Privacy notice

Commodity Code Identification Tool Developer Hub (the ‘service’) is provided by HM Revenue and Customs (HMRC). HMRC will be referred to as ‘we’ or ‘us’ throughout this notice.

We are committed to protecting the privacy and security of your personal information.

The purpose of this notice

This privacy notice describes how we collect and use personal information about you in accordance with data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018.

What data we collect

For use of the service:

• The name and email address you used to sign up to Government Gateway

To register for the FPO commodity code identification API:

• Your organisation name
• Your work email address

For online and telephone support:

• name
• email address
• telephone number
• details of your support issue

Why we collect your personal data

We collect your personal data to:

• allow you to access the service securely
• allow us to contact you regarding an application to access the FPO commodity code identification tool API
• allow us to notify you about any siginificant changes to the service availability such as planned outages
• gather feedback to improve the service
• respond to any feedback you send us, if you have asked us to

The legal basis of using your data

In order for the use of personal data to be lawful, we need to meet one (or more) conditions in the data protection legislation, as set out in Article 6(1) of the General Data Protection Regulation (GDPR).

For the purpose of providing the Commodity Code Identification Tool Developer Hub, the relevant condition that we are meeting is ‘public task’ as specified under Article 6 (1)(e) of the GDPR.

Who we share your data with

Your personal data will be shared with our third party suppliers who provide the service.

Data security

We have put in place measures to protect the security of your information.

Our third-party service providers will only process your personal information on our instructions or with our agreement, and where they have agreed to treat the information confidentially and to keep it secure.

We treat the security of your data very seriously. We have strict security standards, and all our staff and other people who process personal data on our behalf get regular training about how to keep information safe.

We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you.

In addition, we limit access to your personal information to those persons, or agents who have a business or legal need to do so.

We have taken measures to make sure an adequate level of security for personal information processed via our website.

We have put in place procedures to deal with any suspected data security breach and will notify you and the regulator of a suspected breach where we are legally required to do so.

Data retention

Your personal data will be kept by us for as long as needed to provide you with the service.

Your rights

You have the right to request:

• information about how your personal data is processed
• a copy of that personal data
• that anything inaccurate in your personal data is corrected immediately

You can also:

• raise an objection about how your personal data is processed
• request that your personal data is erased if there is no longer a justification for it
• ask that the processing of your personal data is restricted in certain circumstances
• If you have any of these requests, get in contact with our Privacy Team.

International transfers

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

All personal data is stored in the European Economic Area (EEA).

Complaints

HMRC has appointed a Data Protection Officer (DPO), Nicholas de Lacy-Brown, to oversee compliance with its data protection obligations.

If you have any questions about this privacy notice or how HMRC handles your personal information, email the DPO at: advice.dpa@hmrc.gov.uk

You can read more about how the DPO handles your personal information in our Office of the Data Protection Officer Privacy Notice

If you want to request a copy of your personal data follow HMRC’s subject access request guidance.

You should follow the existing complaints process if you want to complain about HMRC

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator.

The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Email: casework@ico.org.uk

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.