How and why we publish information (including personal data) through our Register Services, and how we collect and use personal data in the provision of those services.
Data we collect and publish on Register Services
The Financial Services Register (FS Register) is a public record of firms, individuals and other bodies that are, or have been, authorised by the FCA or the Prudential Regulation Authority (PRA). The FS Register lists all firms and individuals involved with regulated activities that we have currently or previously approved. It comprises a number of services:
- the FS Register website
- the FS Register Applications Programming Interface (API)
- the FS Register Extract Service (RES)
These services also feature data about individuals carrying out specific roles in UK financial services.
We are required under the Financial Service and Markets Act (FSMA) to make much of this information publicly available. We also have the discretion to publish additional information in support of our statutory objectives. This information on the FS Register and extracts of the Register can also be purchased for a fee or accessed through a free application programming interface (API).
All the data published on the FS Register is collected through a number of regulatory processes that are covered under the following privacy notices:
- personal data and authorisation
- personal data and enforcement
- personal data and market oversight
- personal data and supervision
However, in addition to the data published through the Register Services, we also collect some data that is used in the provision, improvement, and maintenance of the services. That data is covered below.
Personal data we collect and use
The FCA collects information in relation to the following Register Services.
1. Users of the Financial Services Register
The FS Register does not automatically capture or store personal information, other than logging your IP address and session information, such as:
- how long your visit lasted
- the pages visited
- the type of browser used (via UserAgent which informs us of browser details and its environment such as Chrome version 110 browser on an Android device). This is recognised by the web server and is only used for system administration and to provide statistics, which we use to evaluate how the site is used.
For the users of the FS Register, we use anonymised cookies data on usage of our site, which is then used to help improve the user experience. More details are available in our cookie notice.
We collect feedback from users via anonymised feedback forms, which helps us improve our services.
2. Subscribers of the Register Extract Service (RES)
We collect the following personal data for the subscribers of the Register Extract Service (RES):
- name
- email address
- telephone number
- role in relation to the service (eg invoice contact, contracts contact, general updates contact)
3. Subscribers of the API services
We collect the following personal data for the subscribers of the Register API:
- email address
- name (title, first name and last name)
- job title
- telephone number
- mobile number
- details of the device that is used to access the API - IP address, UserAgent (browser details and its environment such as Chrome version 110 browser on an Android device)
How we collect personal data
All the data collected is provided directly by individuals in order to access the services.
The data collected in the FS Register is mainly collected via our online systems – Connect, RegData and Online Invoicing. Occasionally, we also make specific ad hoc information requests to regulated firms (including sole traders) by other means.
Personal data may also be collected through written notes and digital copies of phone calls or video calls, which may be recorded to evidence the assessments undertaken on applications received. More details are available on our personal data and authorisation privacy notice.
The data collected in the RES service is provided to us by the completion of an order form, and by updates provided to us by email ([email protected]) by the subscribers to the service.
The data collected in the API service is provided by user registration. Additionally, the information provided by the client they use to access information from the API, eg the type of device they are using, their IP address.
Why we use this personal data
The information collected allows us to:
- validate, manage users for access, and provide them with updates on service availability
- contact users of our data services to gather information about how we can improve the service, including conducting surveys
- conduct research and analysis on the usage of the platform
We may engage our third-party suppliers who manage and support the API platform. We may also share personal data to provide us with these services. Where the processing of personal data requires a transfer to other countries outside the UK (to the EU and outside the European Economic Area 'EEA'), we will ensure that necessary safeguarding and protections are in place as set out by the UK GDPR, Data Protection Act (DPA) 2018 and guidance issued by the Information Commissioner’s Office, such as checking the applicable adequacy regulations and implementing robust contractual and security safeguards with third-party providers.
Lawful basis for us using this personal data
We process this personal data under Article 6(1)(e) of the UK GDPR (it is necessary for the performance of a task carried out in the public interest) and Section 8(c) of the DPA 2018.
How we store your personal information
Your information is securely stored on our IT systems and applications. We use third-party suppliers for IT services, sharing personal data subject to necessary contractual arrangements. These suppliers, as data processors, only act on our instructions outlined in contracts. When necessary, your personal information will be transferred outside the UK in compliance with the UK GDPR and the DPA 2018.
Our retention policy (PDF) sets out how long we hold all information, including any personal data used for each of the areas mentioned in this privacy notice.
Learn about your rights
Under the UK GDPR, individuals have a number of rights relating to their personal data.
For more information on your rights and how to exercise them, please refer to our main privacy notice.