Guidance

FCDO privacy notice: central assurance and due diligence assessments

Published 24 May 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-notice-central-assurance-and-due-diligence-assessments/privacy-notice-central-assurance-and-due-diligence-assessments

What a privacy notice is

The General Data Protection Regulation requires that data controllers provide information to people whose personal information they process. Processing information means how we use it, store it, and share it, how long we keep it and how we destroy it.

This privacy notice includes:

  • who we are
  • what information we collect about you and how
  • how we use your information
  • why we collect personal information about you
  • who we share your information with and why
  • our lawful basis for processing
  • how long we keep your personal information for
  • your rights
  • how to contact us
  • how to make a complaint

Who we are

The Foreign, Commonwealth and Development Office (FCDO) pursues our national interests and projects the UK as a force for good in the world. We promote the interests of British citizens and provide consular services overseas, safeguard the UK’s security, defend our values and tackle global challenges with our international partners. To do this effectively we must collect, store, share and use personal information.

The Due Diligence Hub are part of the Advice and Support Team, within the Centre for Delivery which is part of the Finance Directorate. The Due Diligence Hub provides a support service to FCDO programme teams in their due diligence of funding agreements through memorandums of understanding and accountable grant agreements. The Hub’s purpose is to improve the quality, efficiency and culture of due diligence. We do this by providing expert technical support and guidance to funding departments as well as conducting due diligence assessments (DDAs), where appropriate. The Due Diligence Hub team lead on Headquarters Assessments (HQAs) of our strategic delivery partners.

You can contact the Due Diligence Hub:

The Head of Centre for Delivery
Foreign, Commonwealth & Development Office
King Charles Street
Whitehall
London SW1A 2AH
United Kingdom

What information we collect about you and how

We may collect personal information from you. This personal data may include your:

  • address
  • contact details, including email address and mobile or landline telephone number
  • criminal offence data
  • cultural/social identity
  • date of birth
  • driving licence
  • economic/financial data
  • employer
  • full name, first name or surname, including title and former names
  • identification number
  • nationality
  • National Insurance number
  • passport
  • place of birth

We may collect this information from you in a number of ways, which may include:

  • information you provide to us in order to complete our due diligence checks
  • information provided to us by partner organisations in order to complete our due diligence checks
  • information that we obtain through law enforcement or public government agencies based in the UK
  • information provided through screening software applications, for example Dun & Bradstreet and Sayari
  • information obtained through open source, for example:
    • the Charities Commission
    • published sanctions lists
    • company registries
    • local registries
    • published debarment lists, for example the World Bank
    • publicly accessible social media

How we use your information

As part of the due diligence process, we may conduct background checks on beneficial owners, key management (irrespective of whether they are staff and/or volunteers), directors and/or trustees to provide assurance in respect of the points outlined above using publicly available information or our internally held data. A beneficial owner is defined in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as someone who can effect control over an entity.

In addition, we may ask for other information, including personal information such as, but not limited to, salaries for given positions, to help us assess value for money and fiduciary risk, information about individuals’ criminal records to assess safeguarding and other risks, or CVs to assess the experience and skills of the staff delivering or involved in FCDO programmes.

Why we collect personal information about you

We collect personal data for the purposes of conducting partner due diligence as this is required for most FCDO funding arrangements. It forms part of our risk assessment process and is intended to provide assurance that potential partners have the technical capacity, capability, and financial stability to deliver programme objectives, and that outcomes and value for money are achieved.

Who we share your information with and why

Any data collected will be used solely for the purposes of the due diligence process. It may be shared with other UK government departments and public bodies (including law enforcement entities) to reduce any possible duplication of due diligence and retrieve any information they may hold on you that assists the process. The benefit of this is to increase efficiency and in some cases reduce the number of due diligence assessments that an organisation or individual must undergo. We may also need to share your personal data with our legal counsel.

In rare circumstances, we may need to share your personal data with other country government public authorities (including law enforcement) for the purpose of retrieving criminal records or other legal judgements, which may have been made against key management, directors, trustees or beneficial owners. We may be required to disclose the details held by law, by court order, or to prevent fraud or other crimes or for reasons of national security. Where we share data, however, we shall do so in accordance with applicable data protection laws.

Our lawful basis for processing

We process this data under the following lawful bases:

  • public task: where we are carrying out a specific task in the public interest or exercising official authority. This is the most commonly used lawful basis in the FCDO as we are a ministerial department
  • legitimate interests: where we use your data in a way that you would reasonably expect for our own interests. This should have minimal privacy impact

The processing by us of personal data relating to criminal convictions and offences or related security measures is not carried out under official authority, but is authorised as necessary for reasons of substantial public interest for the exercise of a function of the Crown, a minister of the Crown or a government department.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated or new purpose, we will notify you and we will explain the legal basis which allows us to do so.

How long we keep your personal information for

We will keep your personal data for 7 years. Your personal data will be destroyed securely in line with FCDO retention and disposal policy.

Your rights

There are 8 rights that you have when the Due Diligence Hub is using your personal information. If you have any questions about these rights, you can contact the Data Protection Officer for more information.

  • right to be informed: you have the right to be informed about what we do with your personal data, which is the purpose of this privacy notice
  • right of access: you have the right to request a copy of any personal information we hold about you and what we do with it. This is known as a ‘Subject Access Request’. You can make a request by emailing information.rights@fcdo.gov.uk
  • right to rectification: you have the right to request that any inaccurate personal data we hold is corrected or have incomplete personal information completed
  • right to erasure: you have the right to request that your personal data is erased. This only applies in certain circumstances
  • right to restrict processing: you have the right to request that we limit the use of your personal data. This only applies in certain circumstances
  • right to data portability: you have the right to move, copy or transfer personal information from one IT system to another in a safe and secure way This right only applies to certain information in certain circumstances
  • right to object: you have the right to object to the use of your information, which means that we would have to stop using your personal information. This right only applies to certain information in certain circumstances
  • rights related to automated decision making including profiling: if a decision is being made without human involvement in the decision making, you have the right to challenge and request a review of any decisions made

If your personal data is processed on the basis of consent, you have the right to withdraw consent to the use of your personal data at any time.

When making a request to exercise any of these rights, you should include your full name, up-to-date contact details and the date of your request. If you are making a Subject Access Request, include a comprehensive list of what personal data you want to access, including any relevant dates or search criteria to help us identify what you want.

How to contact us

If you have any questions about this notice or the process for central assurance and due diligence assessments, you can contact the Due Diligence Hub:

The Head of Centre for Delivery
Foreign, Commonwealth & Development Office
King Charles Street
Whitehall
London SW1A 2AH
United Kingdom

If you consider that your personal data has been misused or mishandled, or would like to exercise any of your rights, you can contact the Data Protection Officer at the Foreign, Commonwealth and Development Office:

Data Protection Officer
Foreign, Commonwealth & Development Office
King Charles Street
London
SW1A 2AH

Email: Data.Protection@fcdo.gov.uk

Tel: 020 7008 5000

How to make a complaint

You may also make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to this notice

We encourage you to reread this privacy notice occasionally as we aim to update it regularly, in order to keep you fully informed about how we use your personal information.

This privacy notice was last updated on 26 May 2023.

Back to top