Privacy Policy

This privacy policy tells you what to expect when the Financial Conduct Authority (‘FCA’) collects information about individuals, which we will call ‘personal data’ in this privacy policy.

To help you understand how we use personal data across the FCA, in this privacy policy we explain some of the activities that we undertake and how we may use the personal data that we collect to carry out these activities. We also provide information about your rights and how to contact us if you have any questions.

WHO WE ARE

This website is hosted and managed by The Stationery Office Limited (‘TSO’) on behalf of the FCA.

The Data Controller is the FCA of 12 Endeavour Square, London, E20 1JN whose Data Controller Registration Number is Z5643774.

The Data Processor is TSO of 1-5 Poland St, Soho, London W1F 8PR, who is bound to process all personal data only on behalf of and as directed by the FCA as the Data Controller.

TSO respects the privacy of every individual whose personal data it handles. This privacy policy explains how TSO collects, stores and uses personal data on behalf of the FCA.

The FCA is the ‘controller’ of personal data collected through (the ‘Site’) (www.handbook.fca.org.uk) for the purposes of the UK General Data Protection Regulation 2016/679 (‘UK GDPR’) and the Data Protection Act 2018 (‘DPA’). You should contact the FCA if you have questions about the use of your personal data (see the Contact Us section below).

USE OF COOKIES

This website uses cookies to distinguish one user of our website from another. This helps us to provide a better experience when you browse our website and also allows us to improve our Site. We apply necessary cookies to enable core functionality on our website, such as security, network management and accessibility. We also use non-essential cookies, such as analytical cookies, where we rely upon your consent to allow us to do this.

Find out more about the cookies we use by viewing our cookie policy. Further information about cookies more generally can be found at www.allaboutcookies.org.

RELATIONSHIP BETWEEN TSO AND THE FCA

TSO hosts, manages and fulfils orders made through this Site on behalf of FCA. Personal data we collect about you [including: your name, email address, item(s) purchased, whether or not you have asked to receive marketing from TSO] may, to a limited extent, be shared with the FCA for various purposes including:

  1. to support the FCA’s business operations and understand and manage demand from the public for the FCA’s goods or services;
  2. to facilitate monitoring of our performance in providing relevant goods or services under concession from the FCA and the relationship between us and the FCA;
  3. to enforce or protect our rights under relevant agreements with the FCA; and
  4. to transition the running of the FCA’s website, and the provision of related services, to a third party in the event that TSO and the FCA choose to end their arrangement.

You should not submit any personal data to us if you do not wish it to be shared with the FCA. The FCA will process your personal data in accordance with its privacy policy, which is available at www.fca.org.uk/privacy.

COLLECTION OF PERSONAL DATA

How do we obtain personal data?

This section tells you what personal data we collect from you and how.

When you sign up for an account on our Site:

your name, email address, and telephone number

When you place an order or return a product:

your address, contact details, delivery preferences, and information about the products you have ordered, as well as payment information, depending on how you place your order or request a refund

When you contact us:

any information about you that you give us, such as your name and contact address

Information we collect automatically from you:

your Internet Protocol (IP) address, software configuration, aggregate use information, geographical location data, operating system and use of cookies.

Find out more about your privacy rights

If you are interested in learning more about your privacy rights, you can find more information on the Information Commissioner Office’s website: https://ico.org.uk/.

OUR LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA

The personal data related to your account is used by the TSO for the purposes of providing you with access to the FCA Handbook and other functionality of the Site. For example, in creating alerts about updates to the FCA Handbook. More information on this is provided below and in our cookies notice.

This processing of your personal data falls under the FCA’s legal basis of Article 6(1)(e) of the UK GDPR and Section 8(c) of the DPA (it is necessary for performance of a task carried out in the public interest). The FCA’s legal basis also applies to TSO as data processor.

To the extent that we use any special categories of data, we do so under Article 9(2)(g) of the UK GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA and we have an appropriate policy document covering this processing.

WHY WE USE YOUR PERSONAL DATA

This section tells you why we use personal data we collect from you.

We use personal data to: This means that processing your personal data allows us to: Why do we process your personal data in this way?
Make our Site available to you. Manage the Site, including by allowing you to create an account. We need to process your personal data to create and maintain your account and to allow you to log into the Site.
Contact you. Contact you about our services, as indicated in your account preferences. We contact you in line with your account preferences, for example with alerts about updates to the FCA Handbook.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Where the processing of personal data requires a transfer to other countries outside the UK (to the EU and outside the European Economic Area (‘EEA’)), we will ensure that necessary safeguarding and protections are in place, as set out by the UK GDPR and guidance issued by the Information Commissioner’s Office. For example, by checking the applicable adequacy regulations and implementing robust contractual and security safeguards with third-party providers.

DATA RETENTION

The period for which we will retain personal data will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation.

If you have signed up for an account on our Site, we will store your personal data and the information in your account for as long as is necessary to provide the account and for the period for which you or we could bring legal proceedings in relation to the running of your account.

YOUR RIGHTS

Under the DPA and UK GDPR, you may have certain rights as an individual which you can exercise in relation to the personal data we collect about you. For example, you can exercise your right to:

  • request access to, and deletion or correction of, information about you;
  • object to the way in which we use information about you; and
  • request that your personal data be transferred to another organisation.

Any such requests should be submitted in writing to dataprotection-individualsrightsrequests@fca.org.uk or the Information Disclosure Team, Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN. To enable us to process your request as quickly as possible, we will need you to provide us with some information about yourself. You may find it helpful to complete our individual rights request form.

You also have the right to complain about our of use your personal data to the Information Commissioner’s Office.

CHANGES TO THIS PRIVACY POLICY

This policy will be reviewed from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. Any personal data held will be governed by our most current policy.

LINKS TO THIRD PARTY WEBSITES

This Site may contain links to other websites. These are not covered by this privacy policy. If you access other websites using the links provided, you do so at your own risk. The operators of these websites may collect and use your information in accordance with their privacy policies, which may differ from ours. We encourage you to read the privacy policies on the other websites you visit.

CONTACT US

This privacy policy covers all the main ways that we use the various types of personal data we may hold about you. This is to make sure that we are as transparent as possible and to avoid using your information in a way that would surprise you.

If you feel that we have missed anything that you would like to know, or you have any particular questions about our privacy policy, you can email us or write to: Information Disclosure Team, Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN.

If you have any questions or wish to contact us, please contact us at privacy@fca.org.uk.

OUR DATA PROTECTION OFFICER

As a public authority we are required to appoint a Data Protection Officer (‘DPO’) who oversees our internal data protection compliance, informs and advises us on our data protection obligations, advises us on our data protection impact assessment process and acts as our contact point with the Information Commissioner.

Please email our team if you would like to contact our DPO.

GLOSSARY OF TERMS USED IN THIS PRIVACY POLICY

DPA 2018 The Data Protection Act 2018
UK GDPR The General Data Protection Act Regulation as it applies in the UK
ICO The Information Commissioner’s Office
Personal data When we refer to personal data we mean any information about a living identifiable individual who can be directly or indirectly identified from that information.
Special categories of data The special categories of data are specifically listed in the UK GDPR. They include race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information about a person’s sex life or sexual orientation. You may also hear people refer to sensitive personal data to mean the same thing.