How the Department for Business and Trade uses your personal data when you contact the Business Support Service—and your rights

If you’re reaching out to the Department for Business and Trade (DBT) via the Business Support Service, you’ll want to know how your personal data is handled, what it’s used for, and what rights you have. This post explains, in clear terms, the data practices that apply when you contact DBT for help, guidance, or information.

What data we collect and how we collect it
– The information you provide: When you submit a query, request assistance, or sign up for updates, we collect details such as your name, contact details (email, phone number), company name, role, and the subject of your enquiry. We may also collect notes about your enquiry and any documents you choose to share.
– Communications we generate or receive: We log emails, chat messages, call notes, and other interactions to ensure we can respond accurately and efficiently.
– System information: We may collect technical data such as the type of device you use, IP address, and information about how you accessed the service, to help protect the service and diagnose issues.
– How data is collected: Data can be provided directly by you through online forms, email correspondence, or posted documents, and may be captured during telephone or video interactions as part of our service delivery and quality assurance processes.

How we use your data
– To respond to your enquiries: Your data is used to understand your request, provide an appropriate response, and follow up if necessary.
– To deliver and improve services: Information helps us deliver the Business Support Service effectively and identify ways to improve the help we offer.
– To verify identity and security: We use data to verify who you are and to protect against fraud or misuse of our services.
– For record-keeping and accountability: We maintain records to meet legal and statutory obligations, and to monitor service performance and maintain a transparent audit trail.
– To communicate about the service: We may use your data to provide updates, information about changes to the service, or related guidance that could help you.

Who we share your data with
– Internal teams: To handle, process, and respond to your inquiry, including subject matter experts and service colleagues who need the information to resolve your issue.
– Service providers and partners: We may share data with trusted organisations that perform support services on our behalf (for example, CRM providers, IT services, or analytics partners) under strict data processing agreements.
– Other government bodies: When necessary to provide a service or to comply with legal or regulatory requirements, we may need to share data with related government departments or agencies.
– Legal and safeguarding: Data may be disclosed where required by law, regulation, or in response to a valid request by authorities (for example, to prevent or detect crime).

Data retention and security
– Retention: We keep your personal data for as long as is necessary to fulfil the purpose for which it was collected, to comply with legal obligations, resolve disputes, or enforce our policies. After that, data is securely deleted or anonymised where appropriate.
– Security: We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. Access to data is restricted to those who need it to perform their duties, and we use encryption, access controls, and regular security reviews to safeguard information.

Your rights under UK data protection law
You have rights regarding your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These include:
– Right of access: You can request a copy of the personal data we hold about you.
– Right to rectification: You can ask us to correct inaccurate or incomplete data.
– Right to erasure (the right to be forgotten): In certain circumstances, you can ask us to delete your data.
– Right to restrict processing: You can request that we limit how we use your data in certain situations.
– Right to portability: You can ask for a copy of your data in a structured, commonly used format, and to have it transferred to another controller where feasible.
– Right to object: You can object to processing of your data in certain circumstances (for example, where we rely on legitimate interests or direct marketing).
– Right to withdraw consent: If we rely on your consent to process data, you can withdraw that consent at any time.
– Rights in relation to automated processing: If we rely on automated decision-making that could significantly affect you, you have the right to obtain human involvement or a reconsideration of the decision in appropriate cases.

How to exercise your rights or raise concerns
– Exercising rights: If you would like to exercise any of your data protection rights, please contact our Data Protection or Information Governance team using the contact details provided on the GOV.UK page for the Business Support Service. Provide enough information to help us locate your data (e.g., your name, the email address you used, and a description of your request).
– Complaints: If you’re unhappy with how your data has been handled, you can raise a complaint with the Information Commissioner’s Office (ICO) in the UK. The ICO provides guidance on how to file a complaint and what to expect from the process.

Automated decision-making
– We do not rely solely on automated decision-making to determine outcomes that affect you. If there are any processes that involve automated elements, we will ensure there is human involvement where appropriate, and we will provide you with information about how the decision was made and how to obtain human review where applicable.

Note for users
– Your honesty and accuracy: Providing accurate information helps us respond more effectively. If you change any of your information, please let us know so we can keep our records up to date.
– Changes to this notice: Data practices can evolve with policy updates and changes in law. We will inform you of material changes to our data handling practices, typically via the Business Support Service channels.

In short
When you contact the Business Support Service, DBT collects and uses your personal data to deliver timely, accurate assistance, and to improve the service for you and others. Your data is safeguarded through security measures and retention policies, and you retain robust rights to access, correct, or delete your data, among others. If you have questions, concerns, or wish to exercise your rights, start by contacting our team through the established channels on GOV.UK, or lodge a complaint with the ICO if required.

If you’d like, I can tailor this draft to reflect a specific audience (business owners, small enterprises, or a particular sector) or expand any section with more examples or FAQs.

January 19, 2026 at 09:50AM
指南：商业支持服务隐私通知
https://www.gov.uk/government/publications/business-support-service-privacy-notice
商务与贸易部（DBT）在您联系商业支持服务时将如何使用您的个人数据，以及您拥有哪些权利。

阅读更多中文内容： DBT 在您联系商业支持服务时如何处理个人数据及您的权利