Version 2.8, May 2024

We may need to handle personal information about you so that we can provide services for you. This privacy notice tells you how we look after that information. The United Kingdom Debt Management Office (UK DMO) is the data controller.

When we ask you for personal information, we will ensure it is:

  • processed lawfully, fairly and safely in a transparent manner
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and, where necessary, kept up to date
  • retained for only as long as necessary
  • processed in an appropriate manner to maintain security

Personal data means any information about an individual from which that person can be identified. There are “special categories” of more sensitive personal data which require a higher level of protection; however, we do not collect special category data.

The kind of information we hold about you

We collect, store and use the following categories of personal data:

  • name, title
  • personal and business contact details such as telephone numbers, addresses and email addresses, and the name of the organisation for which you work
  • signature
  • your image captured on CCTV (if you visit our offices)
  • your MAC address and device name (if you connect to our GovWifi network)

Why we collect your data and what we do with it

Your personal data is being collected as an essential part of the service we provide, so that we can contact you and for statistical purposes. We may also use it to contact you about related matters. We will not use your personal information for marketing purposes or make it available to any other organisation for that purpose.

If we do not have access to your data it may not be possible for us to provide the services to you which you would reasonably expect from us.

The data we collect may be shared with relevant staff in other government departments, agencies and public bodies.

We may be required by law to share your data with financial services regulators to assist with their investigations or initiatives and with police, law enforcement and security services for the prevention of crime and the protection of national security.

We do not disclose personal data to anyone else except as set out above.

Your personal data will be maintained in secured government IT systems here in the UK. From time to time, it may be necessary for personal data to be sent overseas to ensure our systems are working appropriately. Your data will only be transferred overseas temporarily and only where equivalent safeguards are in place and when absolutely necessary.

Your personal data are not used for any automated decision making.

Your personal data are used for one or more of the following:

  • Transactions related to the PWLB lending facility, Debt Management Account Deposit Facility (DMADF) and Commissioners for the Reduction of the National Debt (CRND).
  • Gilt or cash management activities where you represent a Gilt-Edged Market Maker (GEMM) or other counterparty.
  • Freedom of Information Act requests, email subscriptions, media and other enquiries.
  • To ensure a safe and crime-free working environment.

How long we keep your personal data

The duration for which we keep your data will differ depending on the type of information and the reason why we collected it from you. In some cases personal information may be retained on a long-term basis.

  • PWLB lending facility: data provided for authorisation purposes are held until superseded by a new instruction and data relating to a loan application are held for six years after the loan maturity date.
  • DMADF: data provided for authorisation purposes are held until superseded by a new instruction and data relating to a deposit application are held for six years after the deposit maturity date.
  • CRND: data provided for authorisation purposes are held until superseded by a new instruction and data relating to an investment are held for six years after the investment date.
  • Voice recording records are kept for five years and then destroyed. Phone calls are recorded for dealing (cash, gilts and fund management), local authority lending such as the PWLB lending facility and settlements.
  • Operational records of the dealing desk, other than voice recordings, are kept for no more than 6 years and then destroyed.

Lawful basis

Our lawful bases for processing personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In the case of data collected for monitoring your access to GovWifi from DMO equipment, the lawful basis is our legitimate interest in ensuring the network is used appropriately, securely, and in compliance with applicable laws and policies. In the case of subscriptions to our email services, the lawful basis is your consent at the point you subscribe.

How you can help

It is important that we keep your information accurate and up-to-date and so in return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes, such as new contact details

Your rights

The data we are collecting is your personal data, and you have certain rights about what happens to it. You have the right:

  • to see what data we have about you
  • to ask us to stop using your data, but keep it on record
  • to have all or some of your data corrected if it is inaccurate or incomplete
  • to lodge a complaint with the independent Information Commissioner (ICO) if you think we are not handling your data fairly or in accordance with the law.

You can get more details from us on:

  • how to find out what information we hold about you and how to ask us to correct any mistakes
  • agreements we have with other organisations for sharing information
  • circumstances where we can pass on your personal information without telling you (e.g. to prevent and detect crime or to produce anonymised statistics)
  • our instructions to staff on how to collect, use and delete your personal information
  • how we check the information we hold is accurate and up to date
  • how to make a complaint


For more information or to request access to your personal data please contact:

The Data Protection Officer


Information Assurance

UK Debt Management Office

The Minster Building

21 Mincing Lane

London EC3R 7AG

Please visit our Terms of Use page for information on our Cookies Policy.

When we ask you for information, all applicable provisions of the law, including the EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) will be applied at all times. For independent advice about data protection, privacy and data sharing issues or to lodge a complaint, please contact the Information Commissioner at:

Wycliffe House, Wate Lane, Wilmslow, Cheshire SK9 5AF

Phone: 03030 123 1113 or 01625 54 57 45


Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last reviewed on 1 May 2024.