Skip to main content
Legacy System Register

Alpha This is a new service – your feedback will help us build it.

Privacy notice

Last updated on 5 February 2026

The Legacy System Register is a platform for government departments, agencies and crown bodies to view and update legacy-related details of their IT systems. In order to make the service secure and available we need to collect, process and store personal data.

Who we are

The Legacy System Register is managed by the Government Digital Service (GDS). GDS is part of the Department for Science, Innovation and Technology (DSIT). All Legacy System Register administrators hold at minimum SC clearance.

What data we collect

The personal data we collect may include:

  • your name
  • your email address
  • the organisation you work for
  • your IP address
  • your browser and connection details

Why we collect this data

The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of this service.

The legal basis for processing all other personal data is that it’s necessary:

  • to perform a task in the public interest
  • in the exercise of our functions as a government department

Recipients

The data we collect may be shared with other government departments, agencies and public bodies and will be shared by us with our third party processors who support the product.

We shall not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

Your personal data is retained so long as you are an active user of this service, and for two years thereafter for security purposes.

Data subject rights

You have the right to:

  • request information about how your personal data are processed, and to request a copy of that personal data.
  • request that any incomplete personal data are completed, including by means of a supplementary statement.
  • request that your personal data are erased if there is no longer a justification for them to be processed.
  • request, in certain circumstances (for example, where accuracy is contested), that the processing of your personal data is restricted.
  • object to the processing of your personal data where it is processed for direct marketing purposes.
  • object to the processing of your personal data.

International transfers

All processing is based in the UK on DSIT-managed cloud infrastructure using Amazon Web Services.

Cookies

We only use cookies that are required for the service to work, these include:

  • legacy_register_sid - a required cookie to manage your user session
  • sessionid - a required cookie to manage your user session

Questions and complaints

The contact details for our Data Protection Officer are:

DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG
dataprotection@dsit.gov.uk

You may also make a complaint to the Information Commissioner, who is an independent regulator set up to uphold information rights.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
casework@ico.org.uk
0303 123 1113

Changes to this notice

We may change this privacy notice. In that case the 'last updated' date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, the Department for Science, Innovation and Technology (DSIT) will take reasonable steps to make sure you know.