DATA PROTECTION POLICY - TRACE
In some cases we may profile subjects names through the live credit databases that we have access to. This may leave "footprints" under the search purpose that the client has provided to us on the subject's credit file on Credit Reference Agency Database(s).
It is always recommended therefore that the client has the consent in the original agreement. However there are exceptions in cases where it is considered not applicable. Eg. Public Interest and other DPA Exemptions. (Section 29 and 35).
If the clients instruction is a trace and dependent upon the information we obtain from these databases, this will then determine what further enquiries are appropriate. Such as obtaining telephone numbers from addresses at which we believe the subject may be or have been located.
We may also utilise other publicly available databases and/or Registries that we feel would be of value in this enquiry. E.g. The Family Records Office, Land Registry, Gazette, Electoral Roll etc. etc.
Once this research has been completed we may then conduct enquiries by telephone at and around the locations identified. At no stage will we divulge to a third party any personal data relating to the Data Subject and all enquiries will be discreet.
For the avoidance of doubt the instructions are accepted on the basis that our services are conducted under the direction of the client and as such we are deemed the Data Processor and the client, and/or the principal, is deemed Data Controller.
If the subject of enquiry should contact us regarding any search we will refer them to the client as we will have forwarded our report to them and we will hold no additional information/data. We will hold data for not longer than necessary which in most cases will be no longer than 6 months, unless instructed to do so by the Data Controller.
We confirm that no information concerning the Data Subject given to us by yourselves, or obtained during the course of this enquiry, will be used for any other purpose.
At all stages of enquiries we recognise that we are acting as the clients Data Processor, and as such we will comply totally with the Data Protection Act and the guidelines contained within the Principles of GDPR.