We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
In our capacity as UK supervisory authority for data protection, there are some circumstances where we must cooperate with and help other supervisory authorities in the EEA, in handling complaints and investigations. This may lead to sharing personal information if it is relevant to the complaint or investigation.