The personal information we collect, how we routinely use it and who we may share it with.
This privacy notice provides an overview of the types of personal information we collect, how we routinely use it and who we may share it with. Within this notice we also explain the security measures we take to protect personal information, and how you can contact us to answer any questions you might have about our privacy practices. It particularly applies to information we collect about:
- visitors to our website
- people who email or contact FCDO Services
- people who make enquiries about the services that are available through FCDO Services
- people who contact us in relation to information requests, complaints and general queries
- job applicants and current and former staff
6 principles of good data privacy
Within FCDO Services, the lifecycle of data usage shadows that of the data Privacy Principles, which are that personal data:
- should be fairly and lawfully processed and should be done so in a transparent manner, ensuring that you are aware of both what and why we are processing your data
- should be processed for limited purposes and the purpose must be specified
- shall be adequate, relevant and not excessive, meaning we will only collect as much as we need to carry out our essential processing
- should be accurate and up to date: if it is not, we will correct it within 1 month of receiving the request to correct
- should not be kept longer than necessary. To ensure this we observe an information retention policy
- must be secure. FCDO Services has in place appropriate technical and organisational measures to prevent accidental or deliberate loss, destruction or damage
Visitors to our website
When someone visits www.fcdoservices.gov.uk, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those who visit our website.
If we do want to collect personally identifiable information through our website, we will be transparent about this, by means of an information notice at the point of collection of the data. We will make it clear when we collect personal information and will explain what we intend to do with it.
Information collected by automated means
We collect certain information by automated means when you visit our sites, such as how many users visit our sites and the pages accessed. By collecting this information, we learn how to best tailor the sites to our visitors. We collect this information through various means such as ‘cookies’, ‘web beacons’ and IP addresses, as explained below.
Our website search is powered by WordPress. We use Google Analytics to monitor search activity. No user-specific data is collected. These reports collate, for example, how many users visited our sites, what pages have been browsed, and the geographic location of the users. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used and your search query that led you to the sites. Your IP address is masked on our systems and will only be used on a need-to-know basis to resolve technical issues, to administer our sites and to understand visitor preferences.
Personal data that you provide to us
You may choose to provide personal information (such as your name, address, telephone number and email address) on our sites. Here are the ways you may provide the information and the types of information you may submit:
- if you communicate with us through the contact us page, we may ask you for information such as your name, email address and telephone number so we can respond to your questions and comments
- any email sent to us, including any attachments, is monitored for malicious content
- when we receive an information request, such as a Freedom of Information Request, comments, compliments or complaints, we may generate a file – this normally contains the identity of the requester or complainant
FCDO Services will only use the personal information collected to process the matter and to check on the level of service provided. We do compile and publish Freedom of Information responses but not in a form which identifies anyone.
Personal information contained in these files will be kept in line with the FCDO Services information retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Customers and suppliers
FCDO Services routinely exchanges business critical information, such as contact names, phone numbers and email addresses of our clients and suppliers. The information obtained is used for:
- routine communication
- customer satisfaction surveys
- collection or delivery of goods and services
Visitors to site
When working on site, either as a contractor providing delivery of goods only or goods and services, or visiting the site for meetings, your personal information is used only for the purpose of fulfilling the appropriate task or meeting. The exception would be in the event of an unforeseen incident or other such issue arising.
FCDO Services must record all accident reports, asbestos reports and near-miss episodes as well as data and security incidents and business continuity incidents, all of which are kept in accordance with legal requirements, either manually or in suitable, approved software. These incidents may necessitate an internal investigation and may require the sharing of your data or sensitive personal data as well as associated documentation that is essential to the purpose of the legal requirement to the relevant authorities including (but not limited to):
- Health and Safety Executive
- the Information Commissioner
- the police or other investigatory authorities
- emergency services
- other government departments
- legal process such as solicitors and courts
- estate owners and appointed contractors
Job applicants, current and former FCDO Services employees
Information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
FCDO Services use an online recruitment system managed by a third-party processor, Engage.
During the external recruitment process, information provided will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. Personal information may be shared with our internal resources team, the hiring managers and the interview panel. When individuals apply to work at FCDO Services, we will only use the information they supply to us to process their application and to monitor recruitment statistics.
You may be asked to participate in assessment days, complete job-specific tests or complete occupational personality profile questionnaires as well as attend a face-to-face interview. The information generated during the process, such as completed tests and interview notes, will be held by FCDO Services.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of 6 months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If a conditional offer of employment is made we will be expected to carry out checks that ensure eligibility to work and identity. We will also contact the referees provided to verify the dates and job titles as detailed in your application. In addition, we will require completed questionnaires about your health and a criminal records declaration. Security clearance requires that you submit information via the United Kingdom Security Vetting process.
Once you have taken up employment with FCDO Services, we will compile a file relating to your employment. The information contained in this will be kept within a secure location and will only be used for purposes directly relevant to your employment. We will also require your bank details, emergency contact details and – if relevant – details about you current Civil Service pension scheme.
Personal information about unsuccessful candidates will be held on file for 24 months. After the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Your personal information may be shared with third parties as part of your employment within the civil service, including but not limited to:
- Civil Service Learning
- other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the Civil Service Fast Stream
- pension administrators
- professional groups, such as the Government Legal Profession
- IT software providers for the purposes of sending electronic communications to staff, for example staff updates for business continuity purposes, training information and surveys sent via app technology
- training providers
- The National Archives
- external auditors
Once employment with FCDO Services has ended, we will retain the file in accordance with the requirements of our data retention policy, which is based on legal requirements.
When you use our online application system, People Solutions, a third-party data processor provides this online service for us. Once you click ‘apply now’ you will be taken to People Solutions’ website and they will hold the information you submit, allowing FCDO Services access to it.
You will be asked for your personal details including name and contact details. You will also be asked about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you do not provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
Reporting – FCDO Services are obliged to report statistics.
All processing in relation to job applicants, current and former employees is processed in line with the Data Protection Act 2018 and UK GDPR.
We are obliged to provide information about your rights in relation to the data collected. You are entitled to:
- be informed about how we use your data through provision of information notices
- know how long we will keep your data, either for legal or procedural periods
- be advised of our reason for processing the data
- be provided with a copy of the information held, if required
- have any information held corrected, if what we hold is wrong
- ask us to no longer process your information
- have data erased if no longer relevant, if not subject to overriding law
- complain about how we use your data to the Information Commissioner’s Office
- object to automated decision-making and profiling
The Data Controller for all information collected is FCDO Services.
The Data Protection Officer is Victoria Muronen. Please see contact details below.
This privacy notice does not cover the links within this site linking to other websites.
We keep our privacy notice under regular review. This privacy notice was last updated on 2 September 2020.
Victoria Muronen – Data Protection Officer (DPO)
Tel: 01908 745263