WHO WE ARE
This website is hosted and managed by The Stationery Office Limited (‘TSO’) on behalf of the FCA.
The Data Controller is the FCA of 12 Endeavour Square, London, E20 1JN whose Data Controller Registration Number is Z5643774.
The Data Processor is TSO of 1-5 Poland St, Soho, London W1F 8PR, who is bound to process all personal data only on behalf of and as directed by the FCA as the Data Controller.
The FCA is the ‘controller’ of personal data collected through (the ‘Site’) (www.handbook.fca.org.uk) for the purposes of the UK General Data Protection Regulation 2016/679 (‘UK GDPR’) and the Data Protection Act 2018 (‘DPA’). You should contact the FCA if you have questions about the use of your personal data (see the Contact Us section below).
RELATIONSHIP BETWEEN TSO AND THE FCA
TSO hosts, manages and fulfils orders made through this Site on behalf of FCA. Personal data we collect about you [including: your name, email address, item(s) purchased, whether or not you have asked to receive marketing from TSO] may, to a limited extent, be shared with the FCA for various purposes including:
- to support the FCA’s business operations and understand and manage demand from the public for the FCA’s goods or services;
- to facilitate monitoring of our performance in providing relevant goods or services under concession from the FCA and the relationship between us and the FCA;
- to enforce or protect our rights under relevant agreements with the FCA; and
- to transition the running of the FCA’s website, and the provision of related services, to a third party in the event that TSO and the FCA choose to end their arrangement.
COLLECTION OF PERSONAL DATA
How do we obtain personal data?
This section tells you what personal data we collect from you and how.
When you sign up for an account on our Site:
your name, email address, and telephone number
When you place an order or return a product:
your address, contact details, delivery preferences, and information about the products you have ordered, as well as payment information, depending on how you place your order or request a refund
When you contact us:
any information about you that you give us, such as your name and contact address
Information we collect automatically from you:
Find out more about your privacy rights
If you are interested in learning more about your privacy rights, you can find more information on the Information Commissioner Office’s website: https://ico.org.uk/.
OUR LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA
The personal data related to your account is used by the TSO for the purposes of providing you with access to the FCA Handbook and other functionality of the Site. For example, in creating alerts about updates to the FCA Handbook. More information on this is provided below and in our cookies notice.
This processing of your personal data falls under the FCA’s legal basis of Article 6(1)(e) of the UK GDPR and Section 8(c) of the DPA (it is necessary for performance of a task carried out in the public interest). The FCA’s legal basis also applies to TSO as data processor.
To the extent that we use any special categories of data, we do so under Article 9(2)(g) of the UK GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA 2018, in that it meets a condition in Part 2 of Schedule 1 of the DPA and we have an appropriate policy document covering this processing.
WHY WE USE YOUR PERSONAL DATA
This section tells you why we use personal data we collect from you.
|We use personal data to:||This means that processing your personal data allows us to:||Why do we process your personal data in this way?|
|Make our Site available to you.||Manage the Site, including by allowing you to create an account.||We need to process your personal data to create and maintain your account and to allow you to log into the Site.|
|Contact you.||Contact you about our services, as indicated in your account preferences.||We contact you in line with your account preferences, for example with alerts about updates to the FCA Handbook.|
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Where the processing of personal data requires a transfer to other countries outside the UK (to the EU and outside the European Economic Area (‘EEA’)), we will ensure that necessary safeguarding and protections are in place, as set out by the UK GDPR and guidance issued by the Information Commissioner’s Office. For example, by checking the applicable adequacy regulations and implementing robust contractual and security safeguards with third-party providers.
The period for which we will retain personal data will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation.
If you have signed up for an account on our Site, we will store your personal data and the information in your account for as long as is necessary to provide the account and for the period for which you or we could bring legal proceedings in relation to the running of your account.
Under the DPA and UK GDPR, you may have certain rights as an individual which you can exercise in relation to the personal data we collect about you. For example, you can exercise your right to:
- request access to, and deletion or correction of, information about you;
- object to the way in which we use information about you; and
- request that your personal data be transferred to another organisation.
Any such requests should be submitted in writing to firstname.lastname@example.org or the Information Disclosure Team, Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN. To enable us to process your request as quickly as possible, we will need you to provide us with some information about yourself. You may find it helpful to complete our individual rights request form.
You also have the right to complain about our of use your personal data to the Information Commissioner’s Office.
This policy will be reviewed from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. Any personal data held will be governed by our most current policy.
LINKS TO THIRD PARTY WEBSITES
If you have any questions or wish to contact us, please contact us at email@example.com.
OUR DATA PROTECTION OFFICER
As a public authority we are required to appoint a Data Protection Officer (‘DPO’) who oversees our internal data protection compliance, informs and advises us on our data protection obligations, advises us on our data protection impact assessment process and acts as our contact point with the Information Commissioner.
Please email our team if you would like to contact our DPO.
|DPA 2018||The Data Protection Act 2018|
|UK GDPR||The General Data Protection Act Regulation as it applies in the UK|
|ICO||The Information Commissioner’s Office|
|Personal data||When we refer to personal data we mean any information about a living identifiable individual who can be directly or indirectly identified from that information.|
|Special categories of data||The special categories of data are specifically listed in the UK GDPR. They include race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information about a person’s sex life or sexual orientation. You may also hear people refer to sensitive personal data to mean the same thing.|