protection Officer
Data Protection Officer
You can also make a complaint to the Information Commissioner's Office (ICO), who is an independent regulator.
Telephone: 0303 123 1113
Textphone: 01625 545 860
Monday to Friday, from 9am to 4:30pm
Information Commissioner’s Office