Notice

UKEF Privacy Notice

Updated 23 October 2024

Data protection principles 

We will comply with the principles under data protection law. These say that the personal information we hold about you must be: 

• Used lawfully, fairly and in a transparent way;

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes; 

• Relevant to the purposes we have told you about and limited only to those purposes;

• Accurate and kept up to date;

• Kept only as long as necessary for the purposes we have told you about; and

• Kept securely.

1. Your data 

Depending on the purpose, we will process (collect and use) personal data from the following list: 

• Name;

• Job title;

• Contact details including email address, phone number and address; 

• Nationality; and

• Date of birth, sex, age and biographical details.

1.1 Purpose 

Your personal data will be collected and kept in order for us to carry out our functions as a government department and export credit agency. These include: 

• Processing applications for our support and delivering our services;

• Providing customer service and support;

• Promoting our services including providing information and delivering events to you; 

• Gathering feedback to improve our services;

• Training our staff;

• Staff recruitment including managing job applications;

• Carrying out public consultations;

• Dealing with complaints;

• Fulfilling requirements by Parliament or Law enforcement agencies to disclose information; 

• Crime prevention including financial crime compliance; 

• Supplier management; and

• Enabling internal processes to carry out our operational activity related to our public task.

1.2 Legal basis of processing 

The legal basis for processing your personal data is one or more of the below:

• Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as a government department and export credit agency;

• Contract: processing is necessary to take steps to enter into, or perform, a contract; and

• Legal obligation: processing is necessary to perform a legal obligation placed on us at law.

1.3 Data sharing 

We may share personal information within our business. We limit access to your personal information to those who have a genuine business need to access it. 

We may share your personal data with other government departments, agencies, public bodies, trade bodies, devolved administrations and third-party service providers including data processors where it is lawful to do so when it supports a public task and/or for the purpose of trade promotion and delivery of our services or elements of such services. 

We will not sell your data to third parties for their marketing purposes. Where we engage in email marketing to businesses, your consent on marketing preferences will be sought. 

There are some cases where we can pass on your data without telling you – for example, to prevent or detect crime. In all cases, whether data is shared internally or externally, we will be governed by data protection law. 

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide services to us. In some instances, it will also be shared with our data processor who provides us with a customer relationship management system. 

A small proportion of our records are transferred to The National Archives, in line with legal obligations for the collection, disposal and preservation of records. The Public Records Act governs the selection, transfer and preservation of records and requires those defined as public records to be openly accessible unless exempt under the Freedom of Information Act. 

1.4 Personal data obtained from other sources 

Other government departments may provide us with your personal data where they have a lawful basis to do so and in order for us to carry out our functions as a government department and pursuant to the purposes set out in the Purpose above. 

1.5 Retention 

We aim to retain your personal data for only as long as it is necessary for us to do so for the purposes for which we are using it, provided that there is no other specified legal requirement or valid business reason for its retention. When it is no longer necessary to retain your personal information, we will delete or anonymise it. 

1.6 Automated decision making 

UKEF does not currently undertake any automated decision-making of personal data. 

1.7 Data security 

We have systems and processes in place to keep your data secure. Protective measures are implemented to prevent unauthorised access or disclosure of your data. We will notify you and the regulator of a suspected data security breach where we are legally required to do so. 

2. Processing special category personal data 

2.1 Special category personal data 

Personal data is defined as ‘special category’ when it reveals: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; data concerning health; data concerning a person’s sex life; and data concerning a person’s sexual orientation. 

2.2 Conditions for processing  

We process this data when it is necessary for reasons: 

• In connection with employment and/or 

• Of substantial public interest for the exercise of our functions.  

3. Your rights 

Under the UK GDPR, you have several rights in respect of your information and the way we use it. You have the right to:

• Request information about how your personal data is processed, and to request a copy of that personal data;

• Request that any inaccuracies in your personal data is rectified without delay;

• Request that any incomplete personal data is completed, including by means of a supplementary statement;

• Request that your personal data is erased if there is no longer a justification for them to be processed;

• In certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted; and

• Object to the processing of your personal data where it is processed for direct marketing purposes.

You also have the right to object to the processing of your personal data, although in certain circumstances the right is not absolute and exemptions may apply.

4. International transfers 

Your personal data will be stored on our IT infrastructure, which is stored securely within the United Kingdom. 

We may share your personal data with our staff based overseas and the staff of other government departments based overseas. 

In all cases, whether data is shared internally or externally, we will be governed by data protection law. 

5. Contact details and complaints 

The data controller for your personal data is UK Export Finance. 

The contact details for the data controller including contacting our Data Protection Officer are: 

Information Access Team 
UK Export Finance 
1 Horse Guards Road 
London 
SW1A 2HQ 

Email: information.access@ukexportfinance.gov.uk 

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. 

The Information Commissioner can be contacted at: 

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Telephone: +44 (0)303 123 1113 

Email: casework@ico.org.uk 

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts. 

Changes to this privacy notice 

We will update this privacy notice if there are any changes and we will provide you with a new privacy notice if we make any substantial updates.