This charter sets out the standards you can expect us to meet when we ask for, do something with or continue to hold, your personal data. It also covers what we ask of you, to help us keep information up to date.
The data controller
The Government Legal Department (GLD) is the “data controller”. This means that GLD is responsible for any of your personal data that the Bona Vacantia Division (“the Division”) collects or uses.
Why we are collecting the data
The Division collects information for the purposes of dealing with the collection and disposal of bona vacantia assets, including those of dissolved companies and the administration of the estates of persons who die intestate and without known kin. The information we collect about you depends on the reason for your business with us, but we may use the information for any of these purposes.
The information we keep can include:
- forms you have completed and given to us
- claims you have made over the phone
- letters you have sent to us
- copies of identification documents forwarded
- details of any checks we make to ensure information we have is right
- computer records to do with your business with us
When we ask for your personal data, we promise only to ask for what we need, and to make sure you know why we need it. If it includes contact details, we will also tell you anything else that we may use it to contact you about and whether you can say no. If you do say yes to us contacting you about other things, you can withdraw your consent at any time.
Why we are legally allowed to process your data
The reasons that we can use to collect or use your personal data are set out in law. Most of the time, this will be because it is necessary for us in our work as a public body (Article 6(1)(e) of the General Data Protection Regulation, the law which applies to personal data).
When we collect or use your personal data under any other lawful basis we will let you know which part of the law we are using.
Sharing your data
We may also share your personal data with other organisations and third parties. We will only share your personal data in compliance with Data Protection legislation.
The organisations and third parties we may give information to include other government departments and their agencies, in particular Companies House, Land Registry, Probate Office, General Register Office, Her Majesty’s Revenue and Customs, local authorities, hospitals and health authorities, banks and building societies, stockbrokers and other financial bodies, law enforcement agencies, auditors, regulators and any third party you ask us to share your personal data with.
We may give information to, or receive it from such organisations or third parties to:
- check the accuracy of the information
- assist in tracing blood relatives
- verify identities
- prevent or detect crime
- protect public funds in other ways
You can ask for details of agreements we have with other organisations and third parties for sharing your personal data.
If you write to us on a subject that is not our policy area, and the response needs to come from another government department, we will transfer your correspondence, including the personal data, to that department.
You can also ask us for details of any circumstances in which we can pass on your personal data without telling you. This might be, for example, to prevent and detect crime or to produce anonymised statistics.
We won’t make your personal data available for commercial use without your specific permission.
Keeping your data
We will only keep your personal data as long as we continue to have a lawful basis to do so. This will usually mean that it is still necessary for our work as a public body. This will be decided by our ongoing business need and any laws or government policies that affect how long we keep it. We have a “retention schedule” that sets out how long we will keep different types of information for.
The data we are collecting is your personal data, and you have rights that affect what happens to it. You have the right to:
(a) know that we are using your personal data
(b) see what data we have about you
(c) ask to have your data corrected, and to ask how we check the information we hold is accurate
(d) ask to have your data deleted
(e) complain to the Information Commissioner’s Office (see below)
In some circumstances you may also have the right to withdraw your consent to us having or using your data, to have all data about you deleted, or to object to particular types of use of your data. We will tell you when these rights apply.
Sending data overseas
If we need to share your personal data with a recipient outside the European Economic Area we will ensure we do so in compliance with Data Protection legislation.
Automated decision making
We will not normally use your data for any automated decision making. If we need to do so, we will let you know.
Storage, security and data management
Your personal data will be stored securely and will be protected to make sure nobody has access to it who shouldn’t.
You can ask us for details of our instructions to staff on how to collect, use and delete your personal data.
What we ask of you
So that we can keep your personal data reliable and up to date, please:
- give us accurate information
- tell us as soon as possible if there are any changes, such as a new address
Complaints and more information
When we ask you for information, we will keep to the law, including the Data Protection legislation coming into force from 25 May 2018.
If you are unhappy with the way the department has acted, you can make a complaint.
If you are not happy with how we are using your personal data, you should first contact email@example.com
If you are still not happy, or for independent advice about data protection, privacy and data sharing, you can contact:
The Information Commissioner's Office
Telephone: 0303 123 1113 or 01625 545 745
Information Commissioner’s website.