(1) Subject to paragraph (2), a company must not use or disclose secured information relating to a person ("S") if -
(a) in relation to that information an application has been made under regulation 36, 37 or 38; and
(b) the company has not received notification under regulation 40(2), 40(3), 42(3), 43(2), 44(6) or 46(5)(b).
(2) The company may use or disclose secured information relating to S -
(a) for communicating with S;
(b) in order to comply with a requirement of the Act as to particulars to be sent to the registrar;
(c) where S has given consent for the company to use or disclose secured information relating to S; or
(d) to the extent necessary in order to comply with regulation 43 (corporate bodies: obligations) of the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
(3) For the purposes of this regulation, an application has been made -
(a) under regulation 36(1)(a) or 36(1)(c) when the applicant has informed the company u
…