This Privacy Notice applies from 7 February 2024.

Privacy Notice - Product Safety Database

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).

Who we are

The Office of Product Safety and Standards (OPSS) is currently a departmental office within the Department for Business and Trade (DBT) and responsible for operating the Product Safety Database (PSD). DBT is the Data Controller. The PSD is a new system for managing product safety issues and sharing information regarding unsafe and non-compliant products in the UK.

Our Privacy Commitment

OPSS is committed to protecting your privacy. This “Privacy Notice”, explains what personal information we collect about you either directly or indirectly and how we use, share and look after that information for the PSD. We encourage you to review this Privacy Notice carefully. In addition to the commitments set out in this Privacy Notice, we operate in accordance with a set of data privacy rules which apply to the processing of all personal data by the entire DBT. These privacy rules can be found at the DBT Personal Information Charter.

Other Websites

Please note this Privacy Notice only applies when you are using the PSD website and alternative privacy notices may apply when you are using other sections of https://www.gov.uk/. For example, if you are using the OPSS section of https://www.gov.uk/, the following privacy notice will apply. Please ensure you have reviewed and understand the applicable privacy notice to the service you are using. If you have any questions about how we handle or protect your personal information, please contact us using the contact details below.

What Personal Data is

Personal Data is any information which we collect about you that can be used to identify you and includes any information, such as your name, address, IP address.

It is our intention to provide you with as much information as possible about what we do with that Personal Data, so that when you provide the Personal Data to us, you do so with an awareness of how it will be used.

What Personal Data we collect

We collect the following Personal Data:

  • Personal contact details such as name, title, address, telephone number and personal email addresses if you contact us regarding a defective product.
  • Case details such as how a defective product has impacted on you.
  • Questions, queries or feedback you might provide if you contact us.
  • Name and contact details of sole traders or of individuals in companies who contact us or who are reported to us in relation to defective products.
  • Internet Protocol (IP) address, and details of which version of web browser used.
  • Information on how the site, cookies and page tagging techniques are used (please see the analytics section below for more information).
  • Personal contact details as a user of PSD.

What Special Categories Personal Data we collect

We do not process Special Categories Personal Data in relation to the PSD. If this changes you will be notified of the details of any such processing and the legal basis on which we rely to do so.

How we collect your Personal Data

We collect Personal Data from various sources including:

  • From you when you contact us directly regarding product safety issues or defective products.
  • From third parties who contact us regarding product safety issues or defective products, for example, Market Surveillance Authorities.

How we use your Personal Data

We use your information for the following purposes:

  • To capture incoming information and/or complaints related to product safety.
  • To enable reporting on unsafe products.
  • To alert other regulators to take action on unsafe products.
  • To enable enforcement action to be taken against non-compliant businesses.
  • To enable subscription preferences when users sign up to email alerts.
  • To conduct analytics on how the website is used and navigated (please see below for more information).

Analytics

We may use Google Analytics software to collect information about how the website is used. We do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search. Google Analytics stores information about: the pages you visit, how long you spend on each page, how you got to the site, and what you click on while you’re visiting the site. We do not collect or store your personal information as part of the analytics process so this information cannot be used to identify who you are. We also collect data in order to:

  • improve the site by monitoring how you use it
  • gather feedback to improve our services, for example our email alerts
  • respond to any feedback you send us, if you’ve asked us to,
  • send email alerts to users who request them,
  • allow you to access the PSD and enter data as well as provide you with information.

How we use Cookies

This website uses cookies. A cookie is a small file of numbers and letters that we put on your device if you agree. These cookies allow us to distinguish you from other users of the website and tell us how you are using the website. Some cookies help us to provide you with a good experience as you browse our website; others enable us to gather information that informs how we improve our website. For further information on the cookies we use on this website, please refer to our Cookies Policy below.

What Legal Basis we rely on

Where you contact us regarding a product safety issue and provide us with your contact details we will ask you for your consent to store and use your personal contact information. We will rely on consent as our legal basis for such processing.

For any other processing of Personal Data in relation to the PSD our legal basis for processing is the performance of a task in the public interest, including that which is set out in law and is statute based namely Regulation 33 of the General Product Safety Regulations 2005 as may be amended by EU exit legislation. This will include where we receive Personal Data from third parties, such as Market Surveillance Authorities, relating to defective products.

How we share your data

We share your personal data in the following ways:

  • With Market Surveillance Authorities as part of our product safety oversight mission.
  • Where we use third party services providers who process personal data on our behalf in order to provide services to us, for example, our IT services provider Softwire Ltd.
  • With product manufacturers where we are investigating or alerting people to product safety issues.
  • With local authority trading standards and UK regulators where we are investigating or alerting people to product safety issues.
  • With other government departments, and their agencies for reporting and public interest purposes.
  • If we are required to do so as part of our regulatory oversight enforcement operations or by law – for example, by court order, or to prevent fraud or other crime.
  • If we are required to do so as part of agreeing a future relationship between the UK and the EU and respective regulatory bodies.

We will take steps to anonymise information wherever possible when sharing information with third parties. The process of anonymisation removes the personal identifiers from the information and thus means that the information no longer contains Personal Data.

We ensure that any third parties with whom we share Personal Data to process it on our behalf adopt equivalent or superior data protection standards to our own.

How we transfer your Personal Data overseas

We do not send or store your Personal Data outside of the European Economic Area. If this changes you will be notified of the details of any such transfer and the adequacy mechanisms put in place to ensure the security of your Personal Data.

How long we keep your data

We will only retain your Personal Data for as long as it is needed for the purposes set out in this document or the law requires us to. We may retain it for a longer period if directed to do so by law enforcement authorities and/or in connection with criminal proceedings.

Where your Personal Data is processed and stored

We choose our systems carefully to make sure that your data is as safe as possible while under our control. Your Personal Data will be hosted using a Platform as a Service product located in the UK and will not be stored outside of the UK at any time.

How we protect data and keep it secure

We are committed to doing all that we can to keep your Personal Data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your Personal Data, for example, we protect your data using varying levels of encryption and run regular penetration tests to assess our security standards.

Your information rights

You have a number of rights in relation to your personal data, these include the right to:

  • be informed about how we use your personal data;
  • obtain access to your personal data that we hold;
  • request that your personal data is corrected if you believe it is incorrect, incomplete or inaccurate;
  • request that we erase your personal data in the following circumstances:
    • if we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
    • if we are relying on consent as the legal basis for processing and you withdraw consent;
    • if we are relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
    • if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation);
    • if it is necessary to delete the personal data to comply with a legal obligation;
  • ask us to restrict our data processing activities where you consider that:
    • personal data is inaccurate;
    • our processing of your personal data is unlawful;
    • where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim;
    • where you have raised an objection to our use of your personal data;
  • request a copy of certain personal data that you have provided to us in a commonly used electronic format. This right relates to personal data where we are relying on consent to process your personal data;
  • object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal data;
  • not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately. If these changes affect how your Personal Data is processed, DBT will take reasonable steps to let you know.

You can see previous versions of this page.

Contact us or make a complaint

Contact the Data Protection Officer (DPO) if you: have any questions about anything in this document or think that your Personal Data has been misused or mishandled.

Data Protection Officer

Department for Business and Trade

Old Admiralty Building

Admiralty Place

London

SW1A 2DY

Email: data.protection@businessandtrade.gov.uk

If you have made a complaint to us about how we handle your personal information that we have not been able to resolve, you have the right to complain to the UK’s Information Commissioner’s Office, at an independent regulator.

Email: casework@ico.org.uk

Telephone: 0303 123 1113

Textphone: 01625 545860

Monday to Friday, 9am to 4:30pm

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Last updated 07/02/2024 to update the Department's name and DPO postal address.