Data protection and SARs

The Financial Ombudsman Service is covered by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This places legal obligations on us, as a data controller, when we hold and process personal information about individuals.

Personal data means information about you – for example, your name, date of birth, financial details and phone conversations with us.

Our entry in the public register of data controllers can be seen online on the Information Commissioner's website. 

We know that the personal and financial circumstances of people who refer complaints to us can be very sensitive, and we handle people's information with care and discretion. You can find out more about this in our privacy policy.

• Asking for information

  We’re committed to being open and transparent, which is why we’re happy to share the information we’ve relied upon to reach our decision on your complaint. If this is the information you’d like to see, then you’ll need to speak to the person who is handling your complaint. They’ll have given you their contact details so you can get in touch.

  However, because of the volumes of complaints we see and in order to resolve these complaints as quickly as possible, we don’t share the full complaint file with either party to the complaint.

  Under current data protection laws, you’re entitled to ask us for a copy of all the personal data we hold about you. This is known as a subject access request or a right of access. A subject access request doesn’t give you the right to access specific documents or an entire file. Instead, it entitles you to your ‘personal data’ in a clear and permanent form, as well as other supplementary information.

  More information about subject access request is available on the Information Commissioner’s website.

• Who should I contact to make a subject access request?

  Please contact our information rights team at: [email protected]

  Please note, in light of the government guidance on the ongoing Covid-19 (coronavirus) outbreak we are currently unable to receive post. Find out more about how our service is being impacted by the Covid-19 outbreak.

  To make sure we’re sending the information to the right person, we may need to see proof of identify and proof of address.

  When you make a subject access request, please let us know exactly what information you’re looking for to ensure we provide you with the relevant information.

• Is there a charge?

  No. Since 25 May 2018, we no longer charge a fee to comply with a subject access request in the majority of cases. However, where the request is manifestly unfounded or excessive, the ICO says we may charge a reasonable fee for the administrative costs of complying with the request. We are also allowed to charge a reasonable fee if an individual requests further copies of their data following a request.

• How long we keep your personal information

  We keep your personal information only for as long as we need to. 

  For example:

  • We will keep your case file for six years after your case closes (or three years if we don’t go on to fully investigate your case).
  • We keep ombudsman decisions permanently.
  • If you brought a case to our service before February 2014, your case may have had a paper file. If so, we would only keep a record of this for three years after your case closed and your electronic file for six years after your case closed.
  • If you ask the Independent Assessor to look into a complaint about our service, the Independent Assessor’s office will keep their opinion setting out their recommendations for six years and any correspondence for three years.

  There may be rare occasions where we need to keep your information for longer than the time periods set out above. This is in order for us to effectively resolve issues or activities surrounding your case or a group of cases, but these will be rare.

• Can I see information you hold about others?

  No – a subject access request only allows you to see information we hold about you. When we send this information, the names and contact details of others will usually be removed. If we correspond with a business about your complaint, we’ll tell you the name of the business we’ve been corresponding with, but not necessarily the name of the individual at that business.

• What if I'm unhappy with your response?

  If you’re not happy with how we’ve handled your subject access request, please contact our information rights team as soon as possible. 

  You can email us: [email protected]

  Please note, in light of the government guidance on the ongoing Covid-19 (coronavirus) outbreak we are currently unable to receive post. Find out more about how our service is being impacted by the Covid-19 outbreak.

  If you’re still unhappy after that

  You can find out how to contact the Information Commissioner on their website.