How we share information

We use Royal Mail to send statutory notices to registrants. Where necessary, we contract with domestic and international courier suppliers. We share registrant name and contact information with couriers to fulfil this purpose.

Where previous attempts to serve notifications on the registrant have proven ineffective, we may use a contracted process server. Where the registrant is not represented and does not have an effective email or postal address, we may use a contracted process server to also send case management documents. We share registrant name and contact information with couriers to fulfil this purpose. 

We may share personal data with third parties for audit or research purposes to make sure that we are performing our functions in a fair, consistent, and robust way. You can find out more under the Research, consultations and audit section of this privacy notice.

Sometimes independent inquiries, independent investigations and reviews ask us for information relevant to an inquiry's terms of reference. This means we may have to securely share information, including personal data, with them.

Statutory public inquiries are governed by the Inquiries Act 2005 (the 2005 Act), and the associated inquiries rules. Under the 2005 Act, an inquiry may require us to provide evidence. The inquiry rules also set out how information can be shared and disclosed.

Independent investigations and reviews which are not statutory inquiries do not usually have powers to compel us to provide information. We will only release personal data to these investigations and reviews where we are satisfied that it is lawful and proportionate to do so.

Where we have been informed of a safeguarding concern, we may share information with other agencies such as the relevant local authority or the police. If we decide to share this information, we will make sure we have a proper lawful basis to do so. For further information please see our safeguarding statement. 

We sometimes transfer personal data outside the UK. We’ll generally only transfer personal data to countries outside the UK:

• to respond to requests from people who want us to share their registration details with an overseas regulator
• for important reasons of public interest or to prevent or detect crime
• where we use a supplier to process personal data on our behalf and the supplier operates outside the UK.

We generally only transfer personal data to countries within the European Union and European Economic Area (EAA). We have policies and procedures in place to make sure that where your data is processed outside the EU/EEA it is adequately protected.