Personal data used when you contact us

Find out how and why we use personal data to help us respond when you contact us.

The personal data we use

When you contact us we will ask for some personal data such as your name, email address and phone number. We need this information if you contact us electronically (for example by webchat or contact form) so that we are able to respond to you. However, if you contact us by telephone you are under no obligation to provide any personal data to us and you can carry out your call on an anonymous basis. (Though anonymous, your call will still be recorded for staff evaluation and training purposes, unless you specifically ask for the recording of your call to be paused. You can request for the recording to be paused at any time during your call.)

Depending on the reason you contact us, we may also collect other personal data about you or other individuals that you may have chosen to provide.

How we collect personal data

People can contact us in various ways, whether they are a firm, consumer or anyone else who wishes to ask us a question or report something to us. Our contact us page has details on how you can get in touch with us, including by live web chat, online contact forms and phone.

We use a speech and text analytics tool to record, analyse and quality assess communications made to and from us (including by telephone – see below). This ensures that we maintain a high standard of service and have an accurate record which can be passed on to other areas of the FCA, where appropriate. We also use a case management system to record details about our contact with you.

We offer a third-party translation service for individuals whose first language is not English. The company that provides this service does not record the calls or retain any information about individuals mentioned during the calls.

Why we collect personal data

We use your personal data for a number of important reasons:

  • to provide you with any information or services that you ask for, as well as to reply to your correspondence
  • to analyse the use and performance of our services, such as where in the country users of our helpline come from, what type of questions they are asking, and whether the service was able to give them useful information or guidance
  • to maintain a record of our contact with you (as well as keeping track of our interaction with you, this helps us identify you if you contact us again and therefore provide a better level of service to you)
  • to quality assess the service provided to you by our staff when you contact us, identify any areas for improvement and develop staff training
  • to identify and analyse issues, risks and emerging trends in relation to the firms and markets that we regulate
  • to process any complaints made against us by you or relating to our interaction with you – any  such complaint investigations will be undertaken by our Complaints team

The lawful basis for us using personal data

We use this personal data to respond to queries or reports from firms, regulated individuals and members of the public, and to improve the quality of the service we provide under Article 6(1)(e) of the UK General Data Protection Regulation (UK GDPR) (it is necessary for performance of a task carried out in the public interest) and Section 8(c) of the Data Protection Act 2018 (DPA 2018). We do not usually explicitly ask for any special categories of data from people who contact us but, depending on the nature of the correspondence and the information the individual chooses to give us, it is very possible that some special categories of personal data may be included in the information that we collect or record. To the extent that we do process any special categories of data as part of our complaints handling work, we do so under Article 9(2)(g) of the UK GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.

When we share personal data

Information collected is occasionally shared with third-party providers that assist with specific FCA campaigns or act as a supplementary contact centre if required. Also, information is occasionally shared with research companies to undertake thematic reviews and other research exercises.  

Other than that, the information is shared internally within other areas of the FCA, such as our Complaints team and teams undertaking research and analysis. The information may also be used by other areas of the FCA, such as by our Supervision teams, to identify and analyse emerging trends and risks and, more generally, to help us to fulfil effectively our statutory functions. Read more about how we use personal data for research and analysis purposes.

To cover the period up to and including June 2024: Our speech and text analytics tool transfers information to be stored on virtual servers which can be accessed by third-party technical support teams in the USA and India, where necessary and explicitly allowed by us. Any such support is limited to resolving technical issues with the speech and text analytics tool itself. It is not intended that any personal data held by the FCA should be accessed by the third-party technical support teams in this way. Backups of the information are stored on physical servers by the same third party in the UK.

When personal data we use is transferred outside the UK and the EU

As mentioned above, our speech and text analytics tool, covering the period up to and including June 2024, is occasionally accessed by third party technical support teams outside the EU, in the USA and India solely for the purposes of resolving technical issues with the speech and text analytics tool itself. To ensure that adequate protection is in place for any personal data being accessed outside the EU in this way, we have implemented robust contractual and security safeguards with the third-party provider. If you would like to obtain more details about these safeguards in relation to your personal data, please contact us.

From July 2024, speech and text analytics data will only be stored and processed in the UK and EU.

Given our role as a regulator we do occasionally share personal data with other regulators, public authorities and law enforcement agencies outside the EU. Before we transfer personal data outside the UK, we have robust processes to ensure that appropriate safeguards are put in place to protect any personal data included in such a transfer. Contact us if you would like more details about the safeguards we have in place with regard to any personal data about you that we may transfer to a particular non-EU country, please contact us.

Learn about your rights

Under the UK GDPR, individuals have a number of rights relating to their personal data. Read more about your rights and how to exercise them.

Page updates

: Information changed when individuals contact us via the Supervision Hub
: Editorial amendment page updated as part of website refresh