Financial Lives Survey privacy statement

Our privacy statement explains why and how we use the personal data (also called your personal information) you provide in the Financial Lives survey. We also provide information about your rights and how to contact us, if you have any questions.

1. What personal data we collect and how

When we refer to personal data we mean any information about a living identifiable individual who can be directly or indirectly identified from that information.

Via the Financial Lives survey, the FCA collects the following personal information, where you choose to provide it:

  • Name
  • Date of birth
  • Email address
  • Phone number

We also record the address from the survey invitation you were sent.

Additionally, throughout the Financial Lives survey, respondents are asked to provide special categories of data, including ethnicity, health data, and sexual orientation. Respondents have the option to opt out of providing this information.

When conducting research we try to keep our collection of personal data to a minimum. We only ask for personal data where we believe these are necessary for meaningful research and analysis. Largely when we analyse data we use pseudonymised or anonymised data, and we only publish data that are anonymised. ‘Pseudonymise’ is defined in the Glossary below.

The personal data we typically collect and use as part of our research is normally limited to contact details (of the person completing an FCA questionnaire or survey).

We also, occasionally, where required for the purpose of a specific project, collect and use financial information, date of birth and location data. These data are usually pseudonymised by us when used in research.

2. The lawful basis for us using personal data

We use these personal data under Article 6(1)(e) of the GDPR (it is necessary for the performance of a task carried out in the public interest) and Section 8(c) of the Data Protection Act 2018 (DPA 2018). Our research work is essential to enable us to understand the firms and markets that we regulate and to carry out effectively our statutory functions as a regulator of financial conduct and the related firms and markets. To the extent that we use any special categories of data in our research work, we do so under Article 9(2)(g) of the GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA 2018 and we have an appropriate policy document covering this processing activity.

3. Who is the data controller and the data processors?

In research terms, the data controller is the body that commissions a survey and uses data collected.

The data processor is the body that collects research data, cleans them, analyses them, and then passes them on to the data controller.

The FCA is a data controller of the information supplied by respondents of the Financial Lives survey. This means the FCA determines the purposes for which and the manner in which any personal data are used, or are to be processed. Consequently, data processors are not free to use the data collected as part of Financial Lives survey for their own purposes.

4. Who has access to your personal information:

The following parties will have access to your personal information:

  1. The Financial Conduct Authority (FCA), as the entity that commissioned the research.
    The FCA
    12 Endeavour Square
    London
    E20 1JN
    0800 111 6768
  2. National Centre for Social Research (NatCen) will have access, because NatCen is the agency who has been contracted to run the Financial Lives survey online on behalf of the FCA. Additionally, NatCen will have access to the in-home survey data and will provide a merged data set of in-home and online survey interviews to the FCA.
    NatCen Social Research
    35 Northampton Square
    EC1V 0AX
    0800 652 4568
  3. Ipsos MORI UK Limited will have access only in relation to the interviews conducted in the home, because Ipsos Mori is the agency who has been contracted to run the additional Financial Lives in-home survey on behalf of the FCA.
    Ipsos MORI UK Limited
    3 Thomas More Square
    London E1W 1YW
    United Kingdom
    020 7347 3000
  4. Critical Research will have access, as the agency who has been contracted to analyse the merged data set for the FCA and produce anonymised, aggregated results of all survey responses.
    Critical Research Ltd
    Unit 7, Baden Place
    Crosby Row
    SE1 1YW
    0203 643 9050
  5. Third parties commissioned by the FCA to carry out follow-up research will have access to your phone number and/or email address, where you choose to provide these, when you agree to be contacted for follow-up research.

5. How do we use your personal information

The information you give us will be treated as confidential as directed by the Code of Practice for Statistics, which the FCA shall comply with.

Additionally, the FCA is under an obligation of confidentiality required by the Financial Services and Markets Act 2000 (section 348). 

There are two purposes for which we collect the personal information mentioned above. The first purpose is re-contact for further research, and the second one is enabling further analysis.

Re-contact for further research

At the end of the survey, you are asked whether you would like to be contacted again for follow-up research by the FCA or by a third party commissioned by the FCA. If you agree to be contacted for this purpose, you will be asked to provide a phone number and/or an email address. Your contact details will NOT be used for marketing activities.

Enabling further analysis

The FCA is looking to maximise the analysis value of the information you supply during the Financial Lives survey by combining information with information in other databases held by the FCA or by Critical Research. In order to match records, we need to know your name, date of birth and postcode. After a respondent’s response to the Financial Lives survey is matched with other information held by FCA for this respondent (product sales data, for example), there is no longer any need for personal information within that analysis file and it will be deleted. Various respondents’ linked data, without the deleted data, are then combined to produce analysis focusing on different customer segments. The purpose of data linking is to enrich the findings of the Financial Lives survey and to enable the FCA to fulfil its public functions; the purpose is NOT an in-depth look at the financial records of a particular individual.

Your personal details will NOT be used for marketing activities.

6. Data storage, security and access

Data will be stored by the organisations detailed in the ‘Who has access to your personal information’ section according to their own protocols. The FCA has evaluated rigorously the agencies’ protocols for security. For the agency to start working on Financial Lives, they had to either go through Security Penetration Testing to test their systems are secure, or share the results of their most recent Security Penetration Test (if it was done in the last year) with the FCA for examination and agreement with the thoroughness of procedures. Security Penetration Test results are re-evaluated on a yearly basis.

Data will be transferred between organisations detailed in the ‘Who has access to your personal information’ section via a secure portal for sharing files, administered by Critical Research.

Access to the personal information within the FCA will be restricted to a small number of employees conducting survey analysis. 

7. Data retention

The personal data collected as part of the Financial Lives survey will be stored as indicated below:

  1. Name: 10 years
  2. Date of birth: 10 years
  3. Email address: 10 years
  4. Phone number: 10 years
  5. Address: 10 years

8. Details of data transfers

Data will be stored within the UK or EEA. 

9. Your rights

Participation in the research is not compulsory and you have the right to withdraw at any stage. We hope that you will choose to take part, as the FCA relies on the voluntary cooperation of people invited to take part to get a clear picture of consumers’ experiences and attitudes. This helps the FCA to protect consumers better.

According to Chapter 3 of GDPR, each Data Subject has the following eight rights:

 

  1. The right to be informed – this means individuals have the right to be informed about the collection and use of their personal data.
  2. The right of access – this means individuals have the right to access their personal data.
  3. The right to rectification this means individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  4. The right to erasure – this means individuals have the right to have personal data erased.
  5. The right to restrict processing this means individuals have the right to request the restriction or suppression of their personal data.
  6. The right to data portability this means individuals have the right to obtain and reuse their personal data for their own purposes across different services.
  7. The right to object this means individuals have the right to object to the processing of their personal data in certain circumstances.
  8. Rights related to automated decision making and profilingorganisations can carry out this type of decision-making where this decision is necessary for the entry into or performance of a contract, authorised by Union or Member state law applicable to the controller or based on the individual’s explicit consent. Article 22 of the GDPR has additional rules to protect individuals if an organisation is carrying out solely automated decision-making that has legal or similarly significant effects on them.

The rules about research and statistical work in the GDPR and the DPA 2018 mean that certain rights that you may have in respect of your personal data under the GDPR (such as the right to restrict or object to processing activity) may not apply to the personal data we use as part of our research work. If you would like more information about this, please contact us.

If you are interested in learning more about your privacy rights, you can find more information on the Information Commissioner’s Office (ICO).

During the Financial Lives survey fieldwork period you have the right to request that your data are deleted or, if they are not accurate, amended. If you wish to lodge a complaint, you can do so by contacting NatCen Social Research, by emailing [email protected] or calling 0800 652 4568, quoting the reference number on the front of your letter.

If you have taken part in the in-home interview survey and wish to request that your data are deleted, you can do so by contacting Ipsos MORI by emailing [email protected] or calling 0808 141 3076, quoting the reference number supplied to you.

Once the fieldwork period has ended, please contact the FCA using the form below to exercise your rights.

10. Individual rights request form

If you wish to find out what personal data, if any, we hold about you or if you wish to exercise any of your other privacy rights, you can contact our Information Disclosure Team. To enable us to process your request as quickly as possible, we will need you to provide us with some information about yourself. You may find it helpful to complete our individual rights request form.

11. How to contact us

This privacy notice covers all the main ways that we use the various types of personal data we may hold about you, to make sure that we are as transparent as possible and to avoid using your information in a way that would surprise you.

If you feel that we have missed anything that you would like to know, or you have any particular questions about our privacy policy, you can email us or write to: Information Disclosure Team, Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN. Alternatively, if you would like to speak to someone, you can call our switchboard on 020 7066 1000 and ask for the Information Disclosure Team.

12. Our Data Protection Officer

As a public authority we are required to appoint a Data Protection Officer (DPO) who oversees our internal data protection compliance, informs and advises us on our data protection obligations, advises us on our data protection impact assessment process and acts as our contact point with the Information Commissioner.

Please email our team if you would like to contact our DPO.

13. The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the Information Commissioner’s Office. Please go to www.ico.org.uk for more information. 

14. Glossary of terms used in this privacy notice

DPA 2018

The Data Protection Act 2018

GDPR

The General Data Protection Act (EU) 2016/679

ICO

The Information Commissioner’s Office (link is external)

Personal data

When we refer to personal data we mean any information about a living identifiable individual who can be directly or indirectly identified from that information.

Pseudonymise

The process of distinguishing individuals in a dataset by using a unique identifier which does not reveal their “real world” identity.

Special categories of data

The special categories of data are specifically listed in the GDPR. They include race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information about a person’s sex life or sexual orientation. You may also hear people refer to sensitive personal data to mean the same thing.