Skip to main content

This is a prototype vision of how a future government service could work. It's not a real service yet, but we're exploring what it could look like. Your feedback will help shape the real service.

Privacy Policy

How we handle your personal information when using NDX:Try

Privacy Policy

Last updated: 28 November 2025

Who we are

NDX:Try is operated by the National Digital Exchange (NDX) partnership, working with UK local authorities to enable safe evaluation of cloud technologies.

What data we collect

When you request a partner tour

We collect:

  • Council name
  • Your name
  • Email address
  • Phone number (if you provide it)
  • Which scenario you’re interested in
  • Your availability for a session
  • Any additional context you provide

When you browse the website

We collect standard web server logs including:

  • Your IP address
  • Pages you visit
  • Browser type and version
  • Date and time of your visit

We do not use tracking cookies or analytics that identify individual users.

How we use your data

Partner tour requests

Your information will be:

  • Shared only with the AWS implementation partner assigned to your tour request
  • Used solely to arrange and conduct your evaluation session
  • Not used for marketing purposes without additional consent
  • Retained for up to 12 months for service improvement

Website analytics

Anonymised browsing data helps us:

  • Understand which scenarios are most useful
  • Improve the website experience
  • Identify and fix technical issues

We process your data under the following legal bases:

  • Consent - When you submit a partner tour request, you consent to us sharing your details with an implementation partner
  • Legitimate interests - To improve our services and understand how the website is used

Your rights

Under UK GDPR, you have the right to:

  • Access - Request a copy of the personal data we hold about you
  • Rectification - Request that we correct any inaccurate personal data
  • Erasure - Request that we delete your personal data
  • Restriction - Request that we limit how we use your data
  • Objection - Object to us processing your personal data
  • Portability - Request your data in a portable format

To exercise any of these rights, contact us at ndx@dsit.gov.uk.

Data retention

Data type Retention period
Partner tour requests 12 months
Website server logs 90 days
Sandbox session data Deleted after 90 minutes

Data security

We protect your data through:

  • Encryption in transit (HTTPS)
  • Access controls limiting who can view your information
  • Regular security reviews
  • Secure cloud infrastructure (AWS)

Third parties

Implementation partners

When you request a partner tour, we share your contact details with a vetted AWS implementation partner. These partners are:

  • Accredited AWS Partners with local government experience
  • Bound by data protection agreements
  • Required to use your data only for arranging the requested tour

AWS

Sandbox environments run on AWS infrastructure. AWS processes data in accordance with their Data Privacy FAQ.

International transfers

Your data is processed within the UK and European Economic Area. If data is transferred internationally, appropriate safeguards are in place.

Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top of this page shows when it was last changed.

Contact us

If you have questions about this privacy policy or how we handle your data:

Email: ndx@dsit.gov.uk

Address:
NDX Partnership
c/o Central Digital and Data Office
Cabinet Office
70 Whitehall
London SW1A 2AS

Complaints

If you’re not satisfied with how we’ve handled your data, you can complain to the Information Commissioner’s Office (ICO):