The Financial Services Skills Commission Limited (whose registered office is at Fitzwilliam House, 10 St Mary Axe, London, EC3A 8BF with a company registration number of 12590553, England referred to as “the Commission”, “we”, “us”) takes its data protection and privacy responsibilities seriously. This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:
• What personal information we collect and when and why we use it.
• How we share personal information within the Commission and with our service providers, regulators and other third parties
• Explaining more about Direct Marketing. Profiling, and Automated Decision Making
• Transferring personal information globally
• How we protect and store personal information
• Legal rights available to help manage your privacy
• How you can contact us for more support
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice. If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email (“Notice of Change”).
You might find external links to third party websites on our website, such as the ticketing service provider Eventbrite. This privacy notice does not apply to your use of a third party site.
WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about
• the types of personal information we collect
• when we collect personal information
• how we use personal information
• the legal basis for using personal information
When we collect information
We usually collect information about you from the following locations and/or at the following times:
• when you register with or use one of our website(s) or online services;
• when you attend one of our events;
• when you work with us as a business or individual basis,
The legal basis for using your personal information and the purpose we will use the information we collect for
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
• you have provided your consent to us using the personal information, for example when you sign up to our mailing list;
• our use of your personal information is in our legitimate interest as a commercial organisation – in these cases we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the ‘your rights’ section below;
• our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you for example if you have membership with us, we will need to use your personal information to contact you about various membership initiatives; and/or
• our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have for example.
We use the personal data we collect for the following reasons (or for the reasons we may set out to you at the point at which we collect your personal data):
• to keep you up to date on what we are doing as a business and generally communicate with you;
• effectively operate our business in line with our legitimate interests;
• in the context of events, to contact you about upcoming events that you may have signed up for together with other purposes related to such events.
• if we are working with you in a business context, to effectively run our business and collaborate with you.
If you would like to find out more about the legal basis for which we process personal information please contact us at email@example.com.
SHARING PERSONAL INFORMATION WITHIN THE COMMISSION, WITH OUR SERVICE PROVIDERS, AND OTHER THIRD PARTIES
In this section you can find out more about how we share personal information:
• within the Commission; and
• with third parties that help us provide our products and services.
We share your information in the manner and for the purposes described below:
i. within the Commission, where such disclosure is necessary to provide you with our services or to manage our business;
ii. with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include service providers who help manage our IT and back office/administrative systems;
iii. with credit reference agencies and organisations working to prevent fraud in financial services;
iv. with our regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
v. we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, members, affiliates or advertisers;
vi. if, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.
EXPLAINING MORE ABOUT DIRECT MARKETING
In this section you can find out more about
• how we use personal information to keep you up to date with our products and services
• how you can manage your marketing preferences
How we use personal information to keep you up to date with our products and services
We may use personal information to let you know about the Commission’s products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
• we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you; and
• you can ask us to stop direct marketing at any time – you can ask us to stop sending email marketing, by following the ‘unsubscribe’ link you will find on all the email marketing messages we send you. Alternatively you can contact us at firstname.lastname@example.org. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email).
TRANSFERRING PERSONAL INFORMATION GLOBALLY
In this section you can find out more about:
• how we operate as a global business and transfer data internationally
• the arrangements we have in place to protect your personal information if we transfer it overseas.
The Commission operates on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU that are subject to different standards of data protection. The Commission will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
• we ensure any transfers within the Commission will be covered by an agreement entered into by members of the Commission (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the Commission;
• where we transfer your personal information outside the Commission or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; or
• where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us at email@example.com for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
HOW WE PROTECT AND STORE YOUR INFORMATION
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and service providers and destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords please take appropriate measures to protect this information.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Subject to relevant data protection laws, you have the right:
• To access personal information
• To rectify / erase personal information
• To restrict the processing of your personal information
• To transfer your personal information
• To object to the processing of personal information
• To object to how we use your personal information for direct marketing purposes
• To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
• To lodge a complaint with your local supervisory authority
For more information see the following guides from the ICO: https://ico.org.uk/your-data-matters/
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
The primary point of contact for all issues arising from this privacy notice, is email@example.com.
If you have any questions, concerns or complaints regarding our compliance with this notice and data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before referring the matter to your local supervisory authority.