Financial Services Skills Commission Limited Data Policy
FSSC respects your privacy and commercial sensitivities. We are committed to protecting your personal and organisation data. This data policy will inform you as to how we look after any data we hold and tell you about your privacy rights and how the law protects you.
Contact details
If you have any questions about this data policy or our privacy practices, please contact us in the following ways:
Full name of legal entity: Financial Services Skills Commission (referred to throughout this policy as “FSSC”, “we” or “us”.
Email address: info@financialservicesskills.org
Postal address: Sixth Floor, Fitzwilliam House, St. Mary Axe, London EC3A 8BF
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this policy
We keep our data policy under regular review. This version was last updated on 11-08-2023.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information do we collect?
To deliver the FSSC outcomes, we must collect and process information about financial services firms and its representatives, and publicly available information about the financial services sector. The information we collect includes:
- Personal data such as Name or contact details and potentially dietary requirements
- Sensitive personal data for our Board and Advisory Group members such as race, ethnicity, religious belief, disability information
- Information that our Member firms and other businesses provide. This can include information on skills gaps, training provision workforce demographics including number of colleagues in the workforce that have protected characteristics, but this is not attributable to individuals.
How do we collect this information?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- join our organisation as a member;
- participate in workstream activities;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a survey; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources.
How do we use this information?
We use the information as described below:
- Develop and improve our products and services
- We use the information we have to build, deliver and improve our products and services. This includes identifying and targeting interventions, inform the work of our workstreams and developing new products.
- Baselines
- To develop baselines for sector performance against the issues we are seeking to change (skills and access to talent)
- Provide measurement, analytics and other business services
- To measure the effectiveness and reach of our products and services over the lifespan of our organisation.
- Promote best practice
- To identify issues in the sector aligned to our work (skills, diversity and inclusion) and promote best practice in these areas.
- Research and policy
- To conduct and support research and innovation on topics aligned to our work – skills, learning, recruitment and identify best practice
- Generate insights which will help position the FSSC as thought leader and influence policy
- Communications
- To generate sector insights and information which we share in our marketing and communications, policy work, reports and annual reports. We also use your information when you contact us.
- Advertising
- We do not use information we have to develop or support advertisements.
How is this information shared?
FSSC does not share or allow access to any information we have without the expressed consent of those who share their data with us. We keep all information shared with us confidential, and we do not share any member-identifiable data with other members or externally.
We commit to sharing and presenting data only in anonymised formats. This may include:
- Analysis
We may share anonymised data should we subcontract information processing services for analytical and reporting purposes.
- Research partnerships
We may share anonymised data should we enter into a research partnership where the information we have would support research and innovation on areas of sector best practice.
- Publications
We may publish anonymised and aggregated data in external-facing reports or share it internally in Board and workstream meetings
What is our legal basis for processing data?
We collect, use and share your data for the purposes outlined above. This is:
Purpose/Activity | Type of Data | Lawful Basis for Processing |
---|---|---|
Diversity Monitoring | (a) Identity (b) Special category data |
(a) Necessary for our legitimate interests b) Explicit consent |
To understand sector performance in relation to the purpose of our work | (c) Identity (d) Contact (e) Profile (f) Technical |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to keep our records updated, to define types of customers for our products and services, and to study how customers use our products/services) |
To register you/your employees or associated personnel | (a) Identity (b) Contact |
Performance of a contract with you |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or data policy (b) Notifying you about our work |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and marketing to you, and measure or understand the effectiveness of the marketing we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
Change of purpose
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How can you exercise your rights under GDPR?
Under the General Data Protection Regulation, you have the right to access, rectify, port and erase your data. You also have the right to object to and restrict the processing of your data where we are performing a task in the public interest or pursuing our interests. You can exercise this right by emailing info@financialservicesskills.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Data retention and deletion
We will store data until it is no longer necessary to provide our services or until you request that we delete it.
Data Access and Storage
FSSC has appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those employees and contractors who have a business need to know . They will only process data on our instructions and they are subject to a duty of confidentiality.
Data Ethics Statement
The Financial Services Skills Commission’s organisational objective is to improve the UK financial services sectors access to talent. The collection, use and processing of data is solely for the purpose of our organisational objective, and we are committed to using data for the expressed purpose of this objective.
This data policy set out the context in which we collect, use and store the data of any organisation that has shared their information with us. We commit to informing businesses should this data policy, or our reasons for collecting and processing data change.
The rights of businesses from whom we collect data are our priority. We are committed to ensuring that those businesses and the wider sector are ultimately the beneficiaries of our data collection and processing.
We do not collect or use person-identifiable data except for the sole purpose of understanding the representativeness of our Board and Advisory Group. We do not share or sell data to third parties.
Our CEO is responsible for the ethical management of data and can be contacted at info@financialservicesskills.org.