Skip to content

Privacy notice


This privacy notice is to let you know what personal information Crown Agents Ltd holds, how it is looked after, the reason for requiring the information, what is done with it and how long is it kept for, when providing service to you.

Crown Agents Ltd operates internationally through subsidiary and affiliate entities.


When processing your personal information, we act as controllers and may cooperate with third party processors in meeting our compliance obligation under law. We may pass your personal data on to our service providers in the course of our work with you. Our service providers are obliged to keep your details securely and use them only to fulfil the service they provide you on our behalf. Once your service need has been satisfied, or the matter has been closed, they will dispose of the details in line with our procedures.


Personal information is information that identifies you as an individual or relates to an identifiable individual.

We may collect your personal information in the following ways:

  • You may provide your Personal Information directly to us for the purpose of contract
  • You may provide your Personal Information directly to us with your consent
  • Our service providers may provide your Personal Information directly to us with your consent because you require our services

For Crown Agents (CA)  employees and contractors

What data do we collect? We collect the data we need to verify who you say you are, to confirm the qualifications you have on your CV are correct and collect all the information we require to register you for payroll, travel, taxation and pension arrangements and to pay you your salary. We will also keep records of your contractual arrangements and any other employment documents that we are required to keep or need for us to comply with employment legislation
Do we share your data with anyone outside of CA? We outsource our pension to a third party. They will have access to your name, National Insurance Number, your tax code and salary and pension arrangements. They need this to pay you and to make sure your tax and pension payments are made correctly. We also share your name and bank account details with our bank, so they can transfer money to your bank account. Finally, we share your name and other basic information with our benefits providers, so that you can receive employee benefits
What is the legal basis for keeping my data? We keep your data to comply with employment legislation and to make sure that we can pay you
What would happen if I refused to give you this data? In this case we would not be able to comply with employment legislation or pay you. This means we would not be able to employ you.
Who has access to my records? Once you have been employed, only the HR team and your manger
How long will my records be kept for once I leave Crown Agents? 6 years


For newsletter distribution

What data do we collect? We collect your name, email address and the name of the organisation you represent
Do we share your data with anyone outside of CA? Mailchimp and/or Dotmailer
What is the legal basis for keeping my data? Informed consent. You will be asked to confirm your willingness to accept your inclusion on the Newsletter distribution and to receive further information from Crown Agents
What would happen if I refused to give you this data? We will not be able to send you the CA Newsletter or provide you with information on our services or training
Who has access to my records? CA staff involved in the distribution of the newsletter
How long will my records be kept for once I withdraw my consent? You may withdraw your consent at any time. This will mean you will not receive any further newsletters.

Any information we hold on you will be removed from the CA contacts database immediately



We are required to have a legal basis to process your personal information. The legal basis will be one of the following:

  • for the purpose of contract with you to comply with our obligations under the contract
  • for the intention of contract on your behalf and we need to process your personal data to do what you ask
  • you give consent to collect and use the data for the purposes described in this notice. You may withdraw your consent at any time by contacting us using the details at the end of this privacy notice
  • we believe you have legitimate interest in our services



We may use your personal information to tell you about relevant products and offers relating to your Crown Agents Services. This is what we mean when we talk about ‘marketing’.

We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information to contact you, and it must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time. For more information on the appropriate safeguards, please contact us at the details provided under the contact us section in section 7 of this document.


To the best of our ability we aim to ensure that any personal data we hold is accurate, up to data and correct. We need your help with this; if you don’t tell us something has changed we won’t know, so please keep us informed.

If we receive a request from you to amend the records, we will take reasonable steps to satisfy ourselves that the data is accurate and to rectify the data if necessary. Should you wish to contact us see our contact details in section 7 of this document.


What Are Cookies?

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are a way for websites to store and retrieve very small text information on a web browser. These are designed to improve your online experience by keeping track of users as they view pages and allow a website to remember your actions and preferences. There are various types of cookies although they all work in the same way but have minor differences.

Most web browsers allow some control of most cookies through the browser settings. You can usually find these settings in the Options or Preferences menu of your browser.

Cookies we use do not allow us to identify you personally.

You can find out more information about the individual cookies we use and the purpose of each of them in the table below:

Cookie Name Purpose More Information
ASP.NET ASP.NET-SessionID This cookie is essential for site functionality and is used to store and retrieve values for a user as they navigate the site. It is held temporarily in memory and is deleted when the browser is closed.
DotMailer dmSessionID We send out emails through DotMailer. We use cookies to track when users have clicked onto our site from the emails that we have sent. The session cookie is stored in a user’s browser until a user deletes the cookie or the cookie expires.
Facebook We use adverts on Facebook, targeted to a specific demographic. Our website uses the Facebook “Pixel” tracking code to show us how successful our adverts are. All the data we receive is encrypted, which means we can’t see the individual data of any user who clicks through onto the site from the advert on Facebook. The cookie is stored in a user’s browser until a user deletes the cookie or the cookie expires.
Google _utma
These cookies are used to collect information about how visitors use our site. Google Analytics collects anonymous information such as pages you visit on this site, the browser and operating system you use and time spent viewing pages. The purpose of this information is to help us improve the site for future visitors. The cookie PREF is used to remember the visitor’s basic preferences such as whether they want search results in English or whether they have opted for a SafeSearch setting. This cookie will expire in two years’ after creation. Click here for an overview of privacy at Google
LinkedIn L1c





We advertise on LinkedIn and use the LinkedIn “Insight Tag” to track visits to our site from the adverts. The data is encrypted so we can’t see individual personal data, only demographic and location information.

The LinkedIn browser cookie is stored in a user’s browser until a user deletes the cookie or the cookie expires.





VISITOR_INFO1_LIVE has a duration of 7 months, determines the version of Youtube.

Use-hitbox is a session-only cookie allowing the counter for the video to increment on the youtube website.

PREF is used to remember the visitors basic preferences.

Click here to see more details


Various cookies used by Social media site Twitter. K cookie is used to store the users IP address and is destroyed one week after creation. Guest_id is used to identify the user, if logged in to Twitter it will store the username, if not a unique key will be generated. Destroyed two years after creation. Original referrer contains information regarding the website the user came from.


If you do not wish to accept cookies you are able to decline them by altering the settings in your browser. All browsers are different but the ‘Help’ section of your browser should explain what you need to do. You can access your browser’s help section by pressing the ‘F1’ key while browsing.

If you do choose to block all cookies (including essential cookies) using your browser’s settings, you may not be able to access all or parts of our site.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit To opt out of being tracked by Google Analytics across all websites, visit



Your personal information may be transferred to, stored, and processed in countries internationally We have put in place appropriate safeguards, such as contractual agreements in accordance with applicable legal requirements to ensure your data is adequately protected.


We committed to keeping your personal information secure. We use physical, technical and operational procedures intended to safeguard and secure the information we collect. Data processors working with us are required to be equally compliant.

We have a Retention Policy and schedule which identifies how long each aspect of your data should be kept for, with a legal, regulatory and justifiable business needs. We do not keep data for any longer than is required.

We keep our Privacy Notice under regular review and we will place any updates on the Crown Agents Website. The notice was last updated in April 2018.


GDPR  gives you the right to access information held about you. Your right of access can be exercised in accordance with the regulation. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

For the above or if you have any questions or comments regarding this privacy notice, please contact our Data Integrity Offer at, alternatively you can write to us, FAO: Data Integrity Officer, Crown Agents Ltd, Blue Fin, 110 Southwark St, London SE1 0SU.