The Ombudsman Service Ltd (OS) is a Data Controller under the Data Protection Act 1998. This means that we are responsible for how and why your personal information is used.
Collection and use of personal information
You provide us with the information we collect and use about you. If you ask us to look into a dispute you have with your service provider we will ask you to authorise them to provide us with their side of the story. They will provide any relevant information about you and your account(s).
We will take care of your personal data and will only use it to process your enquiry or investigate your complaint and to help us improve service quality. Following completion of the complaint investigation, your information may be used as the basis for creating an anonymous case report and this may, in turn, be used to build scenarios for training and reporting purposes but these will contain no personal information.
Retention and deletion policy
When you provide us with your personal information we will only retain it for as long as we need to, to make sure that we have dealt with all aspects of your enquiry or complaint. In practice, this means that we will keep your name and address for a minimum of six months if you make an enquiry and request a brochure.
If we are dealing with your complaint we will keep your personal information for a maximum of 12 months after your case has been closed. All personal information held by OS will be deleted in a structured, secure and timely manner.
Disclosure of your personal information
In order to process your complaint we shall usually need to disclose the personal information you send us to your service provider. We may then need to disclose it to a third party such as an independent expert, to help us determine the case.
To help us process our work we have contracts with companies who provide us with services such as IT support. Where they process your data for us our contract with them makes clear that they must hold it securely and only use it as we instruct them to. If your case raises issues which we think might be more appropriate for one of the regulators, we will only pass your information on with your consent.
Monitoring and recording of calls
Your telephone calls to us may be recorded for the purposes of staff training and service quality. You will be told about this in a recorded message before your call is put through to a member of staff. Calls that are recorded for these purposes will be kept secure, will not be disclosed outside OS and will be deleted after a maximum period of 6 months.
The Ombudsman Service website provides the facility for you to submit personal information. For example, the information you submit may include Identifiable information such as your name, address, date of birth, email address, telephone number or account numbers for service suppliers. In some cases, this may require us to pass information on to 3rd parties to enable us to facilitate enquires on your behalf. This WILL always be done with your consent. When you provide personal information to us, we will use it only to deliver our service to you. We will not pass on your personal details to 3rd parties for any other person that the express goal of servicing your requirements.
Access to your information
The Data Protection Act 1998 provides you with a right of access to a copy of any personal information we may hold about you. This is called the right of subject access. We charge a fee of £10 for subject access requests and we are required to provide you with a copy of your personal information within 40 days. If the information we hold is shown to be incorrect we shall make the necessary amendments.
You may write to us at any time at the address below to obtain details of the information we hold on you.
Data Protection Officer
3300 Daresbury Park
Section 3 of the Freedom of Information Act 2000 sets out that a public authority as defined in that Act is either listed in Schedule 1 of the Act, designated by order of the Secretary of State under Section 5 or is a publicly owned company as set out in Section 6. OS is not defined as a public authority under any of those categories at present.
For further information on the Data Protection Act 1998 please visit the following website: www.informationcommissioner.gov.uk