-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updates privacy notice content and adds ssl related items to .gitignore
- Loading branch information
Showing
2 changed files
with
86 additions
and
110 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,136 +13,116 @@ <h1 class="govuk-heading-xl">Privacy notice</h1> | |
| </div> | ||
| <div class="govuk-grid-row govuk-body"> | ||
| <div class="govuk-grid-column-three-quarters"> | ||
| <h2 class="govuk-heading-m">The purpose of this document</h2> | ||
| <p>This privacy notice explains how the Department for Business and Trade (DBT), as a 'data controller', | ||
| processes personal data for the 'Check when large businesses pay their suppliers' service on GOV.UK. | ||
| <h2 class="govuk-heading-m">The purpose of this notice</h2> | ||
| <p class="govuk-body">This privacy notice explains how the Department for Business and Trade (DBT), as a 'data controller', processes personal data for the 'Find business regulations and guidance' service on GOV.UK. | ||
| </p> | ||
| <p>This notice is supplemented by our <a href="https://www.great.gov.uk/privacy-and-cookies/" | ||
| class="govuk-link"><u>main privacy notice</u></a> which provides further information on how DBT | ||
| <p class="govuk-body">This notice is supplemented by our <a href="https://www.great.gov.uk/privacy-and-cookies/" | ||
| class="govuk-link">main privacy notice</a> which provides further information on how DBT | ||
| processes personal data, and sets out your rights in respect of that personal data.</p> | ||
|
|
||
| <h2 class="govuk-heading-m">Personal data DBT collects</h2> | ||
| <p>DBT collects information about:</p> | ||
| <h2 class="govuk-heading-m">Personal data that we collect</h2> | ||
| <p class="govuk-body">We collect:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>individuals filing payment practice reports on behalf of businesses</li> | ||
| <li>company directors who have approved the filing of payment practice reports for their | ||
| organisation</li> | ||
| </ul> | ||
| <p>DBT collects the following categories of personal data:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>names</li> | ||
| <li>email addresses</li> | ||
| <li>your Internet Protocol (IP) address, and details of which <a href="https://www.gov.uk/support/browsers" class="govuk-link">web browser</a> you use</li> | ||
| <li>information on how you use the site, using cookies and page tagging techniques</li> | ||
| <li>your name, email address and comments if you leave us feedback</li> | ||
| </ul> | ||
|
|
||
| <h2 class="govuk-heading-m">Why DBT asks for this information and what happens if it is not provided | ||
| </h2> | ||
| <p>DBT collects this information to meet its obligations under 'The Reporting on Payment Practices and | ||
| Performance Regulations 2017', which requires qualifying UK businesses to report on their payment | ||
| practices. | ||
| </p> | ||
| <p>The 'Check when large businesses pay their suppliers' service is provided by DBT to enable this | ||
| reporting to take place. Personal data is collected through this service to:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>identify individuals filing reports on behalf of businesses</li> | ||
| <li>send confirmation emails and reminders to individuals filing reports on behalf of businesses | ||
| </li> | ||
| <li>record and publish the names of company directors who have approved the payment practice reports | ||
| for their organisation</li> | ||
| </ul> | ||
| <p>This personal data must be provided by all qualifying businesses to meet their legal obligations | ||
| under the regulations.</p> | ||
| <p class="govuk-body">Our <a href="/cookies" class="govuk-link">cookies policy</a> explains what cookies we collect, why we collect these and how long these remain on your device.</p> | ||
|
|
||
| <h2 class="govuk-heading-m">Why we collect this data</h2> | ||
|
|
||
| <h2 class="govuk-heading-m">The legal basis for processing your personal data</h2> | ||
| <p>The legal bases for processing your personal data (Article 6(1) UK General Data Protection Regulation | ||
| (GDPR)) are that:</p> | ||
| <p class="govuk-body">We use this information to:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>processing is necessary for compliance with a legal obligation to which the controller is | ||
| subject</li> | ||
| <li>processing is necessary for a task carried out in the public interest or in the exercise of | ||
| official authority vested in the controller</li> | ||
| <li>understand how people are using this service</li> | ||
| <li>make improvements to the performance and design of this service </li> | ||
| <li>respond to your feedback, if this is necessary </li> | ||
| <li>monitor the use of this service to identify security threats </li> | ||
| </ul> | ||
| <p>In some instances, we may process your data further for a compatible purpose and/or on other legal | ||
| bases. For example, your data may be used for archiving, research and/or statistical purposes. These | ||
| are compatible purposes for further processing in UK GDPR and your data will be subject to | ||
| appropriate safeguards if used for such purposes.</p> | ||
|
|
||
| <h2 class="govuk-heading-m">How DBT processes personal data it receives</h2> | ||
| <p>Once received:</p> | ||
| <h2 class="govuk-heading-m">Our legal basis for processing your data</h2> | ||
| <p class="govuk-body">You are providing consent for DBT to use your data. The legal basis for collecting this data is that it is necessary:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>your data will be stored within the 'Check when large businesses pay their suppliers' service | ||
| </li> | ||
| <li>names of company directors will be published openly as part of the business' payment practice | ||
| reports. Publication may take place through a range of DBT digital channels</li> | ||
| <li>your data may also be processed within other DBT internal digital and data systems</li> | ||
| <li>to perform a task in the public interest</li> | ||
| <li>in the exercise of our functions as a government department</li> | ||
| </ul> | ||
|
|
||
| <h2 class="govuk-heading-m">Third-party processors</h2> | ||
| <p>We use the following third-party processors to operate the service:</p> | ||
| <h2 class="govuk-heading-m">How we process and share your information</h2> | ||
| <p class="govuk-body">We use the following third-party processors to operate the service:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>Amazon Web Services - DBT's contracted cloud-hosting service provider</li> | ||
| <li>Government Digital Service - provides the GOV.UK Notify service, used for confirmation and | ||
| reminder emails</li> | ||
| </ul> | ||
|
|
||
| <h2 class="govuk-heading-m">Information sharing</h2> | ||
| <p>In addition to the open publishing of company director names, we may share personal data you provide: | ||
| </p> | ||
| <p class="govuk-body">We will not:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>with other government departments, public authorities, law enforcement agencies and regulators | ||
| </li> | ||
| <li>with other third parties where we consider it necessary in order to further our functions as a | ||
| government department</li> | ||
| <li>in response to information requests, for example, under Freedom of Information (FOI) law or the | ||
| Environmental Information Regulations(EIR)</li> | ||
| <li>to a court, tribunal or party where the disclosure is necessary in order to exercise, establish | ||
| or defend a legal claim</li> | ||
| <li>where we are ordered to do so or where we are otherwise required to do so by law</li> | ||
| <li>with third party data processors as governed by contract</li> | ||
| <li>sell or rent your data to third parties </li> | ||
| <li>share your data with third parties for their marketing purposes</li> | ||
| </ul> | ||
| <p>You can find out more detailed information about how we share data and further processing in the <a | ||
| href="https://www.great.gov.uk/privacy-and-cookies/" class="govuk-link"><u>main privacy | ||
| notice</u></a>. | ||
| </p> | ||
|
|
||
| <h2 class="govuk-heading-m">How long will DBT hold your data for</h2> | ||
| <p>DBT will only retain your personal data for as long as necessary to fulfil the purposes we collected | ||
| it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. | ||
| </p> | ||
| <p>Names of company directors will be retained indefinitely.</p> | ||
| <p>Email addresses of individuals who file reports will be retained for 10 years.</p> | ||
| <p>If we decide that we need to process your personal data for a reason which is incompatible with the | ||
| purposes for which we collected it for, we will contact you to explain why we are doing this and why | ||
| it is lawful to do so.</p> | ||
| <p>To determine the appropriate retention period for personal data, we consider the amount, nature, and | ||
| sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of | ||
| your personal data, the purposes for which we process your personal data and whether we can achieve | ||
| those purposes through other means, and the applicable legal requirements.</p> | ||
| <p class="govuk-body">We will also share your data if we are required to do so by law or regulation - for example, by court order, or to prevent fraud or other crime.</p> | ||
|
|
||
| <h3 class="govuk-heading-s">How long we keep your personal data</h3> | ||
| <p class="govuk-body">We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.</p> | ||
| <p class="govuk-body">We will:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>keep your feedback data for 2 years</li> | ||
| <li>delete access log data which contain your IP address after 120 days</li> | ||
| </ul> | ||
|
|
||
| <h2 class="govuk-heading-m">Your rights</h2> | ||
| <p>You have a number of rights available to you under UK data protection legislation, including:</p> | ||
| <p class="govuk-body">You have the right to request:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>information about how your personal data is processed</li> | ||
| <li>a copy of any personal data we hold about you</li> | ||
| <li>that any inaccuracies in your personal data are corrected immediately</li> | ||
| </ul> | ||
|
|
||
| <p class="govuk-body">You can also:</p> | ||
| <ul class="govuk-list govuk-list--bullet"> | ||
| <li>the right to request copies of the personal data we hold about you</li> | ||
| <li>the right to request that we rectify information about you which you think is inaccurate or | ||
| incomplete</li> | ||
| <li>the right to request that we restrict your data from further processing (in certain | ||
| circumstances)</li> | ||
| <li>the right to object to the processing of your data (in certain circumstances)</li> | ||
| <li>the right to data portability (in certain circumstances)</li> | ||
| <li>the right to request that we erasure your data (in certain circumstances)</li> | ||
| <li>the right not to be subject to a decision based on solely automated data processing</li> | ||
| <li>raise an objection about how your personal data is processed</li> | ||
| <li>request that your personal data is erased if there is no longer a justification for it</li> | ||
| <li>ask that the processing of your personal data is restricted in certain circumstances</li> | ||
| </ul> | ||
| <p>You can contact DBT's Data Protection Officer for further information about how your data has been | ||
|
|
||
| <h2 class="govuk-heading-m">Contacting us</h2> | ||
|
|
||
| <p class="govuk-body">You can contact DBT's Data Protection Officer for further information about how your data has been | ||
| processed by the department or to make a complaint about how your data has been used. Please | ||
| contact: <a href="mailto:[email protected]" | ||
| class="govuk-link">[email protected]</a></p> | ||
| <p>You can also submit a complaint to the Information Commissioner's Office (ICO) at:</p> | ||
| <p>Information Commissioner's Office<br>Wycliffe House<br>Water Lane<br>Wilmslow<br>Cheshire<br>SK9 5AF | ||
| </p> | ||
| <p>Website: <a href="https://ico.org.uk/" class="govuk-link">https://ico.org.uk/</a></p> | ||
| <p>Telephone: 0303 123 1113</p> | ||
| <p>You can find out more about your rights as a data subject, and details of how to contact our Data | ||
| Protection Officer and the ICO in our <a href="https://www.great.gov.uk/privacy-and-cookies/" | ||
| class="govuk-link"><u>main privacy notice</u></a>.</p> | ||
|
|
||
| <h3 class="govuk-heading-s">DBT's Data Protection Officer</h3> | ||
|
|
||
| <p class="govuk-body">DBT's Data Protection Officer (DPO) is responsible for independent advice and monitoring of DBT's use of personal information.</p> | ||
| <p class="govuk-body">Contact the DPO with any concerns about how DBT handles your personal information.</p> | ||
|
|
||
| <p class="govuk-body govuk-!-margin-bottom-0">Data Protection Officer</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Department for Business and Trade</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Old Admiralty Building</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Whitehall</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">LONDON</p> | ||
| <p class="govuk-body">SW1A 2DY</p> | ||
| <p class="govuk-body">Email: <a href="mailto:[email protected]" | ||
| class="govuk-link">[email protected]</a></p> | ||
|
|
||
| <h4 class="govuk-heading-s">Information Commissioner's Office</h4> | ||
|
|
||
| <p class="govuk-body">Contact the Information Commissioner for independent advice about data protection, privacy and data-sharing issues. | ||
|
|
||
| <p class="govuk-body govuk-!-margin-bottom-0">Information Commissioner's Office</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Wycliffe House</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Water Lane</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Wilmslow</p> | ||
| <p class="govuk-body govuk-!-margin-bottom-0">Cheshire</p> | ||
| <p class="govuk-body">SK9 5AF</p> | ||
|
|
||
| <p class="govuk-body">Website: <a href="https://ico.org.uk/" class="govuk-link">Information Commissioner's Office (ICO)</a></p> | ||
| <p class="govuk-body">Telephone: 0303 123 1113</p> | ||
| <p class="govuk-body">You can find out more about your rights as a data subject, and details of how to contact our Data Protection Officer and the ICO in our <a href="https://www.great.gov.uk/privacy-and-cookies/" | ||
| class="govuk-link">main privacy notice</a></p> | ||
|
|
||
| </div> | ||
| </div> | ||
| </main> | ||
|
|
||