We collect some information or data about you when you use Registry Trust and TrustOnline.
TrustOnline is the interactive website for Registry Trust Limited.
The office address is:
Registry Trust Limited
153-157 Cleveland Street
The data we collect from TrustOnline users can be viewed by authorised people employed by Registry Trust and our suppliers, to:
Google Analytics cookies
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, the pages they visit on the site and where visitors have come to the site from. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Registry Trust use a service called Smartlook on our website. This service tracks website user behaviour, so it will tell us:
We use this to help us understand how people use our website – and to understand how we could improve the website to make it easy to use.
Registry Trust do not use the tracking service available through Smartlook. So Registry Trust will be aware that an individual accessed our website and how they used it – but not who that individual is.
To opt out of being tracked by Smartlook across all websites visit https://www.smartlook.com/opt-out
Online search session cookie
This cookie is essential for the completion of an online search. It is set only for those people who progress through the site and who enter details to make a search. This cookie is deleted when you close your browser. If your browser has cookies completely disabled this will also disable this session cookie and the site will not work.
Content Management System cookie
This cookie is set by our content management system on various browsers upon arrival to the TrustOnline site. It is not used by TrustOnline for any purpose. Work is underway on our site to prevent this cookie from being created. Most web browsers allow some control of most cookies through the browser settings although disabling cookies could impact the functionality of the website you are visiting. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
The data we collect from the court service is a matter of public record. Registry Trust publishes this information on the Register. This information relates to judgments, orders, fines and decrees. This data is also passed to other parties for use with credit activities including credit reference agencies; companies offering financial services; companies offering financial advice and their agents.
How long do we keep data for?
We retain personal data for a maximum of 8 years.
Any other alteration to the Register must be instructed by the courts.
You can find more detail on the court regulations here: www.legislation.gov.uk/uksi/2005/3595/contents/made
All Register information is retained internally, and accessible to authorised Registry Trust personnel up to 8 years after the initial recording of the information. Registry Trust retain this information for a limited period for internal auditing purposes only, and it is not shared with any other organisations or individuals,
Where your data is stored
Data is stored on the Microsoft Azure cloud platform. All of the servers including back-ups are based in UK.
We store your data on secure servers in the European Economic Area (EEA)
None of our suppliers are based outside the EEA. We have strict controls over how and why your data can be accessed.
By submitting your personal data, you agree to this.
When you sign up to our email alerts
As a subscriber to our email alerts, we may contact you from time to time to ask for your feedback on how to improve our email alert service. If you’ve signed up for email alerts, you can unsubscribe or change your settings at any time.
Keeping your data secure
Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit. Any data you do send is at your own risk.
We have procedures and security features in place to keep your data secure once we receive it. Registry Trust are ISO27001:2017 compliant. Registry Trust maintain various security measures to meet the standards of ISO27001:2017, including firewalls, anti-virus software, encryption, password protection, building security and regular staff training.
Disclosing your information
Registry Trust publish personal data on the Register - which is a matter of public record - relating to judgments, orders, fines and decrees. This information is obtained from the UK court service. This data is also passed to other parties for use with credit activities including credit reference agencies; companies offering financial services; companies offering financial advice and their agents.
Other parties are bound by specific contracts to use the data in line with UK law.
You can find a complete listing of all the companies we provide data to here.
Under UK data protection laws, you have certain key rights, which are summarised below. There are some exceptions to the data protection laws which relate to the information added to the Register. You can also obtain more information on data protection and your rights by visiting the ICO website - https://ico.org.uk/
The right to be informed
Registry Trust comply in full with your right to be informed when your information is used. Users of TrustOnline will be able to see how their information is collected, used and stored elsewhere within this policy.
Those who have their data recorded in the public Register are notified via a Fair Processing Notice. This notice appears on the judgment notices provided by the courts in England and Wales. For all other jurisdictions, the notice is provided in a letter sent direct from Registry Trust.
The right of access
You have the right to know what personal information Registry Trust store, and to understand which elements of the data protection laws allow for this. As the data we deal with is a matter of public record, you can search the register (www.trustonline.org.uk) to find out what information Registry Trust holds as part of it’s remit.
Should you believe that Registry Trust has other information held outside of the public records (i.e.: as a result of correspondence with you) you can ask for this through a Subject Access Request. Please note – unless you have had separate correspondence with Registry Trust, it is likely that an online search of the Register will provide the information you need.
If you still wish to make a subject access request, please send it in writing to the Data Protection Officer at: DPO Registry Trust 153-157 Cleveland Street London W1T 6QW Or via e-mail to: firstname.lastname@example.org The subject access request will be responded to within 30 days, and there will be no charge for the information provided. You can obtain more information on subject access requests, and the rules around providing them by visiting the information commissioner’s website. https://ico.org.uk/
Lawful processing of data
Registry Trust Limited (RTL) processes data in compliance with the conditions listed in Article 6 (1) of the GDPR. GDPR Article 6(1) states that “processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of the controller’s official authority includes processing of personal data that is necessary for—
Registry Trust Limited also processes data under 6(1) where processing is considered “necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject”. GDPR also allows for data processing where it “is necessary for the performance of a contract with the data subject or to take steps to enter into a contract”.
The right to rectification
The Register of Judgments, Orders and Fines Regulations 2005 state how the Register is to be kept. The regulations place responsibility on the courts on when to notify the appointed Registrar, what cases are included, and what information is provided. As Registrar our responsibility is to take this output from the courts and add it to the Register. Registry Trust have processes to challenge the accuracy of court records where a record appears illogical or incomplete. If this record is confirmed by the relevant court, we are still obliged to add it to the Register. Where an error is discovered, Registry Trust can only act on court instructions to amend or delete the record as appropriate. Once that instruction is received from the court, we amend the record immediately and advise all of the organisations that we provide data to.
The right to erasure
Under data protection laws, the right to erasure (also known as ‘the right to be forgotten’) enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Registry Trust maintains the Register on behalf of the Government (Ministry of Justice). As such Registry Trust Limited has a legal requirement and a public duty to make this information available. For Registry Trust data, the underlying processing condition is the overriding legitimate and public interest for doing so. The right to erasure does not provide an absolute ‘right to be forgotten’ and processing by Registry Trust complies with data protection laws. As such it is very unlikely that the right to erasure will apply to information held on the public Register. For any other information Registry Trust hold, outside of the official Register, you can request the removal of that information, and we will comply where there are no overriding reasons for retaining the information. Where we are unable to comply with a request, we will inform you in writing.
The right to restrict processing
Registry Trust publish data they receive from the court service. As such they are obliged to maintain that data on the Register until the court advise them of any amendment. This is because the legitimate grounds for processing the Register data override individual interest. Where an error is identified and advised by the court service, Registry Trust automatically notify recipients of the correction or removal.
The right to data portability
Data portability can be requested where certain conditions are met. Specifically, where an individual has supplied their information to the data controller, and the data controller is reliant on the individual’s consent to deal with their information and where the processing is automated. Information maintained on the public Register does not meet those conditions. For more information on this, you can refer to the information commissioner’s website. https://ico.org.uk/
The right to object
In line with our stance on the right to be forgotten, or to prevent processing, Registry Trust have a legal requirement and a public duty to make the Register information available. It is unlikely that the right to object will apply to information held on the public Register.
Rights related to automated decision making
Registry Trust do not use your data to make any decisions. The information is published solely as a matter of public record.
Links to other websites
Following a link to another website
Following a link to Registry Trust Limited or TrustOnline from another website
Data Protection Officer
You can contact the Data Protection Officer by writing to:
153-157 Cleveland Street
Or via e-mail to: email@example.com
Information Commissioners Office
If you have any concerns about how your personal information has been handled you can refer the matter to the Information Commissioner’s Office. You will find details of how to contact them here. https://ico.org.uk/concerns/handling/