Go Superfast

Privacy Notice

Department for Digital, Culture, Media & Sport Privacy Notice for Gigabit Voucher Scheme Building Digital UK (BDUK)


Who is collecting my data?

BDUK in the Department for Digital, Culture, Media & Sport (DCMS) helps to drive growth, enrich lives and promote Britain abroad.

We protect and promote our cultural and artistic heritage and help businesses and communities to grow by investing in innovation and highlighting Britain as a fantastic place to visit. We help to give the UK a unique advantage on the global stage, striving for economic success.


Purpose of this Privacy Notice

This notice is provided within the context of the notice provided to meet the obligations as set out in Article 13 (this sets out the info we have to provide  where the data is received directly from the data subject). Article 13 of UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). This notice sets out how we will use your personal data as part of our legal obligations with regard to Data Protection.

The Department for Digital, Culture, Media & Sport’s personal information charter explains how we deal with your information. It also explains how you can ask to view, change or remove your information from our records.

This website (“Website“) is run by the Department for Digital, Culture, Media & Sport (“we” and “us“, “DCMS“). DCMS is the controller for the personal information we process, unless otherwise stated.


Privacy policies of other websites

This Privacy Statement does not cover links to other websites. We are not responsible for the privacy policies and practices (including use of cookies) of other websites even if you accessed the third party website using links from the Website. We recommend that you check the policy of each website you visit and contact the owner or operator of such a website if you have concerns or questions.


What is personal data?

Personal data is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is someone who can be recognised, directly or indirectly, by information such as a name, an identification number, location data, an online identifier, or data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. These types of identifying information are known as ‘personal data’. Data protection law applies to the processing of personal data, including its collection, use and storage.


What personal data do we collect?

Most of the personal information we collect and process is provided to us directly by you. This includes:

  • Personal identifiers and contacts (name, contact details – phone number, email address, address)
  • We ask suppliers to provide photographic ID for the company director.



Cookies are files saved on your phone, tablet or computer when you visit a website.

We use cookies to store information about how you use this website, such as the pages you visit. For more information on our cookies policy you can visit our cookies page


How will we use your data?

We use personal information for a wide range of purposes, to enable us to carry out our functions as a government department. This includes:

  • Operating and administering the Scheme effectively, through verifying the use of vouchers, determining eligibility for the Scheme (based on location, inclusiveness in other funding options and connection speeds) 
  • To report on the effectiveness of the Scheme to local and central governments.
  • To report on the activity of DCMS within a certain jurisdiction to the relevant local authorities. 


What is the legal basis for processing my data?

To process this personal data, our legal reason for collecting or processing this data is: Article 6(1) (e): 

“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”

It is necessary to perform a public task (to carry out a public function or exercise powers set out in law, or to perform a specific task in the public interest that is set out in law).

The lawful basis that we rely on to process your personal data will determine which of the following rights are available to you. Much of the processing we do in DCMS will be necessary to meet our legal obligations or to perform a public task. If we hold personal data about you in different parts of DCMS for different purposes, then the legal basis we rely on in each case may not be the same.


What will happen if I do not provide this data?

You will not be able to participate in the scheme. 


Who will your data be shared with?

We may share this information with:

Suppliers – DCMS commercial team, third party audit teams.

Beneficiaries – DCMS Vouchers team, local bodies, third party audit teams.

We will let you know if we are going to share your personal data with other organisations – and whether you can say no. You can ask us for details of agreements we have with other organisations for sharing your information.

You can also ask us for details of any circumstances in which we can pass on your personal data without telling you. This might be, for example, to prevent and detect crime or to produce anonymised statistics.

We won’t make your personal data available for commercial use without your specific permission.


How long will my data be held for?

We will only retain your personal data for 6 years in line with DCMS retention policy.


Will my data be used for automated decision making or profiling?

We will not use your data for any automated decision making.


Will my data be transferred outside the UK and if it is how will it be protected?

The data will be stored in a number of places including; on a shared Google drive (UK) that only the relevant teams have access to.  Zendesk (USA) may on certain occasions have access to your personal data, and the Gigabit portal website.

Please find Zendesk’s Privacy Policy here.


What are your data protection rights?

You have rights over your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). The Information Commissioner’s Office (ICO) is the supervisory authority for data protection legislation, and maintains a full explanation of these rights on their website

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately


You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances


If you have any of these requests please contact;

Data Protection Manager, Building Digital UK

The Department for Digital, Culture, Media & Sport 

100 Parliament Street



Email: bduk-dataprotection@dcms.gov.uk


DCMS will ensure that we uphold your rights when processing your personal data.


How do I complain?

If you’re unhappy with the way we have handled your personal data and want to make a complaint, please write to the department’s Data Protection Officer and/or the data controller’s Data Protection Manager in Building Digital UK. 

The contact details for the data controller’s Data Protection Officer (DPO) are:

Data Protection Officer

Department for Digital, Culture, Media & Sport 

100 Parliament Street



Email: DPO@dcms.gov.uk


How to contact the Information Commissioner’s Office

If you believe that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. You may also contact them to seek independent advice about data protection, privacy and data sharing.

Information Commissioner’s Office

Wycliffe House

Water Lane




Website: www.ico.org.uk

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.


Changes to our privacy notice

We may make changes to this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, DCMS will take reasonable steps to let you know.

This notice was last updated on 28/09/2021.