CBs should obtain such permissions and approvals from its Certified Entities as may be necessary to allow the CB to submit Certified Entity Data to the IAF Database. However, most CBs will already have clauses in their customer contracts allowing them to share data to their AB or other third parties for the purpose of certificate verification. The only data that is uploaded is the certification data that is owned by the CB. No personal data is requested for upload into the database, only information relating to which organisations the CB has certified.