UKEF Privacy Notice
Updated 23 October 2024
Data protection principles
We will comply with the principles under data protection law. These say that the personal information we hold about you must be:
-
Used lawfully, fairly and in a transparent way;
-
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
-
Relevant to the purposes we have told you about and limited only to those purposes;
-
Accurate and kept up to date;
-
Kept only as long as necessary for the purposes we have told you about; and
-
Kept securely.
1. Your data
Depending on the purpose, we will process (collect and use) personal data from the following list:
-
Name;
-
Job title;
-
Contact details including email address, phone number and address;
-
Nationality; and
-
Date of birth, sex, age and biographical details.
1.1 Purpose
Your personal data will be collected and kept in order for us to carry out our functions as a government department and export credit agency. These include:
-
Processing applications for our support and delivering our services;
-
Providing customer service and support;
-
Promoting our services including providing information and delivering events to you;
-
Gathering feedback to improve our services;
-
Training our staff;
-
Staff recruitment including managing job applications;
-
Carrying out public consultations;
-
Dealing with complaints;
-
Fulfilling requirements by Parliament or Law enforcement agencies to disclose information;
-
Crime prevention including financial crime compliance;
-
Supplier management; and
-
Enabling internal processes to carry out our operational activity related to our public task.
1.2 Legal basis of processing
The legal basis for processing your personal data is one or more of the below:
-
Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as a government department and export credit agency;
-
Contract: processing is necessary to take steps to enter into, or perform, a contract; and
-
Legal obligation: processing is necessary to perform a legal obligation placed on us at law.
1.3 Data sharing
We may share personal information within our business. We limit access to your personal information to those who have a genuine business need to access it.
We may share your personal data with other government departments, agencies, public bodies, trade bodies, devolved administrations and third-party service providers including data processors where it is lawful to do so when it supports a public task and/or for the purpose of trade promotion and delivery of our services or elements of such services.
We will not sell your data to third parties for their marketing purposes. Where we engage in email marketing to businesses, your consent on marketing preferences will be sought.
There are some cases where we can pass on your data without telling you – for example, to prevent or detect crime. In all cases, whether data is shared internally or externally, we will be governed by data protection law.
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide services to us. In some instances, it will also be shared with our data processor who provides us with a customer relationship management system.
A small proportion of our records are transferred to The National Archives, in line with legal obligations for the collection, disposal and preservation of records. The Public Records Act governs the selection, transfer and preservation of records and requires those defined as public records to be openly accessible unless exempt under the Freedom of Information Act.
1.4 Personal data obtained from other sources
Other government departments may provide us with your personal data where they have a lawful basis to do so and in order for us to carry out our functions as a government department and pursuant to the purposes set out in the Purpose above.
1.5 Retention
We aim to retain your personal data for only as long as it is necessary for us to do so for the purposes for which we are using it, provided that there is no other specified legal requirement or valid business reason for its retention. When it is no longer necessary to retain your personal information, we will delete or anonymise it.
1.6 Automated decision making
UKEF does not currently undertake any automated decision-making of personal data.
1.7 Data security
We have systems and processes in place to keep your data secure. Protective measures are implemented to prevent unauthorised access or disclosure of your data. We will notify you and the regulator of a suspected data security breach where we are legally required to do so.
2. Processing special category personal data
2.1 Special category personal data
Personal data is defined as ‘special category’ when it reveals: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation.
2.2 Conditions for processing
We process this data when it is necessary for reasons:
-
In connection with employment and/or
-
Of substantial public interest for the exercise of our functions.
3. Your rights
Under the UK GDPR, you have several rights in respect of your information and the way we use it. You have the right to:
-
Request information about how your personal data is processed, and to request a copy of that personal data;
-
Request that any inaccuracies in your personal data is rectified without delay;
-
Request that any incomplete personal data is completed, including by means of a supplementary statement;
-
Request that your personal data is erased if there is no longer a justification for them to be processed;
-
In certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted; and
-
Object to the processing of your personal data where it is processed for direct marketing purposes.
You also have the right to object to the processing of your personal data, although in certain circumstances the right is not absolute and exemptions may apply.
4. International transfers
Your personal data will be stored on our IT infrastructure, which is stored securely within the United Kingdom.
We may share your personal data with our staff based overseas and the staff of other government departments based overseas.
In all cases, whether data is shared internally or externally, we will be governed by data protection law.
5. Contact details and complaints
The data controller for your personal data is UK Export Finance.
The contact details for the data controller including contacting our Data Protection Officer are:
Information Access Team
UK Export Finance
1 Horse Guards Road
London
SW1A 2HQ
Email: [email protected]
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.
The Information Commissioner can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: +44 (0)303 123 1113
Email: [email protected]
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Changes to this privacy notice
We will update this privacy notice if there are any changes and we will provide you with a new privacy notice if we make any substantial updates.