This Privacy Notice provides an overview of the types of personal information we collect, how we routinely use it and who we may share it with. Within this notice we also explain the security measures we take to protect personal information, and how you can contact us to answer any questions you might have about our privacy practices. It particularly applies to information we collect about:
• visitors to our website;
• people who email / contact FCO Services;
• people who make enquiries about the services that are available through FCO Services;
• people who contacts us in relation to information requests, complaints and general queries;
• job applicants and current and former staff.
6 principles of good data privacy
Within FCO Services, the lifecycle of data usage shadows that of the data Privacy Principles, which are:
• Personal data should be fairly and lawfully processed and should be done so in a transparent manner, ensuring that you are aware of both what and why we are processing your data;
• Personal data should be processed for limited purposes and the purpose must be specified;
• Personal data shall be adequate, relevant and not excessive, meaning we will only collect as much as we need to carry out our essential processing;
• Personal data should be accurate and up to date: if it is not, we will correct it within 1 month of receiving the request to correct;
• Personal data should not be kept longer than necessary. To ensure this we observe an information retention policy;
• Personal data must be secure. FCO Services has in place appropriate technical and organisational measures to prevent accidental or deliberate loss, destruction or damage.
Visitors to our Website
When someone visits www.fcoservices.gov.uk, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those who visit our website.
If we do want to collect personally identifiable information through our website, we will be transparent about this, by means of an information notice at the point of collection of the data. We will make it clear when we collect personal information and will explain what we intend to do with it.
Information collected by automated means
We collect certain information by automated means when you visit our sites, such as how many users visit our Sites and the pages accessed. By collecting this information, we learn how to best tailor the Sites to our visitors. We collect this information through various means such as “cookies,” “web beacons” and IP addresses, as explained below.
Our website search is powered by Word Press. We use Google Analytics to monitor search activity. No user-specific data is collected. These reports collate, for example, how many users visited our Sites, what pages have been browsed, and the geographic location of the users. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used and your search query that led you to the Sites. Your IP address is masked on our systems and will only be used on a need-to-know basis to resolve technical issues, to administer our Sites and to understand visitor preferences.
Personal data that you provide to us
You may choose to provide personal information (such as your name, address, telephone number and email address) on our Sites. Here are the ways you may provide the information and the types of information you may submit:
If you communicate with us through the “Contact Us” link on our Sites, we may ask you for information such as your name, email address and telephone number so we can respond to your questions and comments.
Any email sent to us, including any attachments, is monitored for malicious content.
When we receive an information request, such as a Freedom of Information Request, comments, compliments or complaints, we may generate a file. This normally contains the identity of the requester or complainant.
FCO Services will only use the personal information collected to process the matter and to check on the level of service provided. We do compile and publish Freedom of Information responses but not in a form which identifies anyone.
Personal information contained in these files will be kept in line with the FCO Services information retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Customers and suppliers
FCO Services routinely exchanges business critical information, such as contact names, phone numbers and email addresses of our clients and suppliers. The information obtained is used for:
• Routine communication
• Customer satisfaction surveys
• Collection or delivery of goods and services
Visitors to site
When working on site, either as a contractor providing delivery of goods only or goods and services, or visiting the site for meetings, your personal information is used only for the purpose of fulfilling the appropriate task or meeting. The exception would be in the event of an unforeseen incident or other such issue arising.
FCO Services must record all accident reports, asbestos reports and near miss episodes as well as data and security incidents and business continuity incidents, all of which are kept in accordance with legal requirements. These incidents may necessitate an internal investigation and may require the sharing of your data to relevant authorities including (but not limited to):
• Health and Safety Executive;
• The Information Commissioner;
• The Police or other investigatory authorities;
• Emergency services;
• Other Government Departments;
• Legal process such as solicitors and courts;
• Estate owners and appointed contractors
Job applicants, current and former FCO Services employees
Information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
FCO Services use an on line recruitment system managed by a third party processor, Engage.
During the external recruitment process, information provided will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. Personal information may be shared with our internal resources team, the hiring managers and the interview panel. When individuals apply to work at FCO Services, we will only use the information they supply to us to process their application and to monitor recruitment statistics.
You may be asked to participate in assessment days, complete job specific tests or to complete occupational personality profile questionnaires as well as attend a face to face interview. The information generated during the process such as completed tests and interview notes will be held by FCO Services.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If a conditional offer of employment is made we will be expected to carry out checks that ensure eligibility to work and identity. We will also contact the referees provided to verify the dates and job titles as detailed in your application. In addition, we will require completed questionnaires about your health and a criminal records declaration. Security clearance requires that you submit information via the National Security Vetting process, please see link for further information UKSV.
Once you have taken up employment with FCO Services, we will compile a file relating to your employment. The information contained in this will be kept within a secure location and will only be used for purposes directly relevant to your employment. We will also require your bank details, emergency contact details and – if relevant – details about you current civil service pension scheme.
Personal information about unsuccessful candidates will be held on file for 24 months. After the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Your personal information may be shared with third parties as part of your employment within the civil service, including but not limited to:
• Civil Service Learning;
• Other government departments for the purposes of a secondment/progression through graduate recruitment training, and/or the fast stream;
• Pension administrators;
• Professional groups, e.g. Government Legal Service secretariat;
• IT software providers for the purposes of sending electronic communications to staff, e.g. staff updates for Business continuity purposes, training information and surveys sent via app technology;
• Training providers;
• The National Archives;
• External Auditors
Once employment with FCO Services has ended, we will retain the file in accordance with the requirements of our data retention policy, which is based on legal requirements.
When you use our online application system, People Solutions, a third party data processor provides this online service for us. Once you click ‘apply now’ you will be taken to People Solutions’ website and they will hold the information you submit, allowing FCO Services access to it.
You will be asked for your personal details including name and contact details. You will also be asked about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
People Solutions’ Privacy Notice can be found here.
Reporting – FCO Services are obliged to report statistics.
All processing in relation to Job Applicants, current and former employees is processed under Article 6 (1) (c) of the GDPR.
Under Article 13 of the General Data Protection Regulation we are obliged to provide information about your rights in relation to the data collected. You are entitled to:
• Be informed about how we use your data, (which is outlined in this privacy notice);
• Know how long we will keep your data. This will be as required by law or where stated by our retention schedule;
• Be advised of our reason for processing the data;
• Be provided with a copy of the information held, if required (this is known as a Subject Access request)
• Have any information held corrected, if what we hold is wrong;
• Ask us to no longer process your information;
• Have data erased if no longer relevant, if not subject to overriding law;
• Complain about how we use your data to the Information Commissioners Office;
• Object to automated decision making and profiling.
The Data Controller for all information collected is FCO Services.
The Data Protection Officer is Victoria Muronen, please see contact details below.
This privacy notice does not cover the links within this site linking to other websites.
We keep our privacy notice under regular review. This privacy notice was last updated on 20 June 2019.
Victoria Muronen – Data Protection Officer (DPO)
Tel: 01908 745263