Find out how and why we use personal data to help us respond when you contact us.
On this page
The personal data we use
When you contact us we will ask for some personal data such as your name, email address and phone number. We need this information if you contact us electronically (for example by webchat or contact form) so that we are able to respond to you. However, if you contact us by telephone you are under no obligation to provide any personal data to us and you can carry out your call on an anonymous basis. (Though anonymous, your call will still be recorded for staff evaluation and training purposes, unless you specifically ask for the recording of your call to be paused. You can request for the recording to be paused at any time during your call.)
Depending on the reason you contact us, we may also collect other personal data about you or other individuals that you may have chosen to provide.
How we collect personal data
People can contact us in various ways, whether they are a firm, consumer or anyone else who wishes to ask us a question or report something to us. Our contact us page has details on how you can get in touch with us, including by live web chat, online contact forms and phone.
We use a speech and text analytics tool to record, analyse and quality assess communications made to and from us (including by telephone – see below). This ensures that we maintain a high standard of service and have an accurate record which can be passed on to other areas of the FCA, where appropriate. We also use a case management system to record details about our contact with you.
We offer a third-party translation service for individuals whose first language is not English. The company that provides this service does not record the calls or retain any information about individuals mentioned during the calls.
Why we collect personal data
We use your personal data for a number of important reasons:
- to provide you with any information or services that you ask for, as well as to reply to your correspondence
- to analyse the use and performance of our services, such as where in the country users of our helpline come from, what type of questions they are asking, and whether the service was able to give them useful information or guidance
- to maintain a record of our contact with you (as well as keeping track of our interaction with you, this helps us identify you if you contact us again and therefore provide a better level of service to you)
- to quality assess the service provided to you by our staff when you contact us, identify any areas for improvement and develop staff training
- to identify and analyse issues, risks and emerging trends in relation to the firms and markets that we regulate
- to process any complaints made against us by you or relating to our interaction with you – any such complaint investigations will be undertaken by our Complaints team
The lawful basis for us using personal data
We use this personal data to respond to queries or reports from firms, regulated individuals and members of the public, and to improve the quality of the service we provide under Article 6(1)(e) of the UK General Data Protection Regulation (UK GDPR) (it is necessary for performance of a task carried out in the public interest) and Section 8(c) of the Data Protection Act 2018 (DPA 2018). We do not usually explicitly ask for any special categories of data from people who contact us but, depending on the nature of the correspondence and the information the individual chooses to give us, it is very possible that some special categories of personal data may be included in the information that we collect or record. To the extent that we do process any special categories of data as part of our complaints handling work, we do so under Article 9(2)(g) of the UK GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.
When personal data we use is transferred outside the UK and the EU
As mentioned above, our speech and text analytics tool, covering the period up to and including June 2024, is occasionally accessed by third party technical support teams outside the EU, in the USA and India solely for the purposes of resolving technical issues with the speech and text analytics tool itself. To ensure that adequate protection is in place for any personal data being accessed outside the EU in this way, we have implemented robust contractual and security safeguards with the third-party provider. If you would like to obtain more details about these safeguards in relation to your personal data, please contact us.
From July 2024, speech and text analytics data will only be stored and processed in the UK and EU.
Given our role as a regulator we do occasionally share personal data with other regulators, public authorities and law enforcement agencies outside the EU. Before we transfer personal data outside the UK, we have robust processes to ensure that appropriate safeguards are put in place to protect any personal data included in such a transfer. Contact us if you would like more details about the safeguards we have in place with regard to any personal data about you that we may transfer to a particular non-EU country, please contact us.
Learn about your rights
Under the UK GDPR, individuals have a number of rights relating to their personal data. Read more about your rights and how to exercise them.