Contact us about buying from the UK
The purpose of this document
The Department for Business and Trade (DBT) is committed to protecting the privacy and security of your information. This privacy notice describes how we collect and use personal information about you in accordance with UK Data Protection legislation, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We are required under data protection legislation to notify you of the information contained in this privacy notice. It is important that you read this notice, so that you are aware of how and why we are using your information.
What data we collect
Personal data we collect includes:
- your name
- your email address
- your telephone number
- your company name
- the size of your company
- the industry you work in
- the country you're based in
- where you heard about great.gov.uk
Why we need your data
The information you provide will be processed by DBT and selected third parties in order to:
- understand the types of people and companies interested in our services
- process business applications to access trade and investment related advice and services
- understand barriers to trade and investment
- evaluate the impact of trade and investment services provided by the department
Other purposes which may be relevant (to be considered on a case by case basis):
- gather feedback to improve our services
- respond to any feedback you send us, if you have asked us to
- allow you to access government services and make transactions
- provide you with information about relevant services
- monitor use of the site to identify security threats
Our legal basis for processing your data
The legal basis for processing your personal data is that it is necessary:
- to perform a task in the public interest
- for the exercise of our functions as a government department
How we share your information
We will, in some circumstances and where the law allows, share your data with other government departments, agencies, public bodies and third party service providers which may include, but are not limited to:
- Amazon Web Services (AWS)
- Government Digital Service (GDS)
- Organisations contracted by DBT to deliver investment support services, including Ernst & Young and OCO Global
- Organisations contracted by DBT to provide marketing and communications services, including M&C Saatchi, Manning Gottlieb OMD, TMW Unlimited, Aventri and Populus
- Kantar Public
- Local Enterprise Partnerships and trade bodies
- Devolved administrations
- Other UK government departments, including but not limited to the Foreign and Commonwealth Office
You will be notified if your information is shared with other third parties not included in this list.
Aggregated analysis of responses may also be shared with the Information Commissioner’s Office (ICO) the Government Internal Audit Agency (GIAA), and the National Audit Office (NAO).
We will not:
- sell or rent your data to third parties
- share your data with third parties for their marketing purposes
We will also share your data if we are required to do so by law or regulation – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
In line with our records management and retention and disposal policy, we will only retain your personal information for as long as:
- it is needed for the purposes set out in this document
- the law requires us to
Subject to the bullets above, we will retain your personal information for up to 10 years from the date on which it is provided or subsequently updated, in order to fulfil the purposes for which it was collected.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. All personal data is stored in the European Economic Area (EEA).
We also ensure that any third parties keep all personal data they process on our behalf secure.
We will use the personal information you provide to contact you about the specific service you have used or enquiry you have made.
In addition to this, when you provide your personal information, you have the option to provide your consent for us to contact you by email or telephone with direct marketing communications. You will only receive these communications if you have given your consent.
If you provide your consent for direct marketing, you have the right to unsubscribe at any time. For email marketing, you can do so using the ‘unsubscribe’ link included in all DIT marketing emails. For telephone marketing, you should inform the caller that you no longer wish to be contacted.
You have the right to request:
- information about how your personal data is processed
- a copy of any personal data we hold about you
- that any inaccuracies in your personal data are corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests or have questions about this privacy notice and how we handle your personal information, contact:
Information Rights Unit
DIT’s Data Protection Officer
DBT’s Data Protection Officer (DPO) is responsible for independent advice and monitoring of DIT’s use of personal information.
Contact the DPO with any concerns about how DBT handles your personal information.
Data Protection Officer
Department for Business and Trade
Room 305, 55 Whitehall
Information Commissioner’s Office
Contact the Information Commissioner for independent advice about data protection, privacy and data-sharing issues.
Information Commissioner's Office
Telephone: 0303 123 1113
Textphone: 01625 545860
Changes to this privacy notice
We reserve the right to update this privacy notice at any time and we will provide you with a new privacy notice when we make any substantial updates.
Information provided whilst using this service, including personal information, may be disclosed in accordance with access to information regimes, primarily the Freedom of Information Act 2000 (FOIA).
If you want the information you provide to be treated confidentially, please be aware that, in accordance with the FOIA, public authorities are required to comply with a statutory code of practice which deals, amongst other things, with obligations of confidence.