How the Contact Centre uses personal data

This page explains how and why we use personal data to help us respond when you write to us or call our Contact Centre.

The personal data we use

When you contact us we will ask for some personal data such as your name, email address and phone number. We need this information if you contact us electronically (for example by webchat or contact form) so that we are able to respond to you. However, if you contact us by telephone you are under no obligation to provide any personal data to us and you can carry out your call on an anonymous basis. (Though anonymous, your call will still be recorded for staff evaluation and training purposes, unless you specifically ask for the recording of your call to be paused. You can request for the recording to be paused at any time during your call.)

Depending on the reason you contact us, we may also collect other personal data about you or other individuals that you may have chosen to provide.

How we collect personal data

People can contact us in various ways, whether they are a firm, consumer or anyone else who wishes to ask us a question or report something to us. Our contact us page has details on how you can get in touch with us - including live web chats, electronic contact forms and telephone calls.

We use a speech and text analytics tool to record, analyse and quality assess all the communications made to and from our Contact Centre (including by telephone – see below). We use this tool primarily to train and monitor the performance of our Contact Centre staff. This ensures that we maintain a high standard of service and have an accurate record which can be passed on to other areas of the FCA where appropriate. We also use a case management system to record details about our contact with you. (If you would like to learn more about our use of the speech and text analytics tool, you can request a copy of our Data Protection Impact Assessment for this processing activity from our Information Disclosure Team.

We offer a third-party translation service for individuals when English is not their first language. The company that provides this service does not record the calls or retain any information about individuals mentioned during the calls.

Why we collect personal data

We use your personal data for a number of important reasons:

  • to provide you with any information or services that you ask for, as well as to reply to your correspondence
  • to analyse the use and performance of our Contact Centre, such as where in the country users of our helpline come from, what type of questions they are asking, and whether the service was able to give them useful information or guidance
  • to maintain a record of our contact with you (as well as keeping track of our interaction with you, this helps us identify you if you contact us again and therefore provide a better level of service to you)
  • to quality assess the service provided to you by our Contact Centre staff, identify any areas for improvement and develop staff training
  • to identify and analyse issues, risks and emerging trends in relation to the firms and markets that we regulate
  • to process any complaints made against us by you or relating to our interaction with you – any  such complaint investigations will be undertaken by our Complaints team, not our Contact Centre

The lawful basis for us using personal data

We use this personal data to respond to queries or reports from firms, regulated individuals and members of the public, and to improve the quality of the service our Contact Centre provides under Article 6(1)(e) of the General Data Protection Regulation (EU) 2016/679 (GDPR) (it is necessary for performance of a task carried out in the public interest) and Section 8(c) of the Data Protection Act 2018 (DPA 2018). We do not usually explicitly ask for any special categories of data from people who contact our Contact Centre but, depending on the nature of the correspondence and the information the individual chooses to give us, it is very possible that some special categories of personal data may be included in the information that we collect or record. To the extent that we do process any special categories of data as part of our complaints handling work, we do so under Article 9(2)(g) of the GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.

When our Contact Centre shares personal data

Our speech and text analytics tool transfers information to be stored on virtual servers which can be accessed by third-party technical support teams in the USA and India, where necessary and explicitly allowed by us. Any such support is limited to resolving technical issues with the speech and text analytics tool itself. It is not intended that any personal data held by the FCA should be accessed by the third-party technical support teams in this way. Backups of the information are stored on physical servers by the same third party in the UK.

Information collected by the Contact Centre is occasionally shared with third-party providers that assist with specific FCA campaigns or act as a supplementary contact centre if required. Also, information is occasionally shared with research companies to undertake thematic reviews and other research exercises.  

Other than that, the information is shared by the Contact Centre internally within other areas of the FCA, such as our Complaints team and teams undertaking research and analysis. The information may also be used by other areas of the FCA, such as by our Supervision teams, to identify and analyse emerging trends and risks and, more generally, to help us to fulfil effectively our statutory functions. Read more about how we use personal data for research and analysis purposes.

When personal data used by our Contact Centre is transferred outside the EU

As mentioned above, our speech and text analytics tool is occasionally accessed by third party technical support teams outside the EU, in the USA and India solely for the purposes of resolving technical issues with the speech and text analytics tool itself. To ensure that adequate protection is in place for any personal data being accessed outside the EU in this way, we have implemented robust contractual and security safeguards with the third-party provider. If you would like to obtain more details about these safeguards in relation to your personal data, please contact us.

Learn about your rights

Under the GDPR, individuals have a number of rights relating to their personal data. Read more about your rights and how to exercise them.