
CompanyFour Legal
Government and Public Authority Data Request Policy
How Company IV Ltd assesses, records, and responds to lawful requests for personal data from public authorities.
1. Purpose and scope
Company IV Ltd operates the Company Four platform. This policy governs requests from public authorities for personal data that we control or process through the platform. It does not remove any rights or obligations that apply under law, a court order, or another binding legal requirement.
2. Receiving and verifying a request
- We require requests to identify the requesting body, responsible officer, legal authority, records sought, purpose, and response deadline.
- We verify the request through appropriate official contact details or other reliable means before disclosing personal data.
- We do not provide personal data in response to informal, incomplete, or unverified requests.
- Urgent requests are escalated promptly, but urgency does not remove the need to verify authority and scope.
3. Legal and proportionality review
A designated Company IV Ltd lead reviews each request to determine whether it appears lawful, sufficiently specific, relevant to the stated purpose, and within the requester's authority. Where appropriate, we seek further information or independent legal advice before responding.
4. Data minimisation and secure disclosure
- We disclose the minimum personal data necessary to comply with a valid request.
- We avoid disclosing unrelated account, commerce, support, communications, or platform records.
- We use a secure, documented delivery method appropriate to the sensitivity of the information.
- We do not disclose passwords, authentication secrets, or security credentials except where a binding legal obligation expressly requires it and the disclosure has been escalated for review.
5. Records and retention
We document the request, verification steps, assessment, people involved, data disclosed, delivery method, and our response. These records are retained only for as long as reasonably required for legal compliance, accountability, security, audit, or dispute management.
6. Notice to affected people
We consider whether notice to an affected person is appropriate. We will not give notice where prohibited by law, where it would compromise an investigation, or where another lawful restriction applies. Any decision to withhold notice is documented with the request record.
7. Requests involving service providers
Where a service provider processes relevant data on our behalf, we coordinate with that provider under the applicable contract and data-protection terms. Providers should not make a disclosure on our behalf without the appropriate review and instruction, unless they are legally required to respond directly.
8. Escalation and concerns
Requests that are unusually broad, unclear, technically sensitive, or potentially unlawful are escalated for additional review. Questions about this policy can be sent using the contact address shown on this legal page.