We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. 

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

In our capacity as UK supervisory authority for data protection, there are some circumstances where we must cooperate with and help other supervisory authorities in the EEA, in handling complaints and investigations. This may lead to sharing personal information if it is relevant to the complaint or investigation.

We may also share your information in the event of the non-payment of a Civil Monetary Penalty. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty. As a result the ICO will share personal data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.