From 7c99477fd25138784e0a4e75d85b70a8daeb1aeb Mon Sep 17 00:00:00 2001 From: Arun Siluvery Date: Tue, 6 Feb 2024 19:18:22 +0000 Subject: [PATCH 1/4] Add Privacy notice to exporter site --- exporter/core/urls.py | 1 + exporter/core/views.py | 4 + exporter/templates/core/privacy_notice.html | 256 ++++++++++++++++++++ exporter/templates/layouts/base.html | 5 + unit_tests/exporter/core/test_views.py | 11 + 5 files changed, 277 insertions(+) create mode 100644 exporter/templates/core/privacy_notice.html diff --git a/exporter/core/urls.py b/exporter/core/urls.py index dce247546e..362207403b 100644 --- a/exporter/core/urls.py +++ b/exporter/core/urls.py @@ -50,5 +50,6 @@ path("signature-help/", views.SignatureHelp.as_view(), name="signature_help"), path("certificate/", views.CertificateDownload.as_view(), name="certificate"), path("register-name/", views.RegisterName.as_view(), name="register_name"), + path("privacy-notice/", views.PrivacyNotice.as_view(), name="privacy_notice"), ] ) diff --git a/exporter/core/views.py b/exporter/core/views.py index 62b859ebd4..6f39d457c7 100644 --- a/exporter/core/views.py +++ b/exporter/core/views.py @@ -226,3 +226,7 @@ def get(self, request, *args, **kwargs): def handler403(request, exception): return error_page(request, title="Forbidden", description=exception, show_back_link=True) + + +class PrivacyNotice(LoginRequiredMixin, TemplateView): + template_name = "core/privacy_notice.html" diff --git a/exporter/templates/core/privacy_notice.html b/exporter/templates/core/privacy_notice.html new file mode 100644 index 0000000000..866f7555d7 --- /dev/null +++ b/exporter/templates/core/privacy_notice.html @@ -0,0 +1,256 @@ +{% extends 'layouts/base.html' %} + +{% block back_link %} +Back +{% endblock %} + +{% block title %}Data Privacy Notices{% endblock %} + +{% block body %} +
+
+
+
+

+ Privacy notice +

+ +

+ This notice sets out your rights with respect to how we will use your personal data when you apply + for a standard individual export + licence (SIEL). +

+

+ This notice explains how the Department for Business and Trade (DBT) (also referred to as “We” or + “Us” or “Our” in this privacy + notice) will use your personal data. We recognise that we have a duty to people whose information we + hold to treat that information + responsibly, keep it safe and secure, and process it correctly and proportionately. We will process + your personal data lawfully and + fairly in line with the 2018 Data Protection Act. +

+

+ This privacy notice broadly explains the information we collect, the purpose for processing, + categories of personal information and + who we may share it with. It is important that you read this notice, so that you are aware of how + and why we are using your + information. +

+ +

Purpose of privacy notice

+

+ This online service is for applying for export licenses and clearances, related to goods that + require government permission to be + exported from the UK or traded between countries. +

+

+ The information you provide will be processed by DBT and shared with third parties for the purpose + of processing licencing or + clearance application for controlled strategic goods and services. +

+

+ The information you provide will be processed on a lawful basis to enable DBT to perform a task in + the public interest or to fulfil an + official function, including conducting research appropriate to DBT and export controls. +

+ +

What data we collect

+

+ The personal data we will collect includes: +

    +
  • full name
    • +
  • email address
    • +
  • phone number
    • +
  • address
    • +
  • data related to criminal convictions, if applicable
    • +
+

+ +

Processing of criminal data

+

+ Processing of criminal data is pursuant to Article 11 (1) of the Firearms Regulation No. 258/2012. + The article stipulates that an + export authorisation (licence) must be refused if the applicant has a criminal record concerning + conduct constituting an offence, + punishable by a term of imprisonment of not less than four years. +

+

+ DBT has a duty to identify individuals that do not meet the criteria for licencing. +

+ +

Our legal basis for processing your data

+

+ DBT is the data controller for personal data you provide to us. We process the data on the lawful + basis of legal obligation and the + processing is necessary to comply with the law. +

+ +

How we may share your information

+

+ In line with the purpose your personal information may be shared with the following parties; +

+ +

+ These are: +

    +
  • Ministry of Defence
    • +
  • Foreign Commonwealth and Development Office
    • +
  • HM Revenue and Customs
    • +
  • Department for Energy Security and Net Zero
    • +
  • National Cyber Security Centre
    • +
  • UK Border Force – Home Office
    • +
  • Australia Group
    • +
  • Nuclear Suppliers Group
    • +
  • Wassenaar Arrangement
    • +
  • Missile Technology Control Regime
    • +
  • Europe Union
    • +
+

+

+ Aggregated analysis of data collected may be shared with the Information Commissioner’s Office (ICO) + the Government Internal + Audit Agency (GIAA), and the National Audit Office (NAO). +

+

+ We may also anonymise some personal data you provide to us to ensure that you cannot be identified + and use this data to allow + DBT to effectively target and plan the provision of services related to the purposes described + above. +

+

+ We will not: +

    +
  • sell or rent your data to third parties
    • +
  • share your data with third parties for marketing purposes
    • +
  • use your personal data in analytics
    • +
+

+

+ We will also share your data if we are required to do so by law or regulation, for example, by court + order, or to prevent fraud or + other crime. +

+ + +

How long we will keep your information

+

+ We will only retain your personal information for as long as necessary to fulfil the purposes we + collected it for, including for the + purposes of satisfying any legal, accounting, or reporting requirements. +

+

+ We will retain your personal information for as long as: +

    +
  • it is needed to fulfil the purposes set out in this document
    • +
  • the law requires us to do so
    • +
+

+

+ Subject to the paragraph above, we will only retain your personal data and criminal offence data for + as long as: +

    +
  • it is needed for the purposes set out in this document; or
    • +
  • the law requires us to
    • +
+

+

+ However, we conduct regular reviews to ensure we only keep information required for the purpose of + which it was collected. If + there is any indication of a business need to extend this retention period, we will robustly review + it and communicate any changes + in a revised notice. +

+ +

Your rights and access to your information

+

+ You have the right to request a copy of the information that we hold about you. The Data Protection + Act (DPA) also gives you + additional rights that refer to how DBT holds and uses your information. +

+

+ Under certain circumstances, by law you have the right to: +

    +
  • request information about how your personal data is processed
    • +
  • raise an objection about how your personal data is processed
    • +
+

+ +

Contact us

+

+ The Department for Business and Trade is registered as a Data Controller under the General Data + Protection Regulation and Data + Protection Act 2018. Our contact details are: +

+

+ Data Protection Officer
+ Old Admiralty Building
+ Whitehall
+ London
+ SW1A 2DY
+ Email: data.protection@businessandtrade.gov.uk
+

+ +

+ You have a right to complain to us if you think we have not complied with our obligation for + handling your personal information. You + can contact our Data Protection Officer using the same contact. +

+ +

Contact the Information Commissioner’s Office

+

+ If you are not satisfied with the DBT response you have a right to complain to the Information + Commissioner’s Office (ICO). You + can report a concern by contacting the ICO on the below details. +

+ +

+ Information Commissioner’s Office
+ Wycliffe House
+ Water Lane
+ Wilmslow
+ Cheshire
+ SK9 5AF
+
+ Email: casework@ico.org.uk +

+ Tel 0303 123 1113 +

+ Textphone 01625 545860
+ Monday to Friday 9am to 4:30pm +

+ For more information about your rights under the Data Protection Act or to request a copy of any + data held about you please + contact data.protection@businessandtrade.gov.uk. +

+ +

Confidentiality

+

+ If you wish the information you provide to be treated as confidential, please be aware that, in + accordance with the Freedom of + Information Act (FOIA), public authorities are required to comply with the FOIA. +

+ +

In view of this, it would be helpful if you have reasons for confidentially, if + you could explain to us why you wish that information to + be treated confidentially. If we receive a request for disclosure of information that has been + provided, we will take full account of + your explanation, but we cannot give an assurance that confidentiality can be maintained in all + circumstances. +

+ +

Changes to this privacy notice

+

+ We reserve the right to update this privacy notice at any time and we will provide you with a new + privacy notice when we make any + substantial updates. +

+ +
+
+
+
+ +{% endblock %} diff --git a/exporter/templates/layouts/base.html b/exporter/templates/layouts/base.html index f41e57482a..6b1a85c0ef 100644 --- a/exporter/templates/layouts/base.html +++ b/exporter/templates/layouts/base.html @@ -120,6 +120,11 @@

Support links

{% endif %} +
  • + + Privacy notice + +
    • @@ -45,7 +45,7 @@

    Purpose of privacy notice

    The information you provide will be processed by DBT and shared with third parties for the purpose - of processing licencing or + of processing licensing or clearance application for controlled strategic goods and services.

    @@ -75,7 +75,7 @@

    Processing of criminal data

    punishable by a term of imprisonment of not less than four years.

    - DBT has a duty to identify individuals that do not meet the criteria for licencing. + DBT has a duty to identify individuals that do not meet the criteria for licensing.

    Our legal basis for processing your data

    diff --git a/unit_tests/exporter/core/test_views.py b/unit_tests/exporter/core/test_views.py index 95c4567ed1..8d80f0e24f 100644 --- a/unit_tests/exporter/core/test_views.py +++ b/unit_tests/exporter/core/test_views.py @@ -109,4 +109,4 @@ def test_privacy_notice_view(authorized_client): soup = BeautifulSoup(response.content, "html.parser") assert soup.find("h1").string.strip() == "Privacy notice" - assert soup.title.string.strip() == "Data Privacy Notices - LITE - GOV.UK" + assert soup.title.string.strip() == "Privacy notice - LITE - GOV.UK" From e845f273b53b8febb2359e08cc640dc644fc5c54 Mon Sep 17 00:00:00 2001 From: Arun Siluvery Date: Thu, 8 Feb 2024 11:32:15 +0000 Subject: [PATCH 3/4] Update content following feedback --- exporter/templates/core/privacy_notice.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exporter/templates/core/privacy_notice.html b/exporter/templates/core/privacy_notice.html index 56d1d149ef..4efb65f8cd 100644 --- a/exporter/templates/core/privacy_notice.html +++ b/exporter/templates/core/privacy_notice.html @@ -46,7 +46,7 @@

    Purpose of privacy notice

    The information you provide will be processed by DBT and shared with third parties for the purpose of processing licensing or - clearance application for controlled strategic goods and services. + clearance applications for controlled strategic goods and services.

    The information you provide will be processed on a lawful basis to enable DBT to perform a task in From ddc6755e4204ee45b8e3b040ec8a20bd3d7e5936 Mon Sep 17 00:00:00 2001 From: Arun Siluvery Date: Fri, 9 Feb 2024 11:21:15 +0000 Subject: [PATCH 4/4] Use url tag to specify location in template --- exporter/templates/layouts/base.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exporter/templates/layouts/base.html b/exporter/templates/layouts/base.html index 6b1a85c0ef..ba52aefbd7 100644 --- a/exporter/templates/layouts/base.html +++ b/exporter/templates/layouts/base.html @@ -121,7 +121,7 @@

    Support links

    {% endif %}
  • - + Privacy notice