Privacy Policy

Pali™ Privacy Policy

Pali Ltd and its Franchise offices. Privacy policy as required by the General Data Protection Regulations. 2018 (GDPR)

About This Document

This Privacy Notice will help you understand how we collect, use and protect your personal information. If your request is for insurance products or one of our products which carries insurance such as a regulated search you should also show this notice to anyone who may be insured under your policy. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Head Office by email: The Data Protection Officer or by post:

Or the address on the ICO website for the Pali office you are dealing with.

Pali Ltd and its franchise offices may collect personal information and data from you in order to provide our services and to meet our legal obligations. By using our website or ordering our Services (e.g. via Our Website, our Ordering and Delivery System, by telephone or by email) (“Ordering Methods”), or by providing any personal information to us, you are accepting and consenting to the collection, use and disclosure of your personal information as set out in this Privacy Policy.


The organisation responsible for the processing of your personal information is Pali Ltd. 2-4 Croxteth Avenue Wallasey Wirral CH44 5UL and its franchise offices. This means that we are a ‘data controller’ and a “Data Processor” under the Data Protection Act 1998 and, General Data Protection Regulations also known as the GDPR 2018. Our registration number with the Information Commissioner’s Office is Z1728068. Each office has its own Data controller and details can be found on the ICO website.


Personal information you may give us when you place an order via Our Website (or other Ordering Methods) or contact our customer service team, or otherwise interact with us and provide personal data about:

  • in the case of a Consumer, you personally
  • in the case of a Supplier, your employees (and prospective employees and contractors), your clients, business associates and potential clients and their employees. Personal information of third parties in connection with the products or services you request or order from us, such as the information disclosed in searches of public records you undertake when you use our products or services
  • in the case of a Client, you or your employees or your own client
  • in the case of prospective employees and contractors, you personally.

The personal data you have provided, we have collected from you, or we have received from third parties may include:

  • name, address, date of birth and gender
  • contact details, including telephone numbers and email address
  • employment details and home ownership
  • bank account number and sort code
  • credit or debit card details
  • other personal information required to provide our services in specific cases


When we have a “legitimate interest” in obtaining information from third parties because we cannot obtain it from you. This may include but not be limited to, references from a previous employer, positions of water and sewage pipes and meters, planning applications, building control and other certificates, Title deeds and leases.


We collect the personal information you provide when you:

    • apply to become a customer, supplier, client or user of our products or services;
    • fill in and return to us a signed client form
    • use our services by logging into our system or ordering products or services from us via our website, by telephone, email or in other ways
    • enter personal information into our system about you or other third parties in connection with your use of our products or services
    • store details of products or services you have ordered or information and data contained in the particular products or services you have ordered – for example if you order a title search which includes personal information and we store that search information so you can retrieve it again later on
    • when you contact us as a prospective employee or contractor of Pali.

Most of the personal information we hold about you is that which we collect directly from you by telephone, email, our website, written correspondence or from third parties which use our service. Not all these categories will apply in every case, for example:

        • each time you ask us for a quote
        • each time you place an order for yourself personally or as an employee of a client
        • when you purchase our products or services
        • when you register to receive information from us, such as quotes
        • each time you interact with us, respond to communications or surveys, or enter competitions
        • when you make enquiries or raise concerns with our customer service team
        • data about the property and local area you are interested in including census data about the average household size, home ownership, employment statistics, and demographics of your area, and police crime and accident statistics (which are publicly accessible)
        • electoral register data that confirms your identity and address (which is publicly accessible)
        • data as to the likelihood of storms and floods in your area, and soil data
        • data through Land Registry, Post Office, Ordnance Survey, Companies House, The Environment Agency or other address-based data providers
        • data from local authorities, water companies, sewerage undertakers and mining companies
        • domestic energy assessors, commercial energy assessors, estate agents
        • when you visit Our Website, we may collect any or all of the following technical data
        • device Identifiers (the internet protocol address used to connect your device to the internet, your login information, browser type and version, regional settings, operating system and platform)
        • data about your use of Our Website (the full Uniform Resource Locators (URL), clickstream to, through and from Our Website (including date and time), products you viewed or searches for, time spent on certain pages or screens, interaction data (such as scrolling, clicks and mouse-overs.


Pali employ a variety of physical and technical measures to keep personal data safe to prevent unauthorised access to, use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). We store personal information in computer storage facilities, paper-based files and other records. We take steps to protect the personal information against loss, unauthorised access, use modification or disclosure, and against other misuse. These steps include password protection and access privileges for accessing our IT system, encryption of data stored and physical access restrictions to paper files. Some of these services, such as hosting our computer file servers, are provided by third parties in the UK and EU we endeavour to ensure that they also have adequate privacy safeguards in place through the use of contractual measures to protect personal information and data. Because transmission of information over the internet is often insecure we do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information by others over the internet.


Our staff receive data protection training and we have a set of detailed data protection policies and procedures which personnel are required to follow when handling personal data.

We identify those members of staff who need to be involved in administering personal information and subject them to rigorous training. Staff who are not involved in the administration of personal data are also involved in training to ensure they do not inadvertently access or divulge personal data, for instance, if contacted by telephone or email with data requests.


Except as otherwise specified in this Privacy Policy, we will only use personal information with your consent or where it is necessary in order to enter into, or perform, a contract with you e.g. to fulfil any orders you place through Our Website or over the telephone; each time you ask us for a quote.

We may store and use your personal information for the purposes of:

        • administering your quotes and orders for reports (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests)
        • carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests)
        • using your payment details to process payments relating to refunds or orders we may place with you or your company
        • to administer our databases for client services, marketing, credit control and financial accounting purposes
        • communicating with you about your quotes or the provision of other reports or services
        • administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests)
        • perform the services you have asked us to provide
        • comply with a legal duty
        • protect your vital interests
        • remember your preferences (e.g. where you are a Supplier, if you ask not to receive marketing material, we’ll keep a record of this)
        • for our own (or a third party’s) lawful interests, provided your rights don’t override these

Our “legitimate interests” as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.

For the purposes connected with providing our products and services to you, we may share your data with third parties, but we will not use or share your personal information for any other purpose without first obtaining your consent, unless required by law. In any event we will only use your personal data for the purposes for which it is collected, or purposes which are very similar.


Where you are a Supplier, and as an existing customer, we may wish to send you details regarding:

        • new services, special offers and products offered by us
        • details of meetings, events and seminars that may be of interest to our customers and clients our newsletters and other marketing publications. We may contact you inviting you to opt-in to receiving this information. This means that you will be given the choice as to whether you want to receive these messages and will be able to select how you want to receive them (email, telephone or post). You may opt-out of receiving direct marketing or the disclosure your personal information for the purpose of direct marketing by contacting our Data Privacy Officer
        • by using any unsubscribe facility contained in email communications that you receive from us
        • writing to us at the address in “Contact Us” on this website The information we hold is never marketed, rented or sold to any third parties.


If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products or services you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Data Protection Officer at the details provided above.


Where relevant given the nature of the products and services provided to you, directly or through a third party, we may also share your information with the following categories of third parties:

        • insurance underwriters and others who are involved with the provision of insurance services to you alongside us (as is necessary for the performance of a contract between you and us)
        • third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests)
        • third party service providers who support the operation of our business, such as solicitors, search agents, other search companies, anti-money laundering companies, insurance providers, water companies, local authorities, our regulating bodies and IT providers.


Using your data for fraud prevention, the personal data you have provided, we have collected from you, or we have received from third parties, may be shared with fraud prevention agencies. Please contact our Data Protection Officer if you would like details of the agencies we share your data with. These often change, please contact our Data Protection Officer if you would like details of our current panel.


The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:

        • the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
        • the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
        • there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield)

To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.


We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for the minimum period required consistent with performing the service you have requested or to comply with current legislation. For example, a local search may be retained until it is superseded by another search which could be some years later. Energy Performance Certificates will be required by subsequent purchasers of property up to ten years after they are produced. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.


Under the Data Protection Act 1998 you have the following rights:

        • to obtain access to, and copies of, the personal information that we hold about you
        • to require that we cease processing your personal information if the processing is causing you damage or distress
        • to require us not to send you marketing communications

Under GDPR from 25 May 2018, you will also have the following rights:

        • to require us to erase your personal information
        • to require us to restrict or object to our data processing activities
        • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller
        • to require us to correct the personal information we hold about you if it is incorrect


Individuals have a right to access their Personal Data held by Pali. A request for this information is commonly known as a Subject Access Request(‘SAR’).

All SARs, whether by telephone, post, email or other means must be recorded and reported to Compliance on the same day as the request is received. Compliance will contact the customer to establish the reason for the request if this is not already evident.

GDPR does not permit Pali to charge a fee to comply with a subject access request except in exceptional circumstances. Where the request is manifestly unfounded or excessive Pali may charge a “reasonable fee” for the administrative costs of complying with the request.
Pali must comply with the SAR within one month of receipt. The time to respond can be extended by a further two months if the request is complex or the organisation has received a number of requests from the individual. Pali will let the individual know within one month of receiving their request if the response time is being extended and explain why the extension is necessary.

Any information contained within relevant files/documentation, but which relates to a third party should generally be removed or redacted before disclosure is made. There are other grounds upon which Pali may decline to disclose files/documentation (for instance where they are subject to legal privilege) and advice in this regard should always be sought from Pali General Counsel or Compliance.

Once a request has been made, Personal Data can only be amended or deleted between the time of the request and the time when the information is supplied if this would have taken place regardless of the request.

Compliance will be responsible for ensuring that information is released in accordance with the relevant data protection regulations.

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.


Cookies, a ‘cookie’ is a piece of information that allows the server to identify and interact more effectively with your computer. The cookie assists us in identifying what our users find interesting on Our website. When you use Our website we allocate you a unique identification number (cookie). A cookie will be allocated each time you use Our website. The cookie does not identify you as a user in our data collection process. It does identify your Internet Server Provider. You can configure your web browser to refuse cookies but you then may not be able to use all or part of our website.


This Privacy Policy may be updated from time to time so we recommend you review the information on Our website on a regular basis. If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website