Privacy notice

  1. What is the purpose of this notice and who does it cover?

This privacy notice (notice) gives you information about how the website (referred to in this notice as “our website”), processes personal data when you use our website including when you sign up to our electronic updates and events or email us with a view to sharing your experiences of fraud with us.

Our services and our website are not intended for children, and we do not knowingly collect personal data relating to children. References in this notice to “you’’ or “your’’ are references to individuals who use our website or provide goods or services to us. It is important that you read this notice together with our Cookie Notice and any other notices we may provide to you from time to time so that you are fully aware of how and why we are using your personal data.

  1. Who can I contact if I have any questions?

Fraud Advisory Panel is the controller for your personal data unless we notify you otherwise. This notice is issued on behalf of Fraud Advisory Panel as controller. Fraud Advisory Panel is registered with the UK Information Commissioner’s Office (ICO) with registration number Z6672211. In this privacy notice, references to “we”, “us” or “our” mean Fraud Advisory Panel. If you have any questions about this notice or the information we hold about you, including any requests to exercise your rights under data protection law, please contact us by emailing [email protected].

  1. What happens if this notice is updated or my personal data changes?

This version of the notice was last updated on 6 June 2022 and any historic versions can be obtained by contacting us at [email protected]. We will publish any changes to this notice on our website and where necessary we will also send you a copy via email. It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  1. The personal data we collect about you

Personal data is any information which directly or indirectly identifies an individual, for example, your name, address, date of birth, photos, videos or voice recordings. This does not include any information that does not, and cannot be used to, identify an individual.

Special categories of personal data are a type of personal data that we are required to look after even more carefully. Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any special categories of personal data about you through our website. Nor do we collect any information about criminal convictions and offences.

You give us your personal data through your use of our website, by signing up to receive electronic updates from us, by completing voluntary surveys or questionnaires, or by emailing us with a view to sharing your experiences of fraud with us. We also collect personal data from you indirectly such as your browsing activity while on our website, please see our Cookie Notice for more information. We also collect personal data from other sources as set out below.

Personal data collected directly from you: The personal data we collect about you depends on the particular activities carried out through our website. This information includes:

 Personal data provided by third parties

  1. What happens if you do not supply your personal data?

You are under no statutory or contractual obligation to provide personal data during your use of our website or in your interactions with us. However, if you do not provide us with your personal data we may not be able to send you joining instructions for an event which you wish to attend, be able to follow up with you in relation to sharing your experiences of fraud, or to send you electronic updates.

  1. Purposes and legal basis for which we will use your personal data

Processing personal data from website users allows us to hold events and arrange attendance at such events, personalise and tailor our website and target marketing to relevant users. The table below describes the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your personal data.

  1. How long will personal data be retained?

We keep personal data that we obtain about you for no longer than is necessary for the purposes for which it is processed. How long we keep your information will depend on the nature of the information concerned and the purposes for which it is processed.

  1. Sharing your personal data

We may share your personal data with third-party processors who provide services to us. These services include:

  • partners who are hosting events on our behalf; and
  • third parties who provide outsourced operational services to us.
    • We may share your personal data with organisations where we have a legal obligation, contract or other legitimate interest to do so.
    • Your personal data may be transferred to other third-party organisations in certain scenarios, for example:
  • if we are discussing merging part or all of our charity with another charity or creating a separate charity, personal data may be transferred to the charity with whom we are discussing the merger with or the new separate charity under suitable terms as to confidentiality;
  • if we are merged with another charity or a new separate charity is created, personal data may be transferred to the charity with whom we have merged or to the new separate charity who can continue to provide services to you;
  • if we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the police, we may need to share your personal data; or
  • if we are investigating or defending any legal claims your personal data may be transferred as required in connection with defending such investigations and/or claims.
  1. Transferring data overseas

In some cases, we may need to transfer personal data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case, we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.

Whenever we transfer your personal data out of the EEA and/or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we may transfer your personal data to countries for whom there has been an adequacy decision by the European Commission and/or an adequacy regulation granted by the UK Secretary of State (as applicable) confirming that that country provides an adequate level of protection for personal data;
  • we may use specific contracts approved by the European Commission and/or UK Data Protection laws (as applicable) which give personal data the same protection it has within the EEA and/or UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the personal data is transferred provides enforceable data subject rights and effective legal remedies for data subjects are available there; or
  • a specific exception applies under applicable data protection law.
  1. How we protect your personal data

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  1. Marketing

We would like to send you information about resources, research, and events which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by email. We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes. We will only ask whether you like us to send you electronic updates when you subscribe to receive such updates on our website. If you have agreed to being contacted in this way, you can unsubscribe at any time by:

  • contacting us at [email protected]; or
  • using the ‘unsubscribe’ link in emails or communications we send to you.
  1. Your rights

Under data protection laws, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal data.
  • Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete personal data you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
  • Rights related to automated decision making, including profiling – You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you.
  • If you wish to exercise any of your rights, please contact us at [email protected]. In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests unless there are exceptional circumstances.
  1. Complaints

If you have any concerns about the personal data we use about you, you have the right to make a complaint at any time to the ICO by contacting them at We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email at [email protected].