Privacy notice
This privacy notice explains how we collect, use and protect your personal information provided through our digital services for elector registration, your rights under UK data protection law and how to contact us if you have any questions or concerns.
Who we are
The Ministry of Housing, Communities and Local Government (MHCLG) provides and operates the central digital electoral registration services to make it simpler for people to manage their electoral registration. These services are:
- Register to vote
- Apply for a postal vote
- Apply for a proxy vote
- Apply for photo ID to vote (Voter Authority Certificate)
- Renew your overseas voter registration
MHCLG is the data controller for the central digital electoral registration services, this means MHCLG is responsible for how your personal data is used and managed in these services. This includes any data we process or store directly, as well as any processing carried out on our behalf by organisations we work with (sub-processors).
We send your application, including the personal data you provided, to your local electoral registration officer, who makes decisions about applications and manages the electoral register. The electoral registration officer is responsible for how they use the data — they are the data controller for the information in relation to their legal duty to provide a complete and accurate electoral register.
What personal data we collect
We collect different types of personal data depending on the digital electoral service you use. The personal data we collect across most services includes:
- your full name (including any previous names where relevant)
- your date of birth
- your address (including previous or second addresses where relevant)
- your National Insurance number
- your email address and telephone number (if you choose to provide them)
- any supporting documents you provide
Additional data collected for specific digital electoral services
Register to vote
- your nationality, residency status and other details about your citizenship, where relevant
- for Northern Ireland residents: second address, Electoral Identity Card preference, and reason for postal or proxy vote
- for overseas electors: we may collect a range of details related to your identity and citizenship status, such as nationality, passport information, birth details, and citizenship history, where relevant to your application or legal status
- for overseas crown servants and armed forces: role, forces service and rank, correspondence address, as relevant
Apply for a postal vote
- your alternative forwarding address for a ballot paper (if applicable)
- a digital image of your signature
Apply for a proxy vote
- your proxy’s full name, address
- your proxy’s email address, and telephone number (if provided)
- a digital image of your signature
- why you are applying for a proxy vote
Apply for photo ID to vote (Voter Authority Certificate)
- a digital image of yourself
- alternative collection address for your Voter Authority Certificate (where relevant)
Renew your overseas voter registration
- your overseas address
- the last UK address where you lived or were registered to vote
Other information we may collect
Accessibility information
- your preferences for accessible document formats, such as requests for information in braille, large print or easy read
- a declaration that you are unable to provide a signature due to a disability
- any additional information you choose to provide about your disability to help electoral registration officers to understand your needs and make appropriate adjustments
Cookies
- if you agree to our use of cookies, we’ll collect information on how services are used to support updates and improvements
Why we collect your data
We only collect the personal data we need to verify your identity and provide electoral registration officers with information required to meet their duties. This ensures that the electoral register is accurate and that only eligible people are added to it. Where relevant, we collect your personal data in support of establishing a postal or proxy vote, or obtain photo ID to vote, in line with UK law. We may also collect information about your accessibility needs, where relevant, so that electoral registration officers can ensure that all voters can participate in elections.
Under Article 6(1)(e) of the UK General Data Protection Regulation (UK GDPR), we process your data because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
This task is set out in UK electoral law, including:
- Representation of the People Act 1983 Section 9A and 10ZC, which require electoral registration officers to maintain accurate electoral registers and allow people to apply to register individually, including through digital services.
- The Electoral Registration and Administration Act 2013, which enables online applications.
- The Representation of the People (England and Wales) Regulations 2001, and related regulations for Scotland and Northern Ireland, which set out how applications must be handled and what information must be collected.
- The Electoral Registration (Digital Service) Regulations 2014, which allow the use of a central digital service to support online registration, including identity verification using data from the Department for Work and Pensions.
- The Elections Act 2022 (Section 1) and the Voter Authority Certificate (Great Britain) Regulations 2022, which set out the legal basis and requirements for applying for photo ID to vote (a ‘Voter Authority Certificate’) if you do not have acceptable photo ID.
- This data is collected under legal obligations to comply with the Equality Act 2010 and the Elections Act 2022, which require us to anticipate and meet the needs of disabled voters by making reasonable adjustments.
Who we share your data with
We will share your data with your electoral registration office in England, Scotland and Wales, or with the Chief Electoral Officer (CEO) in Northern Ireland. Each electoral registration office and the CEO NI maintains the register of electors for their area and makes decisions about applications. Each electoral registration office, and the CEO NI, are separate data controllers and how they use your data will be set out in their privacy notices.
Find your electoral registration office.
We share your data with the Department for Work and Pensions to check your identity as part of your application to register.
How we store your data
Your data is processed, stored and transmitted by secure means that meet the required UK Government standards. Your data is not stored or processed outside of the UK or the European Economic Area.
Data retention and deletion
MHCLG ensures all personal data is only kept for as long as necessary and is securely deleted after it is no longer required.
Personal data collected through the following services and processes is retained for between 48 hours to 7 days to ensure that the processing has successfully completed. After this, the personal data is securely deleted.
- Register to vote application data is kept until it is downloaded from MHCLG systems by the electoral registration officer (ERO), and then for no more than 48 hours after download. Results of the data match with DWP are kept for 7 days.
- Register to vote application data for overseas electors is kept until it is downloaded by the ERO, and then for no more than 48 hours after download.
- Postal vote and proxy vote application data is kept for 7 days after it is downloaded by the ERO.
- Personal data processed for overseas elector renewals is kept for up to 8 weeks following the completion of the annual renewals period.
Apply for photo ID to vote (Voter Authority Certificate, or VAC) data is kept for different periods depending on the stage and outcome:
- VAC application data is kept for 7 days after it is received, to ensure successful processing.
- Approved VAC application data is kept for 28 working days from the date the certificate is issued, to ensure the VAC is received by the applicant.
- Data from a rejected VAC application is kept for 12 months from the decision date, to align with the time limit for appeals.
- VAC certificate data (including name, certificate number, and date of issue) is kept for 10 years from the determination date, for fraud detection and prevention.
Backups of all data are kept for 44 days to support business continuity and disaster recovery.
Cookie data is kept for 26 months to help manage and improve the service.
Your rights
Under the UK General Data Protection Regulation (UK GDPR) you have rights as to how your personal data can be used. These are explained here:
- you have the right to request information about how your personal data is processed, and to request a copy of that personal data
- you have the right to request that any inaccuracies in your personal data are rectified without delay
- you have the right to request that any incomplete personal data is completed, including by means of a supplementary statement
- you have the right to request that your personal data is erased if there is no longer a justification for it to be processed
- you have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- you have the right to object to the processing of your personal data
If you wish to exercise any of these rights, for example, to request the personal data that we hold about you, contact us at dataprotection@communities.gov.uk
In relation to data collected by website cookies: you have the right to withdraw your consent, using either the cookie consent banner that pops up on entry to the site or the link to ‘Cookies’ at the bottom of the webpage.
Contact details and more information
If you have queries or concerns about how MHCLG use your data in relation to the digital services for electoral registration, please contact the MHCLG Data Protection Officer at: dataprotection@communities.gov.uk
Your electoral registration office will be able to answer queries about how they use your data and who it is shared with, provide contact details of their data protection officer and provide their privacy notice.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the MHCLG Data Protection Officer at dataprotection@communities.gov.uk
If you are not satisfied with MHCLG’s response to your complaint then you can contact the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
casework@ico.org.uk
0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Changes to this notice
We may update this privacy notice from time to time. The latest version will always be available on this page.
Last updated: 22 September 2025