Privacy policy

We collect some information or data about you when you use Registry Trust and TrustOnline.

TrustOnline is the interactive website for Registry Trust Limited.

The office address is:

Registry Trust Limited
3rd Floor
12 Carthusian Street
London
EC1M 6EB

We collect:

  • questions, queries or feedback you leave, including your email address if you contact us
  • your email address and subscription preferences when you sign up to our email alerts, and how you use our emails - for example whether you open them and which links you click on
  • information on how you use the site, using cookies. (See below)
  • we use a separate company to process payments for any searches carried out. We do not have access to your card or bank account details.
  • We may use demographic information, and anonymised or pseudonymised data to understand the types of searches and numbers of searches made.
  • you remain able to opt in to any e-mail reminders you may receive.

The data we collect from TrustOnline users can be viewed by authorised people employed by Registry Trust and our suppliers, to:

  • improve the website by monitoring how you use it
  • gather feedback to improve our services, (i.e.: our email alerts)
  • respond to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • allow you to access registry services and make transactions
  • provide you with information about our other services if you want it

Cookies

We want to make your experience of using TrustOnline easy, useful and reliable. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide general information to the owners of the site. They cannot be used to identify you personally and we do not share this information with any third parties. We only use cookies to ensure that when you are visiting TrustOnline you don’t have to give the same information several times before completing your transaction.

Google Analytics cookies

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, the pages they visit on the site and where visitors have come to the site from.

We also use Google Advertising Cookies, which creates advertising based on what is relevant to the user; improve reporting, and to avoid repeated advertisements that have already been viewed. Google cookies also use cookies to remember your most recent searches and previous interactions with advertisements and search results.

Google also uses conversion cookies whose main purpose is to help advertisers determine how many times the people who click on their adverts end up purchasing their products. These cookies allow Google and the advertiser to determine that you clicked on the advert and later visited the advertiser site. 

You can find more information on Google Analytics cookies here.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Smartlook

Registry Trust use a service called Smartlook on our website. This service tracks website user behaviour, so it will tell us:

  • How individuals use the website
  • Screens they navigate to and from
  • How long users spend on each web page

We use this to help us understand how people use our website – and to understand how we could improve the website to make it easy to use.

Registry Trust do not use the tracking service available through Smartlook. So Registry Trust will be aware that an individual accessed our website and how they used it – but not who that individual is.

To opt out of being tracked by Smartlook across all websites visit https://www.smartlook.com/opt-out

Online search session cookie

This cookie is essential for the completion of an online search. It is set only for those people who progress through the site and who enter details to make a search. This cookie is deleted when you close your browser. If your browser has cookies completely disabled this will also disable this session cookie and the site will not work.

Content Management System cookie

This cookie is set by our content management system on various browsers upon arrival to the TrustOnline site. It is not used by TrustOnline for any purpose. Work is underway on our site to prevent this cookie from being created. Most web browsers allow some control of most cookies through the browser settings although disabling cookies could impact the functionality of the website you are visiting. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

Register Data

The data we collect from the court service is a matter of public record. Registry Trust publishes this information on the Register. This information relates to judgments, orders, fines and decrees. This data is also passed to other parties for use with credit activities including credit reference agencies; companies offering financial services; companies offering financial advice and their agents.

How long do we keep data for?

We retain personal data for a maximum of 8 years.

  • Judgments, orders and decrees are retained on a public Register for 6 years before being removed automatically.
  • Fines are retained for 5 years before being removed automatically.

Any other alteration to the Register must be instructed by the courts.

You can find more detail on the court regulations here: www.legislation.gov.uk/uksi/2005/3595/contents/made

All Register information is retained internally, and accessible to authorised Registry Trust personnel up to 8 years after the initial recording of the information. Registry Trust retain this information for a limited period for internal auditing purposes only, and it is not shared with any other organisations or individuals,

Where your data is stored

Data is stored on the Microsoft Azure cloud platform.  All of the servers including back-ups are based in UK.

None of our suppliers are based outside the EEA. We have strict controls over how and why your data can be accessed.

By submitting your personal data, you agree to this.

When you sign up to our email alerts

As a subscriber to our email alerts, we may contact you from time to time to ask for your feedback on how to improve our email alert service. If you’ve signed up for email alerts, you can unsubscribe or change your settings at any time.

Keeping your data secure

Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit. Any data you do send is at your own risk.

We have procedures and security features in place to keep your data secure once we receive it. Registry Trust are ISO27001:2017 compliant and you can find more information on the scope of our Business Management System here. Registry Trust maintain various security measures to meet the standards of ISO27001:2017, including firewalls, anti-virus software, encryption, password protection, building security and regular staff training.

Disclosing your information

We may pass on your personal information if we have a legal obligation to do so, or if we have to enforce or apply our terms of use and other agreements. This includes exchanging information with authorities for legal reasons.

Registry Trust publish personal data on the Register - which is a matter of public record - relating to judgments, orders, fines and decrees. This information is obtained from the UK court service. This data is also passed to other parties for use with credit activities including credit reference agencies; companies offering financial services; companies offering financial advice and their agents.

Other parties are bound by specific contracts to use the data in line with UK law.

You can find a complete listing of all the companies we provide data to here.

Your rights

Under UK data protection laws, you have certain key rights, which are summarised below. There are some exceptions to the data protection laws which relate to the information added to the Register. You can also obtain more information on data protection and your rights by visiting the ICO website - https://ico.org.uk/

The right to be informed

Registry Trust comply in full with your right to be informed when your information is used. Users of TrustOnline will be able to see how their information is collected, used and stored elsewhere within this policy.

Those who have their data recorded in the public Register are notified via a Fair Processing Notice. This notice appears on the judgment notices provided by the courts in England and Wales. For all other jurisdictions, the notice is provided in a letter sent direct from Registry Trust.

The right of access

You have the right to know what personal information Registry Trust store, and to understand which elements of the data protection laws allow for this. As the data we deal with is a matter of public record, you can search the register (www.trustonline.org.uk) to find out what information Registry Trust holds as part of its remit.

Should you believe that Registry Trust has other information held outside of the public records (i.e.: as a result of correspondence with you) you can ask for this through a Subject Access Request. Please note – unless you have had separate correspondence with Registry Trust, it is likely that an online search of the Register will provide the information you need.

If your request relates solely to information on the public Register for England and Wales, you must make your subject access request directly to the Ministry of Justice. You can find details of how to do so here.

If you still wish to make a subject access request to Registry Trust, please send it in writing to the Data Protection Officer at: DPO Registry Trust, 3rd Floor, 12 Carthusian Street, London, EC1M 6EB, or via e-mail to: dataprotection@registry-trust.org.uk The subject access request will be responded to within 30 days, and there will be no charge for the information provided.

You can obtain more information on subject access requests, and the rules around providing them by visiting the information commissioner’s website. https://ico.org.uk/

Lawful processing of data

Registry Trust Limited (RTL) processes data in compliance with the conditions listed in Article 6 (1) of the GDPR. GDPR Article 6(1) states that “processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of the controller’s official authority includes processing of personal data that is necessary for—

  • the administration of justice,
  • the exercise of a function of either House of Parliament,
  • the exercise of a function conferred on a person by an enactment, or
  • the exercise of a function of the Crown, a Minister of the Crown or a government department.”

Registry Trust Limited also processes data under 6(1) where processing is considered “necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject”. GDPR also allows for data processing where it “is necessary for the performance of a contract with the data subject or to take steps to enter into a contract”.

The right to rectification

The Register of Judgments, Orders and Fines Regulations 2005 state how the Register is to be kept. The regulations place responsibility on the courts on when to notify the appointed Registrar, what cases are included, and what information is provided. As Registrar our responsibility is to take this output from the courts and add it to the Register. Registry Trust have processes to challenge the accuracy of court records where a record appears illogical or incomplete. If this record is confirmed by the relevant court, we are still obliged to add it to the Register. Where an error is discovered, Registry Trust can only act on court instructions to amend or delete the record as appropriate. Once that instruction is received from the court, we amend the record immediately and advise all of the organisations that we provide data to.

The right to erasure

Under data protection laws, the right to erasure (also known as ‘the right to be forgotten’) enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Registry Trust maintains the Register on behalf of the Government (Ministry of Justice). As such Registry Trust Limited has a legal requirement and a public duty to make this information available. For Registry Trust data, the underlying processing condition is the overriding legitimate and public interest for doing so. The right to erasure does not provide an absolute ‘right to be forgotten’ and processing by Registry Trust complies with data protection laws. As such it is very unlikely that the right to erasure will apply to information held on the public Register. For any other information Registry Trust hold, outside of the official Register, you can request the removal of that information, and we will comply where there are no overriding reasons for retaining the information. Where we are unable to comply with a request, we will inform you in writing.

The right to restrict processing

Registry Trust publish data they receive from the court service. As such they are obliged to maintain that data on the Register until the court advise them of any amendment. This is because the legitimate grounds for processing the Register data override individual interest. Where an error is identified and advised by the court service, Registry Trust automatically notify recipients of the correction or removal.

The right to data portability

Data portability can be requested where certain conditions are met. Specifically, where an individual has supplied their information to the data controller, and the data controller is reliant on the individual’s consent to deal with their information and where the processing is automated. Information maintained on the public Register does not meet those conditions. For more information on this, you can refer to the information commissioner’s website. https://ico.org.uk/

The right to object

In line with our stance on the right to be forgotten, or to prevent processing, Registry Trust have a legal requirement and a public duty to make the Register information available. It is unlikely that the right to object will apply to information held on the public Register.

Rights related to automated decision making

Registry Trust do not use your data to make any decisions. The information is published solely as a matter of public record.

Links to other websites

This privacy policy only applies to Registry Trust and TrustOnline. It does not cover other services and transactions that we link to. These services, have their own terms and conditions and privacy policies.

Following a link to another website

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.

Following a link to Registry Trust Limited or TrustOnline from another website

If you come to Registry Trust or TrustOnline from another website, we may receive information from the other website. We don’t use this data. You should read the privacy policy of the website you came from to find out more about this.

Data Protection Officer

You can contact the Data Protection Officer by writing to:

DPO
Registry Trust
3rd Floor
12 Carthusian Street
London
EC1M 6EB

Or via e-mail to: dataprotection@registry-trust.org.uk

Information Commissioners Office

If you have any concerns about how your personal information has been handled you can refer the matter to the Information Commissioner’s Office. You will find details of how to contact them here. https://ico.org.uk/concerns/handling/