CompanyFour

CompanyFour Legal

Government and Public Authority Data Request Policy

How Company IV Ltd assesses, records, and responds to lawful requests for personal data from public authorities.

OperatorCompany IV Ltd
RegionUnited Kingdom
Contactinfo@companyfour.test
ScopeRequests from courts, regulators, police, government departments, and other public authorities.
AssessmentWe review the identity, authority, legal basis, scope, and deadline before disclosing personal data.
DisclosureWe use secure channels and provide only the information required for a valid request.

1. Purpose and scope

Company IV Ltd operates the Company Four platform. This policy governs requests from public authorities for personal data that we control or process through the platform. It does not remove any rights or obligations that apply under law, a court order, or another binding legal requirement.

2. Receiving and verifying a request

  • We require requests to identify the requesting body, responsible officer, legal authority, records sought, purpose, and response deadline.
  • We verify the request through appropriate official contact details or other reliable means before disclosing personal data.
  • We do not provide personal data in response to informal, incomplete, or unverified requests.
  • Urgent requests are escalated promptly, but urgency does not remove the need to verify authority and scope.

3. Legal and proportionality review

A designated Company IV Ltd lead reviews each request to determine whether it appears lawful, sufficiently specific, relevant to the stated purpose, and within the requester's authority. Where appropriate, we seek further information or independent legal advice before responding.

4. Data minimisation and secure disclosure

  • We disclose the minimum personal data necessary to comply with a valid request.
  • We avoid disclosing unrelated account, commerce, support, communications, or platform records.
  • We use a secure, documented delivery method appropriate to the sensitivity of the information.
  • We do not disclose passwords, authentication secrets, or security credentials except where a binding legal obligation expressly requires it and the disclosure has been escalated for review.

5. Records and retention

We document the request, verification steps, assessment, people involved, data disclosed, delivery method, and our response. These records are retained only for as long as reasonably required for legal compliance, accountability, security, audit, or dispute management.

6. Notice to affected people

We consider whether notice to an affected person is appropriate. We will not give notice where prohibited by law, where it would compromise an investigation, or where another lawful restriction applies. Any decision to withhold notice is documented with the request record.

7. Requests involving service providers

Where a service provider processes relevant data on our behalf, we coordinate with that provider under the applicable contract and data-protection terms. Providers should not make a disclosure on our behalf without the appropriate review and instruction, unless they are legally required to respond directly.

8. Escalation and concerns

Requests that are unusually broad, unclear, technically sensitive, or potentially unlawful are escalated for additional review. Questions about this policy can be sent using the contact address shown on this legal page.