Guidance

Foreign, Commonwealth & Development Office privacy notice: consular services in the UK and missions overseas

Updated 19 November 2021

This privacy notice covers

  • notarial services
  • documentary services
  • Emergency Travel Documents
  • payments for those services
  • other consular services given at British embassies, consulates and high commissions overseas
  • information given during telephone calls to our teams including in times of crisis and via information submitted to the Crisis online webform, or submitted by you in SMS text messages
  • provision of emergency loans

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. View the licence on The National Archives website or contact:

Information Policy Team
The National Archives Kew
London
TW9 4DU

Email: psi@nationalarchives.gsi.gov.uk

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available from our Personal Information Charter page.

0.1 Feedback

We use customer feedback to help us improve our services. FCDO staff may approach you either face to face, over the phone or by email to discuss feedback with you. You may also be asked for consent during online applications. We will ask you if you are willing to share your data with our partner research agency for the purpose of our partner contacting you for feedback on our behalf. We only process this data with your consent. Our separate privacy notice for research and feedback purposes explains this.

1. Who we are

Consular Directorate, including consular teams working in the UK and at British Embassies, High Commissions and Consulates overseas is part of the:

Foreign, Commonwealth & Development Office 
King Charles Street 
London 
SW1A 2AH 

Telephone: 020 7008 1500

2. What data we process and why

The Foreign, Commonwealth & Development Office (FCDO) pursues our national interests and projects the UK as a force for good in the world. We promote the interests of British nationals, safeguard the UK’s security, defend our values and tackle global challenges with our international partners. In doing so we process personal data.

British Embassies, High Commissions and Consulates process personal data for the purposes of providing British nationals with notarial and documentary services abroad, for processing Emergency Travel Documents (ETD) and for the payment of those services, and for the purposes of administering emergency loans for eligible individuals for their repatriation.

We also process data for the purpose of providing the consular assistance described in our publication Support for British nationals abroad: a guide. If you are seeking consular assistance, your data will be used by our staff in the UK and overseas to assess your individual circumstances to determine what help you require. In some countries where British nationals are at risk they are invited to provide their details to us in order that they can be contacted in an emergency and assistance provided.

In the current coronavirus (COVID-19) crisis we are also processing such data because it is necessary to protect against serious cross border threats to health.

Where you have been provided with consular assistance, your data will be recorded on our internal case management system, Casebook. Data processed for the purposes of Consular Marriages, Consular Civil Partnerships, Consular Conversions of Civil Partnership to Marriage services and Birth and Death registrations also becomes part of the UK public record.

In order to use fee-paying services online, you will need to enter personal information. Such information includes your name, contact details, date of birth, and in some cases you will be asked to provide details of certain documents. We use this information to confirm an appointment and provide the service requested, as well as to process the payment, identify who is paying and to send email receipts and progress updates. Credit card data is processed by our supplier, Barclaycard.

Some of the services we provide online may contain free-text fields in which you are invited to enter additional comments relating to the selected service. You should not enter details of medical history, religious beliefs and financial information or any other sensitive information into these free-text fields.

3. Processing of website usage information and web queries

Separately from the information entered by those using our online service, we also collect website usage information, which allows us to see how the service is being used. This analytics data includes:

  • questions, queries or feedback you leave, including your email address if you send a message via feedback
  • your IP address, and details of which version of web browser you used. IP addresses are anonymised to 2 bytes e.g. 192.168.xxx.xxx
  • information about how you use the site, using cookies and page tagging techniques to help us improve the website

This helps us to:

  • improve your experiences with FCDO’s digital services
  • respond to any feedback you send us, if you’ve asked us to provide you with information about local services

3.1 Data provided in times of crisis directly or by third parties

In most cases, you will have provided the data we hold. However, in some cases it may have been provided by a family member or friend calling us for advice or support. During times of crisis, we may have been unable to highlight our Privacy Notice to you/the third party, due to the urgency of the situation.

However we will provide a link to this Privacy Notice within our Personal Information Charter and our Travel Advice and whenever we communicate how to contact us, (e.g. phone numbers/hotlines/webforms or SMS during a crisis) as a means of highlighting how your data is held and processed.

We may also send an email and/or SMS to all Affected Persons immediately after the Crisis Hub file has been closed for a specific crisis to inform them of this Privacy Notice.

We process this data because it is necessary to perform our official functions as a government department, so that we can provide British nationals with notarial, documentary, ETD and consular services abroad.

We also process some of this data because it is necessary to do so in order to comply with our obligations under:

  • the Consular Marriages and Marriages under Foreign Law (no.2) Order 2014
  • civil Partnership (Registration Abroad and Certificates) Order 2005
  • the Marriage of Same Sex Couples (Conversion of Civil Partnership) Regulations 2014
  • the Registration of Overseas Births and Deaths Regulations 2014

Site usage data is processed on the basis that it is necessary for the purposes of legitimate interests pursued by us – namely the need to improve the service we provide and respond to feedback.

5. Special category and criminal data

In some cases we process what is known as ‘special category data’. This is data that requires extra protection. It includes information about your health, race, ethnic origin, sexual orientation and genetic or biometric data.

For example, before we can issue registration documents you will be asked for a copy of your passport photo page to verify your identity. Before we can issue an emergency travel document you will also be asked to provide a photograph. When you apply for an emergency loan, you will be asked for a copy of your passport photo page to verify your identify and proof of address to check your eligibility and how to contact you for repayment. This may be done online or at a later point in the process.

We process photographs for identity purposes because it is essential for the FCDO to be able to verify your identity and subsequent eligibility for an emergency travel document. The photo will also be printed upon the emergency travel document if one is issued so that the emergency travel document is a valid and restricted travel document for you to use. We are unable to issue an emergency travel document without the provision of this data.

It is therefore necessary to process it in order to perform our functions as a government department and it is necessary for reasons of substantial public interest.

Where we need to process health information, for example because you have fallen ill abroad and we need to help you find appropriate care, we process such data because it is necessary to do so in order to perform our official functions as a government department and because it is necessary for reasons of substantial public interest. There may also be cases, such as in an emergency, when it is necessary to process such data in order to protect your vital interests.

There may also be cases, such as in an emergency, when it is necessary to process such data in order to protect your vital interests. In the current coronavirus (COVID-19) crisis we are also processing such data because it is necessary to protect against serious cross border threats to health.

Where a British national is arrested overseas for a serious offence, and the FCDO is notified of this, we share this data with ACRO Criminal Records Office (ACRO). ACRO have a legitimate interest in receiving such information because it is necessary for them to have a complete offending history of individuals in order to perform their function of safeguarding the public in the UK against unlawful acts, dishonesty or seriously improper conduct. This includes safeguarding individuals who are particularly at risk such as children as well as vulnerable adults.

6. Security of your data

We take data security very seriously and we take every step to ensure that your data remains private and secure. For online services we have procedures and security features in place to keep your data secure once we receive it. We also use SSL in order to encrypt all data transferred to and received from our server.

7. Data sharing

7.1 Registration services

In order to register births, deaths and marriages, Overseas Registration Unit may need to verify your data with the Home Office, HM Passport Office and the General Register Office. We will therefore share your data with these organisations in order to do so.

7.2 Lost or stolen passports

Information about lost or stolen passports may be shared with appropriate public and private sector authorities who can assist in locating and recovering the missing passport and to help prevent the passport being used for criminal purposes. In particular we will pass details of lost and stolen passports to HM Passport Office.

7.3 Consular assistance services

We may need to share your data with other UK government departments, foreign authorities and organisations (eg local hospitals, prison authorities, airlines) to ensure you are receiving the support you need and we can provide appropriate consular support. We may also share some of your data with partner organisations that can provide you with information or support that we are unable to provide.

This may include organisations such as Prisoners Abroad for detainees, Victim Support for those bereaved by murder or manslaughter, and airport chaplaincies in the UK for those who require assistance upon return to the UK. Wherever possible, we will seek your consent to share your information with these organisations.

In the current coronavirus (COVID-19) crisis we may have to share data with such bodies without seeking your consent. Where we do so this is done for important reasons of public interest and in a small number of cases where you cannot consent - to protect your vital interests or those of another person.

In order to do this we will need to share some of this information with travel operators and other authorities.

7.4 Emergency loans

When issuing an emergency loan we will share personal data with third parties in order to confirm eligibility for the loan. These third parties include the Royal Mail to verify UK addresses.

Where an emergency loan has been issued but not repaid in accordance with the terms of that loan, we will also share personal data with third parties such as credit reference agencies and the government debt management service, Indesser, who may use debt collection agencies to recoup the debt. We may also share personal data with other government departments in connection with any outstanding debts including:

  • HM Passport Office, who will not issue you with a replacement passport until the loan has been repaid in full
  • Department for Work and Pensions to request such information as may be relevant in respect of any non-payment of this debt, including details of your current address and any benefits or allowances paid to you

We are also legally required to share information with the General Register Office (GRO) because we deposit copies of Consular Marriages, Consular Civil Partnerships and Consular Conversions and Birth and Death Registrations under the following legislation:

  • consular Marriages and Marriages under Foreign Law (no.2) Order 2014
  • civil Partnership (Registration Abroad and Certificates) Order 2005
  • the Marriage of Same Sex Couples (Conversion of Civil Partnership) Regulations
  • the Registration of Overseas Births and Deaths Regulations 2014

7.6 Data sharing in relation to arrests overseas for serious offences

Where a British national is arrested overseas for a serious offence we share this information with ACRO – see above.

We will not share your information with organisations for marketing or commercial purposes, and we will not pass on your details to other websites.

8. Data processors

For online services we use other suppliers to provide some parts of this service:

  • Equiniti Toplevel to provide the availability schedule and manage bookings
  • SendGrid to send confirmation emails and other communications about your booking
  • gov.uk/notify to send email and SMS status updates on the progress of applications
  • Worldpay support consular’s payment service. If you choose to pay online, read Worldpay’s cookie policy
  • gov.uk/pay will provide the online payment service
  • Iizuka for case management software
  • Worldreach to print your emergency travel document and manage the stock of emergency travel documents
  • UK Cloud and Amazonweb for web hosting our contracts with suppliers require them to comply with applicable data protection laws
  • CTM Corporate Travel Management Pty Ltd (CTM) may act as the FCDO’s flight booking partner, providing assistance with the booking of repatriation flights for British nationals and non-British nationals stranded abroad during the coronavirus (COVID-19) pandemic
  • Sitel is the outsourced call centre which is being used to take routine enquiries away from the Consular Customer Call Centres (CCCCs) during the coronavirus (COVID-19) pandemic. It provides advice; signposts callers to online information; and escalates any more complex calls to the CCCCs
  • Microsoft provides the FCDO with a range of products
  • if we are helping you return to the UK and have issued you with an emergency loan, we will make travel bookings on your behalf using third party travel providers

9. How long we keep your data

We will usually retain your personal data for up to four years after your case has closed. There are some exceptions to this, including murder or manslaughter cases, unexplained deaths, kidnappings, cases with a terrorism element, cases involving minors, or individuals who have absconded/been released on bail, which are marked for retention beyond four years. Those cases retained beyond four years are periodically reviewed to determine whether they should continue to be retained, e.g. cases that result in or relate to discussion about policy changes.

For ETDs if the applicant is under 16 we may retain their data indefinitely in the interest of child protection.

For online payments if you start but do not complete a payment your data will be deleted after one week. Where online payment is made using Smartpay; If you pay successfully and complete your application, we delete personal data one week after the payment has been fully processed. If you pay successfully but do not complete your application, your payment authorisation will expire after 28 days and your data will be deleted after 30 days.

Where online payment is made using gov.uk/pay, your data will be held by the Cabinet Office and retained in line with their privacy statement.

Data entered in the Consular Marriage, Consular Civil Partnership, Consular Conversions and Birth and Death registers will be retained in perpetuity. Notices of Marriage, where a Certificate of No Impediment is issued, are also kept in perpetuity, in accordance with the following legislation:

For consular marriages:

  1. Section 4(5) says registration officers must retain every notice of intended marriage
  2. Section 10(1) says registration officers must maintain a register and therein register every marriage

For local marriages:

  1. Section 15(1) says registration officers must retain every notice and declaration

10. Your rights

In some circumstances you have the right to:

  • object – request that your data is not processed for certain purposes
  • erasure - request that your personal data is erased where one of the statutory grounds applies
  • data portability – the right to obtain and reuse your personal data for your own purposes across different services in certain circumstances
  • restrict processing - request that the processing of your personal data is restricted in certain circumstances – for example, where accuracy is contested
  • rectification - request that any inaccuracies in your personal data are rectified without delay. Request that any incomplete personal data is completed, including by means of a supplementary statement
  • access - request information about how your personal data is processed and to request a copy of that personal data
  • informed - we will keep you informed primarily through this privacy notice but also via guidance notes attached to our online services where applicable

11. How to contact us

If you have any questions about anything in this notice, or if you consider that your personal data has been misused or mishandled, or if you would like to exercise any of your rights, you can contact us at: Data.Protection@fcdo.gov.uk.

You can also contact the Data Protection Officer at the Foreign, Commonwealth & Development Office:

Data Protection Officer 
Information Management Department 
Information and Data Directorate 
Room K4.02
Foreign, Commonwealth & Development Office 
King Charles Street 
London 
SW1A 2AH 

Email: Data.Protection@fcdo.gov.uk

Telephone: 020 7008 5000

12. Complaints

You may also make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire SK9 5AF 

Email: casework@ico.org.uk

Telephone: 0303 123 1113

13. Changes to this notice

We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified data at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. Changes to this privacy notice will be published on our website.