Guidance

HMT Privacy Notice

Published 24 November 2020

HMT Privacy Notice for the investigation into the FCA’s regulation and supervision of London Capital and Finance Plc

Background information about the processing

The Financial Conduct Authority (FCA) has been directed by HM Treasury (HMT) to conduct an independent investigation into the regulation and supervision by the FCA of London Capital and Finance Plc.

Upon completion of the investigation, the FCA is required to make a written report (the ‘Report’) and provide it to HMT (the ‘handover process’). HMT is then required to publish the Report and lay it before Parliament (the ‘publication process’). The Report contains the personal data of certain individuals.

During the handover process, the FCA and HMT are joint controllers of the personal data. A copy of the protocol setting out the arrangements and allocation of responsibilities between FCA and HMT in respect of the handover process can be found on the FCA’s website (PDF, 245 KB).

HMT is the sole controller of the personal data processed during the publication process.

Processing of personal data

This notice sets out how HMT will use your personal data for the purposes of reviewing, publishing and laying before Parliament the Report, and explains your rights under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

1.The personal data we process

We will process the following personal data:

• your name;
• references to employment positions held, and
• actions taken by and communications with you.

2.Lawful basis of processing

The lawful basis for HMT’s processing of your personal data as part of the handover and publication process is that it is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) of the GDPR). HMT is under a statutory obligation to publish the Report and lay it before Parliament, and we would be unable to fulfil that public task without processing the personal data.

3.Special categories data

To the extent that the Report contains any special categories of data, the legal basis for sharing personal data is under Article 9(2)(g) of the GDPR (it is necessary for reasons of substantial public interest) and Section 10(3) of the DPA, in that the sharing of the data meets a condition in Part 2 of Schedule 1 of the DPA and HMT has an appropriate policy document covering this processing.

4.Purpose

The personal data are processed to enable HMT to review the Report, publish it and lay it before Parliament.

5.Whom we share your personal data with

As the personal data are stored on HMT’s IT infrastructure, it will be accessible to HMT’s IT contractor, NTT. NTT will only process this data for our purposes and in accordance with their contractual obligations.

The personal data will also be shared with Parliament when the Report is laid before Parliament.

6.How long we will hold your data (Retention)

Personal data in the Report will be published and therefore retained indefinitely as a historic record under the Public Records Act 1958.

Any personal data that are not published (for example because they are withheld from the version of the Report to be published) will be retained for 6 calendar years after the Report has been laid before Parliament.

Your rights

• You have the right to request information about how your personal data are processed and to request a copy of the personal data.

• You have the right to request that any inaccuracies in your personal data are rectified without delay.

• You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

• You have the right, in certain circumstances (for example, where accuracy is contested), to request that the processing of your personal data is restricted.

• You have the right, on grounds relating to your particular circumstances, to object to the processing of your personal data.

• You have the right to data portability, which allows your personal data to be copied or transferred from one IT environment to another.

How to submit a Data Subject Access Request (DSAR)

To request access to personal data that HM Treasury holds about you, contact:

HM Treasury Data Protection Unit; G11 Orange, 1 Horse Guards Road, London, SW1A 2HQ. dsar@hmtreasury.gov.uk

Complaints

If you have any concerns about the use of your personal data, please contact us via this mailbox: privacy@hmtreasury.gov.uk

If we are unable to address your concerns to your satisfaction, you can make a complaint to the Information Commissioner, the UK’s independent regulator for data protection. The Information Commissioner can be contacted at:

Information Commissioner’s Office; Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. 0303 123 1113 casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Contact details

The data controller for personal data collected during the publication process is HM Treasury, the contact details for which are:

HM Treasury; 1 Horse Guards Road, London, SW1A 2HQ, London. 020 7270 5000 public.enquiries@hmtreasury.gov.uk

The contact details for HM Treasury’s Data Protection Officer (DPO) are:

The Data Protection Officer Corporate Governance and Risk Assurance Team Area 2/15 1 Horse Guards Road, London, SW1A 2HQ, London privacy@hmtreasury.gov.uk