Privacy Notice - Online Regulatory Platform

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

Your Data

The data

We will process the following personal data:

  • Your email address and password to manage your account;
  • Your email address and subscription preferences when you sign up for our email alerts;
  • Information on how you use the site, using cookies and page tagging techniques


The purpose(s) for which we are processing your personal data is to:

  • Gather feedback to improve our services, for example our email alerts;
  • Respond to any feedback you send us, if you’ve asked us to;
  • Allow you to access government services;
  • Provide you with information about local services;
  • Monitor use of the site to identify security threats;
  • Monitor the performance of the site to identify inefficiencies and errors

Legal basis of processing

The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the ORP service.

The legal basis for processing all other personal data is that it’s necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; the exercise of a function of either House of Parliament; or the administration of justice. The public interest is the provision of the Online Regulatory Platform.


Your personal data will be shared by us with your consent to using the service.

The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

We will not:

  • Sell or rent your data to third parties;
  • Share your data with third parties for marketing purposes


We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

We will:

  • Keep your email data until you unsubscribe;
  • Keep your feedback data for 2 years
  • Delete access log data which contain your IP address after 120 days

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA).

Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

You have a right to object to the processing of your personal data.


If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
0303 123 1113

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact Details

The data controller for your personal data is the Department for Business, Energy & Industrial Strategy (BEIS). You can contact the BEIS Data Protection Officer at:

BEIS Data Protection Officer
Department for Business, Energy and Industrial Strategy
1 Victoria Street