Find out how and why we use personal data to help us respond when you contact us.
On this page
What personal data we use
When you contact us, we will ask for some personal data, such as your:
- name
- email address
- phone number
If you contact us electronically (for example by webchat or contact form) we need this information so we can respond to you.
However, if you contact us by telephone you do not need to give us any personal data and you can stay anonymous.
(Though your call is anonymous, we will record your call for staff evaluation and training purposes, unless you specifically ask us to pause recording for your call. You can ask us to pause the recording at any time during your call.)
Depending on why you contact us, we may also collect other personal data about you or other individuals that you may have chosen to provide.
How we collect personal data
Whether you are a firm, consumer or anyone else who wishes to ask us a question or report something to us, you can contact us by:
- live web chat
- online contact forms
- phone
We use speech and text analytics to record, analyse and assess the quality of communications we make and receive (including by telephone – see below). This makes sure we:
- maintain a high standard of service
- have an accurate record to pass on to other areas of the FCA, where appropriate
We also record details about our contact with you, using a case management system.
If your first language is not English, we offer a third-party translation service. The company that provides this service does not record the calls or keep any information about individuals mentioned during the calls.
Why we collect personal data
We use your personal data for several important reasons, to:
- provide any information or services that you ask for, as well as to reply to you
- analyse the use and performance of our services, such as where in the country users of our helpline come from, what type of questions they are asking, and whether the service was able to give them useful information or guidance
- maintain a record of our contact with you (as well as keeping track of our interaction with you, this helps us identify you if you contact us again and therefore provide a better level of service)
- assess the quality of the service our staff provide when you contact us, identify any areas for improvement and develop staff training
- identify and analyse issues, risks and emerging trends in relation to the firms and markets that we regulate
- process any complaints made against us by you or relating to our interaction with you – any such investigations will be carried out by our Complaints team
The lawful basis for us using personal data
We use this personal data to respond to queries or reports from firms, regulated individuals and members of the public. We also use it to improve the quality of the service we provide under:
- article 6(1)(e) of the UK General Data Protection Regulation (UK GDPR) (it is necessary for performance of a task carried out in the public interest)
- section 8(c) of the Data Protection Act 2018 (DPA 2018)
We do not usually explicitly ask for any special categories of data from people who contact us. However, depending on the nature of the correspondence and the information the individual chooses to give us, it is very possible that some special categories of personal data may be included in the information that we collect or record. To the extent that we do process any special categories of data as part of our complaints handling work, we do so under:
- article 9(2)(g) of the UK GDPR (it is necessary for reasons of substantial public interest)
- section 10(3) of the DPA 2018, in that it meets a condition in part 2 of schedule 1 of the DPA 2018
We have an appropriate policy document covering this processing activity.
When personal data we use is transferred outside the UK and the EU
Given our role as a regulator we do occasionally share personal data with other regulators, public authorities and law enforcement agencies outside the UK and EU.
Before we transfer personal data outside the UK, we have robust processes to make sure appropriate safeguards are put in place to protect any personal data included in such a transfer.
Contact us[1] if you'd like to know more about how we safeguard any personal data that we may transfer to a particular non-EU country.
Learn about your rights
Under the UK GDPR, individuals have several rights relating to their personal data.
Read more about your rights and how to exercise them[3].