Guidance

DBT's complaints privacy notice

Published 12 November 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/complaints-privacy-notice-for-dbt/dbts-complaints-privacy-notice

This privacy notice explains how the Department for Business and Trade (DBT), as a ‘data controller’, processes personal data for the purpose of responding to complaints made about services provided by DBT and our staff.

This notice is supplemented by our main privacy notice which provides further information on how DBT processes personal data, and sets out your rights in respect of that personal data.

What personal data we collect

We collect, store and use certain categories of personal information about you, such as:

  • your name
  • contact details
  • email address
  • phone number
  • details and information relating to the complaint

We may also process other personal data if you volunteer it. For example, if you provided an address requiring a response to be issued via post, or if your complaint includes an email signature.

All personal data is handled under the government security handling for official data and non-personal data may be retained according to the Public Records Act 1958.

Why DBT asks for this information and what happens if it is not provided

The personal data you provide is necessary as it enables DBT to record, process and respond to your complaint and any subsequent review submitted

If the necessary personal information, described above, is not provided to DBT, we may be unable to process your complaint effectively or respond to it at all.

The processing of your personal data is based on your consent. When you submit a complaint to the DBT, you consent to the processing and retention of your personal data in line with our data retention policy, for the purpose of processing your complaint.

How DBT processes personal data it receives

Personal information will be stored across DBT’s complaints management database and E-case, managed by the Complaints Team.

Once your personal data is no longer needed It will be retained accordingly, in line with the department’s retention and disposal schedule.

Third party processors

We use a third-party customer relationship management application (CRM) called E-case. This application is used to manage and monitor complaints and reviews. This application will store personal information and details relating to the outcome of a complaint and any reviews.

Information sharing

The personal data we collect will be shared with the following organisations for the purposes of recording, processing and responding to your complaint, or review:

  • DBT: this can include individuals within teams and directorates across the department
  • E-case: the supplier of the case management software we use to manage and monitor complaints and reviews
  • Microsoft: our email provider

It may be necessary for the DBT to share your personal data we have collected with the Parliamentary and Health Social Care Ombudsman (“the Ombudsman”) for the purpose of processing and responding to a complaint received by DBT from the Ombudsman, submitted on your behalf.

You can find out more detailed information about how we share data and further processing in the main privacy notice.

How long DBT holds your data for

DBT will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

If we decide that we need to process your personal data for a reason which is incompatible with the purposes for which we collected it for, we will contact you to explain why we are doing this and why it is lawful to do so.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

How we protect your personal data and keep it secure

We are committed to doing all that we can to keep your personal data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your personal data. For example, we protect your personal data by limiting staff access to the information to those that require it, for the purpose of responding to your complaint.

We also ensure any third parties we deal with keep all personal data they process on our behalf secure and in line with data protection legislation.

Contacts

Contact DBT

You can contact DBT’s Data Protection Officer for further information about how your data has been processed by the department or to make a complaint about how your data has been used:

Data Protection Officer

Department for Business and Trade
Old Admiralty Building
Admiralty Place
London
SW1A 2DY

Contact ICO

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Email casework@ico.org.uk

Telephone 0303 123 1113

Textphone 01625 545860

Monday to Friday 9am to 4:30pm

Back to top