Privacy policy
Your personal information
This privacy policy relates to the information we store about you as a Developer Hub user. It does not relate to the privacy of the end users of any application you develop; under our terms of use you are responsible for the information stored by your application.
We collect certain information about you when you use the Developer Hub and APIs. This page explains what kind of personal information we collect, how it's protected and how you can find out about it.
If we change this privacy policy, we’ll notify all Developer Hub users by email.
If you want to see what information we store about taxpayers, you can also read HMRC's Privacy Notice.
GDPR lawful basis
We hold information about you as a software developer on the lawful basis of “public task” so that we can run the Developer Hub as a service to you.
What personal information do we hold about you?
When you use the Developer Hub, we collect:
- your personal details including name, email address and optionally the name of your organisation
- information about your applications and the email addresses of those of your colleagues with access to them
- your IP address, and details of which version of web browser you use
- information on how you use our site, based on cookies and page tagging techniques
- any questions, queries or feedback you leave, including your email address, if you contact our support team
How we use and share your data
We use this information to create and administer user accounts on the Developer Hub. The information you give us will be used in a customer relationship management tool to help us manage our customer service obligations. We don’t share this information with anyone else.
We store your information so that your user account on the Developer Hub is able to function correctly, and so we can administer that access via our approval process for issuing production credentials. This includes sending you service updates and notices.
We undertake the following checks for application approvals:
- Companies House – to check the status of the business is “Active”.
- LinkedIn – to check the business digital footprint.
- Twitter – to check the business digital footprint.
- Company website – to check the business digital footprint but also for reassurance we are dealing with a valid developer.
- Sandbox testing – to check/validate the developer has conducted sufficient testing of the API before being provided access to the live environment.
We delete your personal information when your user account is deleted, and keep audit records of your user account activity for up to 6 years.
How we protect your personal information
We comply with the EU General Data Protection Regulation (GDPR)
We will:
- tell you why the information is needed
- only ask for what's needed
- make sure no one has access to it who shouldn't
- only keep the information for as long as it's needed
- not make it available for commercial use
Third party integration
We use third party software to help us improve your experience on this website including Google Analytics, Optimizely and SurveyMonkey.
The following information may be collected about your device and browser and held so it can't be used to identify who you are:
- device's IP address
- device screen resolution
- device type (unique device identifiers), operating system, and browser type
- geographic location (city and country only)
- preferred page display language
- referring domain
- pages visited
- preferred language used to display the webpage
- date and time when website pages were accessed
- mouse events (movements, location and clicks)
- keypresses
You can opt out of Google Analytics by installing their Opt out Browser Add-on (opens in a new tab).
You can opt out from having Optimizely collect your information by visiting their opt out page (opens in a new tab) and entering our Developer Hub URL in their opt out form:
https://developer.service.hmrc.gov.uk/api-documentation
You can find out more about the cookies that SurveyMonkey uses (opens in a new tab) and how to opt out.
Handling your information
Our staff are trained in handling information and understand how important it is to protect personal and other sensitive information.
Asking to see your information
You can ask to see the personal information we hold about you. To help locate the information you want and deal with your request more quickly, you should make your GDPR request to the HMRC office advised by our support team. You should address your request to the Data Protection Officer.
There is no charge.
Sometimes we can withhold information, for example, to protect national security.
Your GDPR right to be forgotten
You can ask us to delete all the information we hold about you, if you no longer wish to be a user of the Developer Hub. To do this contact our support team.
Children
The Developer Hub is not for use by children under the age of 16. We do not knowingly hold personal information on children under the age of 16.
How to object or make a complaint
If you're unhappy with the way we handle your personal information, you can write to the Data Protection Officer at the HMRC office advised by our support team.
You'll get a confirmation that we have received your complaint within 5 days and a full answer within 20 days. We will tell you if there is going to be a delay.
If you're unhappy with the answer or need any advice, contact the Information Commissioner's Office (ICO) (opens in a new tab).
The ICO can investigate your complaint and take action against anyone who has misused personal data.