Privacy notice

Ombudsman Service (OS) takes your privacy seriously.  This privacy notice tells you what to expect when OS collects personal information from you. It also explains how we will store and handle that data, and keep it safe.

We know that there is a lot of information, but we want you to be fully informed about your rights, and how the Ombudsman Service uses your data

Our privacy notice applies to information we collect about:

  • visitors to our website;
  • complainants, third parties, and other individuals in relation to the complaints OS has been asked to investigate;
  • people who call us with telephone enquiries; and
  • Job applicants, current and former employees.

We will only use the personal information you provide to administer your complaint and to provide the services you have requested from us. The information you provide will also help us direct your enquiries.

The types of data that we collect are only those details necessary for the consideration of your complaint about a Participating Company.

To ensure that the information we hold is accurate and up-to-date, please ensure that we are promptly informed of any relevant change to your contact details.

We sometimes supply your personal data to a third party for example, the named Participating Company to which your complaint relates, one of our regulators such as Ofcom or Ofgem, or where the transfer is to a secure data processor who carries out data processing operations on our behalf.

Ombudsman Services is registered on the "public register of data controllers" which can be seen online on the Information Commissioner Officer’s (ICO) website.

Ombudsman Services, is registered at the address of 3300 Daresbury Park, Daresbury, WA4 4HS.

The Data Protection Officer as assigned by OS is also based at 3300 Daresbury Park, Daresbury, WA4 4HS.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

Data protection law

All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data.

These rules apply regardless of whether data is stored electronically, on paper or on other materials.      

To comply with the law, personal information must be collected lawfully and used fairly, stored safely and not disclosed unlawfully.