Data-Subject Requests

If you would like Meridian Data to take action over personal data we hold about you, this is the page to start at. It covers two situations:

• You are a Meridian Data customer and want to access, correct, or delete account data we hold about you.
• You are named in one of our published datasets — for example an FCA Final Notice, a published court judgment, a Companies House officer record, or an NHS performance breakdown — and you would like the record corrected or removed.

We process each request under UK GDPR. See our Privacy Policy for the lawful basis on which we process personal data.

Under UK GDPR you may ask us to:

• Access the personal data we hold about you (Article 15).
• Rectify inaccurate or out-of-date information (Article 16).
• Erase personal data (Article 17), subject to the exceptions in Article 17(3).
• Restrict or object to processing (Articles 18 and 21).
• Receive a copy of your customer data in a portable format (Article 20). Applies to customer account data only.

Email privacy@meridiandata.co.uk with the following information. The more specific you can be, the faster we can verify and respond.

• Your full name and any other names you may have been published under (e.g. former names).
• Which right you are exercising (access, rectification, erasure, restriction, objection, portability).
• Which record(s) the request relates to. A direct URL on our site is best (for example meridiandata.co.uk/firms/[name]). If you don't have a URL, describe the record well enough that we can locate it.
• For erasure or rectification: a brief reason. If the underlying source has changed (for example a court judgment has been redacted or an FCA notice withdrawn), please mention this.
• Proof of identity. For most requests a UK government-issued ID (passport or driving licence photo page) plus a note in your own handwriting bearing today's date is sufficient. We will delete identity evidence within 30 days of closing the request.

We will acknowledge your request within 5 working days and respond substantively within 30 days, as required by UK GDPR. If a request is unusually complex we may extend by up to a further 60 days; we will tell you in writing if we need to.

When considering an erasure or objection request relating to one of our published datasets, we apply a documented balancing test. We weigh your rights against the public-interest, freedom-of-expression and archiving exceptions set out in UK GDPR Article 17(3). The key factors we look at are:

• Whether the original record is still published at source (FCA, HMCTS, Companies House, etc.). If it is, the record is still part of the public regulatory or judicial record and we will normally retain it, pointing you to the source.
• Whether the record at source has been redacted, withdrawn, anonymised, or formally expunged. If it has, we will follow suit.
• Whether the record we hold is materially inaccurate, out of date, or misleading without context.
• Whether you have a compelling personal ground — such as a documented safety risk — that outweighs the public interest in continued processing.

We will give you a written reason for our decision in every case, whether we accept or reject your request. You retain your independent right to contact the UK Information Commissioner's Office (ico.org.uk/make-a-complaint, 0303 123 1113) at any stage.

Data-subject requests are free of charge. We may, exceptionally, charge a reasonable fee or refuse a request that is manifestly unfounded or excessive — for example a repeated identical request after a final response. We will tell you in writing if we believe this applies before charging or refusing.

Meridian Data Ltd is the data controller for the personal data described in our Privacy Policy. Contact details are in the Privacy Policy and in the page footer below.