Privacy policy

This statement explains how the Government Gateway uses information you provide over the internet and the ways in which it protects your privacy.

Security

For more information about security, see

The Data Protection Act

We have a legal duty to protect your information. We maintain strict security standards and procedures to prevent unauthorised access to your data. We use leading technologies including digital certificates and encryption to further safeguard your data.

The approach we take to protecting the data you provide to us has been approved by the Information Commissioner.

This privacy statement applies solely to information handled by the Government Gateway.

What happens to the information you provide?

You provide two kinds of information to the Government Gateway: 'Registration information' and 'Known facts'.

- Registration information

When you register with the Government Gateway, you enter your name and email address. Note that as part of registration you do not enter your address, or any other personal details.

The Government Gateway stores this information securely in a registration database. As part of the registration process, Government Gateway will share these details with the departments owning the services you have chosen to interact with. Sharing these details will allow both Government Gateway and government departments to communicate with you directly about the services you have enrolled in. The Departments you interact with will not share these details with any third parties unless the law specifically allows them to, including to detect or prevent crime.

Your name and email address will be transmitted through secure channels and held securely in the database of the department you interact with.

If you register on behalf of your organisation, each User in the organisation can enter some optional additional details (for example, their job title, department or extension number). This information is not sent to any government departments. It is used to identify you to other Government Gateway Users within your organisational group.

- Known facts

When you enrol for a service, you are asked to enter a set of known facts for that service. This combination of information uniquely identifies you as an individual or an organisation. For example, if you are enrolling for Self Assessment, these facts will be made up of your Tax reference, postcode and National Insurance number. Known facts that you have provided are transferred between the Government Gateway and the government departments. Since this information does not include your name or address it cannot be used by anyone except the government departments.

The Government Gateway has access to an extract database from each government department that handles online services. This database contains the known facts of all individuals or organisations eligible for a service.

When you enrol for a service, the information you enter is compared with the information held on the extract database. If it matches information already held, the Government Gateway sends a request to the relevant department to supply the Government Gateway with the postal address for the individual or organisation identified by these known facts.

The Government Gateway uses the postal address to send you your Activation code. If you use a User ID and password to log in, we will also send you confirmation of your User ID through the post. After we have sent this information, your address is deleted from the Government Gateway.

The data collected by Government Gateway from you will be held securely for a period of up to and not exceeding 72 hours as part of our privacy assurance for Customers. The way that data is held and transferred is consistent with HM Government Security Framework, policy and advice.

Sharing of information

We will only give information about you to someone outside DWP, including other government departments, if the law allows us to. We may share your information for a number of reasons including to prevent or detect crime.

Links to other websites

The Government Gateway contains links to other websites, mainly those of other government departments and some third party software suppliers. The Government Gateway is not responsible for the privacy practices of any of these other sites. We encourage you to be aware of this when you leave the Government Gateway and to read the privacy statements on other websites you visit which collect personally identifiable information.

This privacy statement applies solely to information handled by the Government Gateway.

Cookies

A cookie is a piece of data stored in the memory of your computer when you connect to the Government Gateway. Government Gateway cookies are not stored on your hard disk.

In simple terms, we generate and temporarily store a meaningless number which is used to keep track of your identity from page to page. This is destroyed when you log out from the Government Gateway or close your browser window. We do not use the cookie to track the way you use the website.

Most internet browsers (for example, Internet Explorer) are set up to automatically accept cookies, but you can change your settings to prevent this. However, if you choose not to accept cookies you will not be able to access the Government Gateway, as we need to use cookies to manage your session.

How we use cookies

Gateway Home

This service uses session cookies. Your browser must have cookies enabled for the service to work.

  • www.gateway.gov.uk
Cookie name Typical content Expires
ASP.NET_SessionId Random number When your browser closes

Gateway Account Management

This service uses session cookies. Your browser must have cookies enabled for the service to work.

  • myaccount.gateway.gov.uk
Cookie name Typical content Expires
ASP.NET_SessionId Random number When your browser closes
WLCookie Random number When your browser closes
resourceInfo Reply address details When your browser closes

Gateway Authentication

This service uses session cookies. Your browser must have cookies enabled for the service to work.

  • authenticate.gateway.gov.uk
Cookie name Typical content Expires
ASP.NET_SessionId Random number When your browser closes
SIDPCookie Random number When your browser closes
BrokerCookie Random number When your browser closes
DefaultRA Clear text value indicating the Registration Authority that the user has requested is remembered for future sessions 1000 days

Gateway Identity Verification

This service uses session cookies. Your browser must have cookies enabled for the service to work.

  • idv.gateway.gov.uk
Cookie name Typical content Expires
ASP.NET_SessionId Random number When your browser closes
IdvCookie Random number When your browser closes

Gateway Secure Data Transfer

This service uses session cookies. Your browser must have cookies enabled for the service to work.

  • sdt.gateway.gov.uk
Cookie name Typical content Expires
ASP.NET_SessionId Random number When your browser closes
SdtCookie Random number When your browser closes

Log files

Log files are used to track transactions made using the Government Gateway and we are required by law to store these for auditing purposes. The log files are based on your User ID, do not contain any personally identifiable information, and are stored securely.

Making changes to registration information

You can change your registration information at any time. To do this, log in to the Government Gateway and click on 'Your Details'. You will then be able to see the information we currently have stored on you, and make changes if you wish. If you registered with a certificate, you cannot change the name that the Government Gateway stores for you, as this is automatically copied from your certificate.

You can unenrol from services for which you have enrolled. Your registration details are then marked as 'inactive' and are stored securely for auditing purposes.

Notification of changes to this privacy policy

If this privacy policy changes in any way, an updated version will be placed on this page. Regularly reviewing this page ensures you are always aware of what information is collected, how it is used, and under what circumstances, if any, it is shared with other parties.