Personal information charter

Our commitment to your privacy rights, how the law protects you, and how we keep your personal information confidential and secure.

The lawful basis upon which we process personal information for our statutory services is to carry out our legal obligations in the registration of land and property.

Our data protection obligations

From 25 May 2018 the Data Protection Act 2018 will provide the legal framework for the processing and protection of your personal information. Under this framework, we will be the controller of your data and responsible for your personal information unless we tell you a third-party has access to or provided your information.

As a Competent Authority under the Data Protection Act, we may share information with other government departments and law enforcement and regulatory bodies, including specified anti-fraud organisations under section 68 of the Serious Crime Act 2007. This sharing of information helps to prevent and detect crime, for example property fraud. It also helps with the investigation of land banking schemes.

The Freedom of Information Act 2000 and Environmental Information Regulations 2004 also affect what information we may release.

Our Data Protection Officer

Our Data Protection Officer is responsible for dealing with your questions about this charter and can give you help and guidance on:

  • how to find out what information we hold about you
  • correcting any mistakes
  • staff instructions for collecting, using and deleting your personal information
  • how to complain
  • how we share information and who we share it with

Data protection

Data Protection Officer
Trafalgar House
1 Bedford Park

Croydon
CR0 2AQ

Data we collect about you

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity of the individual has been removed (anonymous data).

We may collect, use, store, share and transfer various kinds of personal data about you. Your personal data will either have been provided by you directly to us or it is data provided to us by a third party authorised to act on your behalf,such as a solicitor, conveyancer, mortgagee or agent.

The following list describes the types of personal data we may collect. It indicates if a third-party can access the data and how it is used by us to perform our statutory services and to provide non-statutory services.

The data used for statutory services, for non-statutory services and by third-party providers:

  • application data:
    includes all data provided when making a registration application, including data on the application forms prescribed by registration legislation
  • identity data:
    includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender
  • contact data: (except not by third party providers)
    includes billing address, delivery address, email address, and phone numbers
  • financial data:
    includes bank account and payment card details (these are items dealt with by third-party providers)
  • transaction data:
    includes details about the type of applications you have made, payments to and from you and other details of products and services you have purchased from us (for assisted digital services a third party may provide some of the services)
  • technical data:
    includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform and other technology on the devices you use to access our electronic services
  • profile data:
    includes your username and password, purchases or orders made by you, your preferences, feedback and survey responses collated by analytical cookies
  • usage data: includes information about how you use our website products and services
  • marketing and communications data:
    includes your preferences in receiving marketing from us and your communication preference
  • aggregated data:
    we also collect use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. If we combine or connect aggregated data with your personal data so that it can identify you, we treat the combined data as personal data which will be used in accordance with this charter
  • Business e-services account data

Data accuracy

It is important that the personal data we hold about you is accurate and current. Keep us informed if your personal data changes by contacting our Data Protection Officer.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data).

We only collect information about criminal convictions and offences in connection with fraud investigations, such as registration fraud or staff misconduct investigations.

Failure to provide personal data

Where we need to collect personal data by law, or to answer any enquiry you make, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to deal with your application, or enquiry, enter into a contract (for example, to provide goods and services) or create an account for you. If you do not provide the necessary data, we may have to cancel any application you have made, and we will be unable to answer any enquiries. We will notify you if this is the case at the time.

How we collect personal data

We collect data from and about you for our statutory and non-statutory services in the following ways.

Directly from you

You may give us your application, identity, contact, financial, transaction and technical data by filling in forms or through contact with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • make applications or apply for our services yourself or through your conveyancer, solicitor or any other agent acting on your behalf
  • create an account on our website to access our electronic services
  • access our free data
  • enquire about our commercial services
  • consent to marketing
  • consent to user research
  • give us feedback
  • make an enquiry through our Customer Support Centre or Data Protection Officer
  • make a complaint

Automated technologies or interactions

As you interact with our website, we may automatically collect transaction data, technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. See information about our cookies.

Third-party or publicly available sources

We may receive personal data about you from various third parties including:

  • individuals or businesses representing you
  • Companies House
  • the Electoral Register
  • professional and regulatory bodies
  • the Insolvency Service
  • credit check providers
  • banks and financial bodies
  • other government departments

Evidence of identity

If you make a personal application to us, or someone representing you hasn’t been able to verify your identity, so we can be satisfied we are dealing with a person authorised to make an application to us, you will be required to complete a Certificate of identity form (ID1) and provide identity evidence.

Identity forms and any identity evidence provided by you will be kept indefinitely by us as evidence of identity checks when dealing with your application for registration. Identity evidence is not publicly available under registration legislation, but this information may be shared with law enforcement agencies and may be used to check your identity with a third party.

Contact forms

If you use our online contact forms to request information, to get products and services or to give feedback, your identity data, contact data and technical data will be used to get in touch with you or to respond to your requests. Any financial data given may be used to charge for services provided.

You should be aware that personal information received from online forms is not encrypted so it may not be completely secure.

Financial data

When you use our online services such as Find a Property and Find Property Information, you will be required to make payments by credit/debit cards through our third-party providers for example, Worldpay. We comply with the Payment Card Industry Data Security Standards and do not hold any card holder information. For information about third-party providers’ use of your personal data, you should read the privacy policies on their websites.

If you make a payment for services delivered over the phone this will be dealt with by our third-party provider Enghouse. They deal with your debit/credit card validation and pass your details for payment collection to our payment services providers Worldpay, GOV.UK Pay or any other provider used by us.

We will not receive any personal information when your payment is recorded.

Variable direct debit accounts

If you hold a variable direct debit account with us identity data, contact data and financial data are stored in our secure financial management systems used by us to run all our core business functions. Scanned copies of your variable direct debit mandate and application form are stored in our secure finance system and updated and replaced when changes are made, or the account closed.

Data retention: this information is stored while the account remains live. Once an account is closed, or a variable direct debit mandate is revoked, the data is kept for a period of 6 years.

Customer enquiries data

When you contact our Customer Support Centre either by email, by letter or by phone we collect contact data from you. If your enquiry is by phone you will be required to provide identity data and contact data together with sufficient information about your query, uch as a land registration title number, to enable our customer support centre staff to deal with your enquiries.

Where enquiries are made we will only use the information supplied to us to deal with the enquiry and any subsequent issues.

Data retention: customer requests and enquires are recorded and kept 3 years before being archived.

Some phone calls are recorded for quality assurance and are kept for 60 calendar days.

We compile statistics on enquiries to analyse our levels of service. These are in a form that anonymises any personal information.

Business e-services accounts

When you apply for a business account to use our Business Gateway, portal or Lender Services, all personal and organisational data provided by you on application for services forms is recorded on our customer relationship management system. This system also records any enquiries you make about your account. Business e-services accounts must be supported by a variable direct debit account with your nominated bank. As part of our account creation process we may ask for your consent to carry out a personal credit check. We will use a third-party provider for this purpose.

Conditions of use for portal and Business Gateway, our Technical Manual and the Network Access Agreement tell you about the services and how we use information collected about you, your business and your employees. You are responsible for making sure that account information is kept up to date, replacing key staff when organisational changes occur.

Application data and identity data about you or applicants that you are representing, together with any correspondence, phone calls, enquires made or provided by you in connection with registration applications is governed by registration legislation. The lawful basis on which we will process any personal information provided for our statutory services using our Business e-services will be to enable us to carry out our legal obligations in the registration of land and property.

Business e-services accounts will be kept in accordance with the conditions of use and Network Access Agreement. If an account is terminated it will be de-activated from our system. However, account data will be retained indefinitely to meet our statutory obligations including for the prevention of crime and fraud purposes.

Enquiries made about Business e-services accounts which do not proceed to creation of an account will be deleted from our customer relationship management system.

User research

As a customer using our services, we welcome your input into our user research about our products, services and systems. Participation is voluntary. If you are willing to help with user research to help us improve or develop new services and products we will ask you to complete a user-research consent form before taking part.

During research, data may be recorded using screen recording software or eye-tracking technology for specific projects. This data helps us to develop our products and services and is held until it no longer has a useful value for the project.

For more information about our user research, email our Customer Insight Team.

Complaints

If you make a complaint, a complaints record will be created. This will include your identity and contact data as the complainant. If your complaint is about an individual, then other personal information required will be identity and contact data about that person.

Personal information provided as part of a complaint is only used to process the complaint but may be shared within HM Land Registry or other government departments (for example, the Information Commissioner’s Office or the Independent Complaints Reviewer) during investigations or to comply with other statutory obligations, such as the Freedom of Information Act.

If your complaint is about another individual, we will disclose your identity as the complainant to that individual. This is inevitable where, for example, the accuracy of a title is in dispute. We are not able to handle a complaint on an anonymous basis.

Complaint records are kept for 7 years. We do not usually publicly identify any complainants unless the details have already been published. Information from complaint records is not publicly available under our statutory process for access to information.

We compile statistics on complaints to analyse our levels of service. These are in a form that anonymises any personal information.

We aim to meet the highest standards when collecting and using personal information and take any complaints we receive very seriously. If you think our collection or use of information is inaccurate, unfair or misleading, we encourage you to bring it to our attention. We also welcome suggestions for improving our procedures If you feel unhappy with the way in which we have dealt with you, we want you to let us know so we can put matters right, if we can. If we have got something wrong, your complaint will also give us a chance to try to improve our service for all our customers.

How to complain

Contact the team you have been dealing with, or, use our online feedback form. Read about our complaints procedure.

More information

You can get more details on:

  • what information we hold about you
  • how to correct any mistakes
  • circumstances where we can pass on your personal information without telling you, such as to prevent and detect crime or to produce anonymised statistics
  • staff instructions about collecting, using and deleting your personal information
  • making a complaint
  • alternative information formats, such as XML

For further information contact our Data Protection Officer.

For additional guidance about data protection, privacy, and data-sharing issues contact the Information Commissioner.

Email communications (large groups)

There are occasions when we send email alerts to large groups of our customers and members of the public who have subscribed for this service, for example, distributing our Landnet newsletter and letter-style messages, or, subscription-based alerts for a specific topic, for example, News or Data, automatically sent when a new piece of content is published. These alerts can be subscribed to by anyone interested in our work. We refer to these email communications as ‘mass emails’. We use a third party to send mass emails. Emails are sent from HMLandRegistry@email.landregistry.gov.uk, using GovDelivery, a Granicus service. Users can subscribe, manage their preferences or unsubscribe at any time.

Data is held on GovDelivery and Granicus servers for as long as the topic is active, so this is ongoing for many topics, unless the user unsubscribes or asks to be removed. Old topics (for example, marketing campaigns) are deleted and subscribers removed.

We use industry-standard technologies to collect data about email opening rates and clicks. This helps us to monitor and improve our communications. For more information, read the Granicus privacy policy.

Email responses to individuals

We will use contact data email address you provide to contact you by email.

Cookies

HM Land Registry puts small files (known as ‘cookies’) onto your computer to collect information about how you browse the site.

Cookies are used to:

  • temporarily retain limited pertinent information so our services operate correctly
  • measure how you use the website so it can be updated and improved based on your needs
  • remember the notifications you’ve seen so that we do not show them to you again

We do not use cookies to:

  • collect or store any information that could be used to identify the user
  • make any attempt to find out the identity of the user
  • associate any data gathered with any personally identifying information from any other source

You can find out more about how to manage cookies. If you disable or refuse cookies you need to be aware that you may not be able to access some services or parts of our website.

The cookies we use are different for each service. You can find details of each cookie, including what they are used for and how long they stay on your computer, on the cookie page for each service.

You can opt out of Google Analytics cookies.

Measuring website usage (Piwik)

We use Piwik software to collect information about how you use MapSearch. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Piwik stores information about:

  • the pages you visit
  • how long you spend on each page
  • how you got to the service
  • what you click on while you are visiting the service

We do not collect or store your personal information (for example your name or address) so this information can not be used to identify who you are. We do not allow Piwik to use or share our analytics data.

Piwik sets the following cookies:

Name Purpose Expires
_pk_id This helps us identify how you use the service so we can make the site better 2 years
_pk_ses This works with _pk_id to count the number of times you visit the website 30 minutes
_pk_ref This provides information about how you reached the site 6 months

Find out about cookies used on GOV.UK.

How we use your personal data

We collect and hold your personal data so we can:

  • provide our statutory services
  • provide you with additional services that are non-statutory
  • provide you with customer service
  • improve your customer experience
  • meet our obligations as an employer
  • provide commercial services
  • assist with law enforcement for the prevention and detection of crime

Our statutory services

Registration applications

If you make registration applications or correspond with us in connection with a registered title or the registration of land you provide us with personal data. The use of this information is governed by registration legislation. When we handle personal information you give us as part of our registration functions, your rights under this statutory framework are limited, for example, you cannot ask us to remove or delete information from the register of title that we are obliged to publish by law. We are permitted to use personal information for these purposes.

Our statutory services are available to the public. Upon payment of any fees payable under the Land Registration Fees Order you can apply for:

  • official copies of registers of title and title plans
  • inspect and get copies of certain documents held by us

Because this information is available under registration legislation, it is not available under the Freedom of Information Act 2000.

For more information about our statutory services see our practice guides. Public records are usually sent to National Archives once they are 20 years old. However we have been given approval by the Lord Chancellor in a formal Instrument of Retention to keep those relating to our registers and associated documents for as long as our legislation is in force and we are required to keep these records to meet our statutory obligations. This includes all the information provided to us to enable us to perform our statutory functions and carry out our legal obligations in the registration of land and property by creating and maintaining our registers.

When we handle personal information supplied by you as part of our statutory functions your rights under data protection law are limited. Data protection Law permits us to use your personal information for our official purposes. The lawful basis for us processing your personal information under Data Protection law is that it is necessary to enable us to perform our legal obligations in the registration of land and property.

Provided the law allows us to do so, we may share information we hold with others to maintain the integrity of our registers, such as for the prevention and detection of crime.

Find a property

By providing a property description of the land or a title number, the Find a Property electronic statutory service lets you inspect and download copies of registered titles and plans as well as individual caution registers and plans that we keep in electronic form. To access this service, you must create an online account and agree the terms of use. The types of data we collect for this service are contact data, identity data, financial data (all payments being dealt with by our third-party provider, Worldpay), transaction data, technical data, profile data, usage data and aggregated data.

For access to your legal rights when using this service read our information. You cannot exercise your legal right to rectification of personal data because the service does not facilitate alterations to contact data or identity data. If you need to make changes to your account or if you decide to use a different email address, you will need to create a new account.

Data retention: all personal data given for use of this service will be kept for a period of 5 years.

Local land charges

A new local land charges service is being introduced. By providing a postcode, an address or partial address, or using the online map facility you will be able to use this service to search for local land charges (legal restrictions and prohibitions affecting land). Once we have become responsible for the local authority area you want to search (our electronic service will have an online tool to help you check). Local authorities will be included in the new service in phases. You will be able to choose to do a free personal search or an official search for which there is a charge. Under the Environmental Information Regulations 2004 you will be able to look at the register and carry out a personal search for free. This will give you information about the local land charges affecting the property searched and who to contact at the local authority for further information. As well as all the information provided by the personal search the chargeable official search will give you additional information. You will be able to download the official search result as a secure document which is digitally signed by us.

You will not need an account to carry out a personal or official search. However, if you choose to create an account for your official searches, we will provide you with facilities for cloud storage and archiving.

If you choose to create an account for this service, you will have to accept the terms of use.

The types of data we will collect for this service are contact data, identity data, financial data (all payments being dealt with by our third-party provider GOV.UK Pay transaction data, technical data, profile data, usage data and aggregated data.

For access to your legal rights when using this service read our information. You will not be able to exercise your legal right to rectification because the service does not facilitate alterations to contact or identity data. If you need to make changes or if you decide to use a different email address, you will need to create a new account.

Data retention: if you do not use your account for 12 months we will delete it. You will need to re-register to start using the service again.

We do not keep your personal information data for this service. Once an account has been deleted it will be removed from our system.

Digital mortgage

The digital mortgage service enables mortgage lenders and us to provide borrowers with an electronic Sign your mortgage deed service. Lenders and conveyancers provide borrowers personal information data to create a digital mortgage deed. Lenders or conveyancers who are acting on behalf of borrowers and dealing with the legal requirements for a digital mortgage, will asked borrowers to access the mortgage deed to electronically sign it.

Before borrowers can access the service to electronically sign their mortgage deed they must verify their identity using GOV.UK Verify . Following successful identity verification, borrowers can access the service but must first accept the terms of the Signature Network Access Agreement. They will then be able to follow the guidance given on the service. We will then notify lenders as part of the service that the borrowers have signed the mortgage deed. Lenders control when they electronically instruct us that the signed mortgage deed is to take effect. This is when a date is attached to the digital mortgage deed and it becomes legally binding. Lenders are then able to give us electronic instructions when the mortgage deed is to be registered and put in the Land Charges Register.

The service is being used by some lenders for re-mortgages. You will need to check with your lender to see if they are signed up for this service.

The types of data required for this service are application data, identity data, contact data, transaction data, technical data, profile data, usage data and aggregated data. For this service, data will be either given by the individual or by a third party acting on their behalf.

Data retention: personal data provided in connection with the digital mortgage service will be kept for as long as the mortgage is registered and for a minimum period of 12 years after the mortgage has been deleted from the register.

Mortgage documents will be kept indefinitely as they are information governed by registration legislation.

Our non-statutory services

We also provide additional services to you and our business customers that are not governed by registration legislation. These are our non-statutory services.

When you apply to use any of our non-statutory services you must agree to comply with our user requirements. This may be by:

  • accepting service terms of use
  • agreeing a licence
  • entering into a contract with us
  • agreeing to our copyright requirements and those of any third parties shown on the service
  • providing identity, contact, financial and technical data and any other data where requested
  • making payment where a service is chargeable

Our non-statutory services available to individuals are:

  • Commercial and Corporate Ownership Data
  • Find Property Information
  • Flood Risk Indicator
  • Overseas Companies Ownership Data
  • Property Alert

Non-statutory services to individuals

The table below shows the non-statutory services we provide to individuals. We keep the collected data for 5 years.

Retention periods for your personal data are determined by considering the amount, nature and sensitivity of personal data, any potential risk of harm from unauthorised use or disclosure the purposes for which we process personal data and whether we can achieve those purposes through other means. We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.

We will only use your personal data when the law allows us to. Generally, we do not rely on consent as a legal basis for processing your personal data except where you have given your specific consent for research or marketing purposes.

Processing is necessary:

  • for the purposes of our legitimate interests
  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in HM Land Registry
Service name Categories of personal data collected
Commercial and Corporate Ownership Data
Our Commercial and Corporate Ownership Data (CCOD) contains more than 3.3 million title records of freehold and leasehold property in England and Wales. You can access all ownership categories excluding private individuals, overseas companies and charities.
Contact, identity, financial, transaction, technical, profile, usage and aggregated data
Find Property Information
Find Property Information provides you with a title summary giving the title number, if it is freehold or leasehold, who owns the property and what they paid for it and the lenders name and address (if there is a registered mortgage).
Contact, identity, financial, transaction, technical, profile, usage and aggregated data
Flood Risk Indicator
The Flood Risk Indicator gives information on how likely the land or property is to flood. It combines data from the Environment Agency and HM Land Registry.
Contact, identity, financial, transaction, technical, profile, usage and aggregated data
Overseas Companies Ownership Data
Our Overseas Companies Ownership Data contains around 100,000 title records of freehold and leasehold property in England and Wales, registered to companies incorporated outside the UK. You can access all ownership categories, excluding private individuals, UK companies and charities.
Contact, identity, financial, transaction, technical, profile, usage and aggregated data
Property Alert
Property ALert, our free fraud prevention service to monitor up to 10 registered properties, either owned by you or someone else.
You will receive email alerts when there is certain activity on the properties you are monitoring. If a request is made to find out who has a property alert against a title, the applicant will be entitled to be given the name of the person who has set up the alert.
Contact, identity, financial, transaction, technical, profile, usage and aggregated data

Non-statutory services for business users

The table below shows the non-statutory services available to business users. We keep the collected data for 6 years. We may share information with other government departments and law enforcement and regulatory bodies, including specified anti-fraud organisations under section 68 of the Serious Crime Act 2007. This sharing of information helps to prevent and detect crime, such as property fraud.

These non-statutory services provide business users with data we hold in our registers and opportunities to compare data they provide to us with the data we hold as part of our statutory services governed by registration legislation and forming the registers of title to land and property. For enquiries about these services, contact us.

Processing is necessary:

  • for the purposes of our legitimate interests
  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in HM Land Registry
Service name Categories of personal data received from business
Charge Validation service (Lender Service)
Mortgage lenders use this service to check and verify their mortgage portfolios. Personal data provided by lenders is checked against our registers.
Identity, contact, financial, transaction, aggregated data
Data Sync service (Lender service)
Mortgage lenders use our service to receive notification of mortgage registrations and discharges.
IIdentity, contact, financial, transaction, aggregated data
Polygon Plus service
This service enables users to view the geographic extent of specific registered titles and get ownership data for each registered extent.
Identity, contact, financial, transaction, aggregated data
Register Extract service
Business Gateway users can request to receive data in XML format of individual register entries, choosing which entries they want.
Identity, contact, financial, transaction, aggregated data
Volume Registration service
If title data is required for more than 20 properties this service can be used. For each title number supplied, users receive the register entry information as a PDF or CSV file (comma-separated values). Additional data from the register is also available on request.
Identity, contact, financial, transaction, aggregated data

The data used for these services has been collected either directly from individuals or their legal representatives. The purpose is so that we can comply with our statutory duty to maintain the Land Register and associated statutory registers (Land Charges register) and databases (Index of Proprietors Names). For these services we may receive personal data from our business users. We act as controller of our statutory data for the purposes of providing the data matching services to our business users. Our business users having verified their data using our data matching services are then the controllers of that data. It is in the public interest that we can use our data to ensure the integrity of our registers and to provide services to business users. Data for these services is either provided by business users in a spreadsheet format which is loaded into our systems by our staff or direct from our business users’ system to our Business Gateway system.

For some of our commercial services we compare data provided by the customer with data held on our systems or provide data to the customer. At the stage when the data is checked against data held by us, or provided to the customer, we will be the data processor. Our systems will check data provided by our business users against the data held by us. We will notify commercial customers about mortgage registrations or discharges relating to their organisation so they can check this data against their records for which they are the controller.

Your choices

Our aim is to ensure your information and preferences are accurate and complete. If you want to view or change your personal information or opt out of receiving information from us, let us know by sending your name, full address, emails address and company name (if applicable) to:

Email: dataprotection@landregistry.gov.uk

FREEPOST RSZE - TEZA - JCTH
HM Land Registry
CRM Team
HM Land Registry Croydon Office
Trafalgar House
1 Bedford Park
Croydon
CR0 2AQ

It is important to understand that you cannot ask us to make changes to the registers of title, such as removing price paid information in the register.

Marketing

We will get your express opt-in consent for sending third party direct marketing communications to you.You can ask us or third parties to stop sending you marketing messages at any time. You have the right to withdraw consent at any time. To adjust your marketing preferences:

  • login into the appropriate website and check, or uncheck relevant boxes
  • follow the opt-out links on any marketing message sent to you
  • or contact us

You may receive marketing communications from us if you have requested information from us or purchased goods or services from us and the information provided relates to improvements to the products purchased by you or comparable products that may be of interest to you.

Disclosure of personal data

In many circumstances, we will not disclose or use personal data without consent. However, there will be occasions when we will need to disclose or share or otherwise use personal information within our own internal departments and/or with other government departments and agencies, law enforcement and regulatory agencies and other relevant bodies. Examples of such occasions are when we investigate a land registration matter or complaint or to prevent and detect crime.

We may disclose details of anyone using our Property Alert service if a request is made to identify individuals searching particular title numbers.

Freedom of information

We may disclose information where we are under a duty to comply with legislation or statutory authority, for example, Freedom of Information Act 2000, Environmental Information Regulations 2004 or an order of court without getting your consent so that we can comply with any disclosure requirements.

Freedom of Information requests are put on our freedom of information requests log. Any personal data provided, such as contact and identity data will be used to deal with the request made by you.

Data retention: we will keep case file records for 3 years. Non-redacted documents, freedom of information exemption decisions and statistical data are kept for a period of 10 years.

Sharing of information

We may, where appropriate, share any information held with third parties such as other government departments, law enforcement and regulatory agencies and other relevant bodies, (including specified anti-fraud organisations under section 68 Serious Crime Act 2007, counter-fraud department, and counter-fraud organisations) if false or inaccurate information is provided and/or if the sharing of information is:

  • in the public interest, for example, investigation of land banking schemes and/or
  • for the prevention and detection of crime including prevention, detection and investigation of registration fraud

Information disclosed to counter-fraud organisations may be accessed and used by us and other organisations to prevent fraud and money laundering.

Information that relates to confirmed fraud will be shared with the police for one or more of the policing purposes of:

  • protecting life and property
  • preserving order
  • preventing the commission of offences
  • bringing offenders to justice
  • any duty or responsibility of the police arising from common or statute law

We follow the Information Commissioner’s Data Sharing Code of Practice so far as practicable.

Protecting your information

We acknowledge your trust and are committed to protecting the information you provide us. To prevent unauthorised access, maintain accuracy and ensure proper use of information, we have organisational and technical processes to safeguard and secure the information we collect.

Data transfers outside of the European Economic Area

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

We will not consent to third parties transferring personal data outside the European Economic Area unless they can provide the appropriate safeguards as determined by us in accordance with data protection legislation.

Security measures

We have in place security measures to prevent your personal data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they have a duty of confidentiality.

We also have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep personal data

For each of our services above we have specified how long we will keep personal information. In some circumstances you can ask us to delete your data (see right to erasure for further information.

We may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Job applicants

When individuals apply to work at HM Land Registry we will only use the information they supply to us as set out in the Job applicant personal information.

Data protection law provides that where personal data relating to you is collected from you, we, as the controller of that personal data must notify you of:

  • our contact details as the controller
  • contact details for our Data Protection Officer
  • details of any representative of the controller
  • the purpose of the processing and the legal basis for processing including whether it is a statutory or contractual requirement
  • where the processing is necessary for our legitimate interests or a third party the nature of those legitimate interests
  • the categories of personal data we are processing
  • where applicable, the recipients or categories of recipients of your personal information
  • our policy on transferring personal data to a third country or international organisation
  • your right to lodge a complaint to the Information Commissioner and how to exercise that right
  • how long we will keep your information
  • whether you have to provide the personal information and the possible consequences of not providing it
  • additional rights relating to your personal information as referred to below
  • the existence of any automated decision-making

You will find this information throughout this charter. However, if you require any clarification contact our Data Protection Officer setting out the information you require.

Where the personal data is not collected from you but collected from another party, the information set out in the bullet point list above will relate to that third party and will include the source of the personal data, but we are not obliged to give you this information if:

  • you already have it, or
  • the information is received in relation to processing that is authorised by our statutory legislation, or
  • giving the information to you would be impossible or involve disproportionate effort

In addition to the above under Data Protection law your rights relating to your personal information include the:

Your right of access

You have the right to receive a copy of your personal information held by us. You also have the right to confirmation that your personal data is being processed and to information about the legal reason for processing. We try to be as open as possible in terms of giving people access to their personal information.

Example of applicability: you can ask to see what information is held about you, such as, in our complaints record which records details of customer issues on which correspondence has been concluded.

Example where it is not possible or there are restrictions on this: you cannot request information about another person as generally there is no right to someone else’s personal data. Information contained in the register of title is available under registration legislation.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee, unless your request is manifestly unfounded or excessive or repetitive. Where this is the case, we will inform you and advise of the cost which will be based on the providing the information. Information available under registration legislation should be requested using our statutory procedures and not through the Data Protection Officer.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the volume or complexity of the request. If this is the case, the information will be provided within an additional 2 months. Depending on the nature of the request, we may need more detail about what information you are requesting. If we do hold information about you, we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to, and why
  • tell you of your rights and
  • let you have a copy of the information in an intelligible form

If you do not agree

We take complaints about the collection, retention and use of personal data seriously. If you are dissatisfied with the information provided, contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your right to rectification

You have the right to request that errors in your personal data are corrected, or to add a supplementary statement to your personal information where the data is inaccurate or incomplete.

Examples of applicability: where incorrect data is held on our customer service database, you may request the correction of errors.

Examples where not possible or restrictions on this: you cannot use this to ask us to make changes to the register of title, for example to remove the information about the price paid for a property from the register.

Requests in relation to errors in the register of title are considered under our statutory procedures contained in our registration legislation. For these, you should make an application setting out details of the error. Find out where to apply.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of your request, we may need more detail about what information you consider needs correcting. If we do not agree to your request for rectification, we will inform you of this and set out our reasons, together with the next steps you can take.

If you do not agree

If you are dissatisfied with our response, contact the Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your right to erasure

You can ask that your personal data is deleted or erased. This is sometimes known as the ‘right to be forgotten’.

Examples of applicability: the right to erasure may apply where there is no longer any need for us to keep the data or where the data is processed with your consent and you have withdrawn your consent. For example, where you have responded to a HM Land Registry survey and no longer wish to be contacted for such purposes or have taken part in user research about our products, services and systems.

Examples where not possible or restrictions on this: we will not erase data from the register of title as we have a legal obligation to keep this and make it available to the public. This includes historical register details, and documents in relation to registration applications made to us. This is to fulfil our legal obligations contained in registration legislation. We also will not delete personal data where it is required to establish, defend, or exercise legal claims, for example in relation to property or registration fraud.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail about what information you consider needs erasing. If we agree to erase the data, we will inform you and we will also make reasonable attempts to notify anyone we have shared that data with. If we do not agree to your request for erasure, we will inform you of this and set out our reasons, together with the next steps you can take.

If you do not agree

If you are dissatisfied with the response provided, contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your right to restrict processing

You can ask us to stop processing or using your personal data. This does not prevent us retaining the data but affects what that data may be used for.

Examples of applicability: if you dispute the accuracy of personal data we hold; you can ask us to stop using that data while the accuracy is confirmed, or errors corrected. If you have objected to our use of the data and we consider that we need to process it as part of our public task, then you can ask us to stop using the data while we assess whether our requirement to process the data overrides your right to stop the processing. Where we no longer need the data, but you do not want it deleted because it is needed, for example, in for legal proceedings, then you could ask us to keep the data and restrict further processing.

Examples where not possible or restrictions on this: where the data is included in the public register as we are legally required to maintain this and make it available to the public under registration legislation.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail about what information you consider should not be processed. If we agree to restrict the processing of the data, we will inform you. Wherever possible we will also tell anyone we have shared your data with about the restriction on processing. If there is a change in circumstances, we inform you if we later decide to remove the restriction on processing. If we do not agree to your request to restrict processing, we will inform you of this and set out our reasons, together with the next steps you can take.

If you do not agree

If you are dissatisfied with the response provided, contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your right to data portability

You can ask for your personal data to be moved to another service provider. The right applies to personal data you have provided directly to us, where the processing is based on your consent or as part of a contract you have with us, and that processing is automated.

Examples of applicability: Personal data belonging to our staff which has been shared with an onsite gym instructor and subsequently staff wish to transfer their personal gym information to a new offsite gym provider.

Examples where not possible or restrictions on this: **As this right only applies where processing takes place under a contract or with an individual’s consent, it does not apply to most information provided by customers to us as part of their registration applications, as this is processed as part of our statutory obligation and public task.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail about what information you consider should be provided and any specific technical or security arrangements. If we agree to your request, we will send the data to the other provider (where this is technically feasible) or provide the data to you in a machine-readable format. If we do not agree to your request, we will inform you of this and set out our reasons, together with the next steps you can take.

If you do not agree

If you are dissatisfied with our response or the information provided, contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your right to object

You have the right to object to the use of your Personal Data because of your individual circumstances. This right applies where the processing takes place based on public interest or the exercise of official authority (or an organisation’s legitimate interests) and to processing for research and statistical analysis.

You also have the right to stop the use of your personal data for direct marketing purposes. Your rights in relation to direct marketing under Data Protection Law are separate to your rights under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and any ‘preference service’ you may have signed up to relating to direct marketing activities.

Where these rights may be exercised, details have been included in this Personal information charter, and in any specific policy relating to a specific service or contact with you.

Examples of applicability: if we undertake direct marketing to inform individuals of details of our non-statutory services such as its Property Alert service, you may ask us to stop using your personal data for this purpose.

Examples where not possible or restrictions on this: where we can show we have reasons to process the data as part of our public task, for example, in maintaining the public registers of title. This may extend to processing data to establish, defend or exercise legal claims such as in relation to registration fraud.

How to make request

Contact our Data Protection Officer setting out the details of your request and the grounds for your request based on your individual circumstances. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail about what information you consider should not be processed. We will inform you if we agree to your request and where we do not agree, we will inform you of this and set out our reasons, together with the next steps you can take.

We will stop processing personal data for the purposes of direct marketing if you ask us to.

If you are dissatisfied with the response provided, please contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Your rights in relation to automated decision making and profiling

Profiling is an automated decision aimed at evaluating or predicting certain personal aspects such as behaviour, health, financial position. Where an automated decision based on such profiling has a significant legal effect on an individual, then that person has the following rights:

(1) to human intervention in that decision
(2) the right the express their views, and
(3) to get and challenge an explanation of that decision.

Examples of applicability: we only use information supplied as part of a job application to process that application and to monitor recruitment statistics. As part of the recruitment process, we may use automated online testing or psychometric analysis. Job applicants may seek further information about the nature of such testing to determine whether the above right is applicable.

Examples where not possible or restrictions on this: Where the automated decision is permitted by law for example for the prevention of fraud.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail from you. We will advise you whether we agree to your request and if so, provide you with the information in relation to the automated profiling/decision. You will be given the opportunity to request that there is human intervention, so that the decision is not made by an automated process. We will also give you the opportunity to comment upon the explanation and challenge the decision. If we do not agree to your request we will inform you of this and set out our reasons, together with the next steps you can take.

If you do not agree

If you are dissatisfied with our response or the explanation provided, contact the Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Where we are relying on consent to process your personal data you have the right to withdraw your consent at any time.

Examples of applicability: if you agree to help us with user research or to accept marketing information from us you will need to give your specific consent either by completing a consent form or ticking a box.

Examples where not possible or restrictions on this: if you withdraw your consent at any time this will not affect the lawfulness of any processing carried out before your withdrawal of consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

How to make a request

Contact our Data Protection Officer setting out the details of your request. There is no fee.

What we will do

We will acknowledge your request and confirm the anticipated date by which we will respond. This is usually within one month unless longer is needed due to the complexity of the request. Depending on the nature of the request, we may need more detail from you.

If you do not agree

If you are dissatisfied with our response or the explanation provided, please contact our Data Protection Officer. Your complaint and initial request will be reviewed, and a further response provided.

If you remain dissatisfied with our response or require independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner.

Legislation index