Cookies policy
Find out how we use cookies to gather information on our website.
This policy sets out how we process information using ‘Cookies’ on our website, which includes some processing of your personal data, and explains your rights under the UK Data Protection Regulation (UK GDPR).
Cookies are small text files which are transferred to your computer or mobile/smart device when you visit the website.
Whilst some cookies are ‘essential cookies’ to enable the website to operate, others are classed as ‘analytical or functional cookies’ providing information to us about how visitors connect to and use our website, for which we require your consent to use.
Cookies enable us to:
- provide a functioning website for online visitors.
- verify if a session is a ‘new’ or ‘repeat’ visitor. To ensure all new visitors are asked for ‘consent’ for the use of non-essential cookies; and that repeat visitors’ previous consent settings are adhered to.
- analyse information related to visitor numbers, page views and landing pages when people connect to the website. *
- understand how people are using our website, so we can continually improve and enhance the visitor experience.
* This is aggregated data and individuals are not identified by the GPA.
Personal data processing
The legal basis for processing personal data via Cookies is determined as ‘Legitimate Interest’ under Article 6(f) of UK GDPR.
Essential cookies
Name |
Purpose |
Expires |
| AWSALBTG | Allows us to deliver the service seamlessly using a load balancer. The cookie records which server cluster is serving you. | 1 week |
| AWSALBTGCORS | Allows us to deliver the service seamlessly using a load balancer. The cookie records which server cluster is serving you. | 1 week |
Analytical / functional cookies
Your consent will be sought and must be given for us to use these cookies.
Name |
Purpose |
Expires |
| _ga | These help us count how many people visit the website by tracking if you’ve visited before. | 2 years |
| _ga_* | Used by Google Analytics to find and track an individual session with your device. | 2 years |
| _hjSessionUser_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 1 year |
| _hjFirstSeen | Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user. | 30 minutes |
| _hjIncludedInSessionSample_* | Set to determine if a user is included in the data sampling defined by your site’s daily session limit. 2 minutes duration, extended every 30 seconds. Boolean true/false data type. | 2 minutes |
| _hjSession_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 30 minutes |
| _hjAbsoluteSessionInProgress | Hotjar sets this cookie to detect a user’s first pageview session, which is a True/False flag set by the cookie. | 30 minutes |
Visiting third-party websites via our website links
When visitors follow links from the GPA’s website to independent third-party websites, those sites may capture cookies. The GPA does not receive data from these cookies, nor does it share its own website data with any other parties. Visitors are responsible for managing their cookie preferences directly on each third-party website they visit.
Your data rights
- You have the right to be informed about the proposed use of your personal data.
- You have the right to request information about how your personal data is processed by the GPA, and to request a copy of that personal data (commonly known as a “data subject access request”).
- You have the right to request that any inaccuracies in your personal data are rectified without delay.
- You have the right to request that any incomplete items of personal data are completed, including by means of a supplementary statement.
- You have the right to request that your personal data be erased if there is no justification for further processing.
- You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
- You have the right to object to the processing of your personal data.
International data transfers
All GPA processing of your personal data is conducted within the UK; or meets UK GDPR requirements and ICO Guidance for the permitted processing of personal data outside of the UK.
Contact details
The GPA website is administered by the GPA Marketing and Communications team, who can be contacted via email at comms@gpa.gov.uk
Data Protection Team
The data controller for your personal data is the GPA. The GPA Data Protection Team can be reached via email or post:
Data Protection Team, Government Property Agency, 23 Stephenson Street, Birmingham B2 4BH
dataprotection@gpa.gov.uk
Data Protection Officer
The Data Protection Officer (DPO) provides independent advice and monitoring of the GPA’s use of personal information. The contact details for the data controller’s Data Protection Officer are:
Data Protection Officer, Cabinet Office, Room 405, 70 Whitehall, London SW1A 2AS
dpo@cabinetoffice.gov.uk
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.
The Information Commissioner can be contacted at:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or casework@ico.org.uk.
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.