The official Government Right to Buy website

Privacy and cookies

Data protection legislation has changed with the introduction of a new Data Protection Act, implementing the EU General Data Protection Regulation (GDPR). You have greater powers to protect your own privacy, and there is greater responsibility on those processing your data for any purpose. The following is to explain your rights and give you the information you will be entitled to under the new Act.

1. The identity and contact details of MHCLG and our data protection officer

The Ministry of Housing, Communities and Local Government (MHCLG) is the data controller. The Data Protection Officer at MHCLG can be contacted at [email protected]

2. Why we are collecting the data

We collect your data for the following purposes:

  1. We hold your name, email address and postcode for the purpose of keeping you updated on the Right to Buy. We will use it to contact you by email. We will not contact you for any other purpose without your clear, specific consent.
  2. We securely store the data you add to the online application for up to 30 days to allow you to save and continue with completion of the form. Once it is has been completed it will be deleted from the system within 30 days
  3. We track usage of this website using small data files known as cookies. The cookies are not used to identify you personally, they are used to remember settings and information you have already provided so that you don’t gave keep entering them and measuring how you use the website so that we can make sure it meets your needs. Find out more about our cookie use below.
  4. The Right to Buy agents contact centre retain voice recordings of your calls with them to support their helpline training and to make sure you get the advice you need.

3. Legal basis for processing the data

Data protection legislation sets out when we are lawfully allowed to process your data. The lawful basis that applies in this case is that you give us your clear consent for us to process your personal data for this purpose.

4. With whom we will be sharing the data

Your data will be accessible to the data controller and our data processor.
Your contact data will be stored and accessed via a secure MailChimp account

5. For how long we will keep the personal data, or criteria used to determine the retention period.

Your contact details will be held until you request that we delete it or when we no longer need to contact you about this topic.

6. Your rights, e.g. access, rectification, erasure

The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:

  1. know that we are using your personal data
  2. see what data we have about you
  3. tell us you no longer consent to us having or using your data
  4. have your data corrected, and to ask how we check the information we hold is accurate
  5. have your data deleted
  6. object to this use of your data
  7. complain to the ICO (see below)

7. Sending data overseas

We use a service called MailChimp to handle the sending of alerts and information packs by email, which is operated by The Rocket Science Group, based in Atlanta, U.S.A.

MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. It is committed to subjecting all Personal Information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website

Emails sent from MailChimp contain both HTML and plain text versions. If you choose to view the messages in HTML mode, these contain small tracking codes to help us evaluate the usefulness of the material we are sending. Operationally, we do not review this data at individual level, only as aggregated scores.

Full privacy information relating to MailChimp

8. Automated decision making

We will not use your data for any automated decision making

9. Storage, security and data management

Your data will be stored in a password-protected account on MailChimp, following their privacy policies.

10. Cookies

To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. Most big websites do this too.

They improve things by:

  • remembering settings, so you don’t have to keep re-entering them whenever you visit a new page
  • remembering information you’ve given (eg your postcode) so you don’t need to keep entering it
  • measuring how you use the website so we can make sure it meets your needs

Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.

To learn more about cookies and how to manage them, visit

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better.

Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.

The following cookies are set by Google Analytics:

Name Typical Content Expires
_utma randomly generated number 2 years
_utmb randomly generated number 30 minutes
_utmc randomly generated number when you close your browser
_utmx randomly generated number 2 years
_utmxx randomly generated number 2 years
_utmz randomly generated number and information on how the site was reached (e.g. direct or via a link, organic search or paid search) 6 months

We also use third party cookies set by our media partners to track where visitors to this website have come from and how they go on to use the site, when they come in from our marketing activity elsewhere online.

We also use cookies to help you retrieve and forms which you’ve chosen to save and return to later.

Log files

Log files allow us to record visitors’ use of the site. These logs are automatically generated from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you, but may include details about the device you used to access the website and non-personal information such as postcodes you enter into forms on this site.

11. Complaints and more information

When we ask you for information, we will keep to the law, including all new legislation coming into force.

If you are unhappy with the way the department has acted, you can make a complaint

If you are not happy with how we are using your personal data, you should first contact [email protected].

If you are still not happy, or for independent advice about data protection, privacy and data sharing, you can contact:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, Cheshire,

Telephone: 0303 123 1113 or 01625 545 745