Privacy Policy
Your privacy matters to us. Here’s how we collect, use and protect your information.
Last updated: January 2025 · Applies to: BritRoots (britroots.co.uk) · Jurisdiction: United Kingdom (UK GDPR)
BritRoots — Privacy Policy
BritRoots (“we”, “us”, “our”) is committed to protecting your personal information and being transparent about how we use it. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. By using our website or services, you agree to the practices described here.
1. Who We Are
BritRoots is a UK company formation and compliance service operating at [britroots.co.uk]. We help international entrepreneurs register and manage UK limited companies.
For the purposes of data protection law, BritRoots is the data controller — meaning we decide how and why your personal data is processed.
If you have any questions about this policy or how we handle your data, contact us at:
- Email: info@britroots.co.uk
- Address: 3 Dale Close, Horsham, England, RH12 4JD
2. What Personal Data We Collect
We collect personal data in several ways depending on how you interact with us.
2.1 Data you give us directly
When you use our contact form, request a quote, or sign up for our services, we may collect:
- Your full name
- Email address
- Phone number (if provided)
- Country of residence or nationality
- Company name (existing or proposed)
- Business type and purpose
- Payment information (processed securely via our payment provider — we do not store card details)
- Any other information you voluntarily include in your messages to us
2.2 Data we collect automatically
When you visit our website, we automatically collect certain technical information:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring URL (the page you came from)
- Date and time of your visit
This data is collected via cookies and similar tracking technologies. See Section 8 for our full Cookie Policy.
2.3 Data from third parties
We may receive data about you from third-party services such as:
- Companies House (for verification purposes during company formation)
- Payment processors (transaction confirmation only)
- Analytics providers (aggregated and anonymised data)
3. Why We Collect Your Data (Legal Basis)
Under UK GDPR, we must have a lawful basis for processing your personal data. Depending on the purpose, we rely on the following:
| Purpose | Legal basis |
|---|---|
| Responding to your enquiries | Legitimate interests / contract performance |
| Processing your company formation order | Contract performance |
| Sending service-related communications | Contract performance |
| Complying with Companies House and HMRC requirements | Legal obligation |
| Sending marketing emails (if opted in) | Consent |
| Analysing website usage to improve our service | Legitimate interests |
| Fraud prevention and security | Legitimate interests / legal obligation |
We do not use your data for purposes incompatible with those listed above.
4. How We Use Your Data
Specifically, we use the data we collect to:
- Respond to your contact form submissions and enquiries
- Process and deliver the services you have purchased
- File documents with Companies House on your behalf
- Communicate updates about your order or account
- Send you invoices and receipts
- Comply with legal and regulatory obligations (including anti-money laundering checks)
- Improve our website and service quality
- Send you marketing communications, but only if you have explicitly opted in
5. Who We Share Your Data With
We do not sell your personal data. We only share it where necessary:
5.1 Companies House and HMRC
As part of the company formation process, certain information (director names, registered address, company details) is submitted to Companies House. This becomes part of the public register as required by UK law.
5.2 Service providers (data processors)
We use trusted third-party providers to help us operate our services. These providers process data only on our instructions and are bound by data processing agreements:
- Hosting provider — for website and data storage
- Email platform — for sending service and transactional emails
- Payment processor — for handling payments securely (e.g. Stripe, PayPal)
- Analytics tool — for understanding website usage (e.g. Google Analytics, with IP anonymisation enabled)
- CRM or project management software — for managing your order and communications
5.3 Legal requirements
We may disclose your data to law enforcement or regulatory bodies if required to do so by law, court order, or government authority.
6. International Data Transfers
Some of our third-party service providers are based outside the UK or European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO)
- Adequacy decisions for countries deemed to provide equivalent data protection
You may request details of the specific safeguards we use by contacting us at info@britroots.co.uk.
7. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purpose it was collected. Our retention periods are:
| Data type | Retention period |
|---|---|
| Enquiry and contact form data | 2 years from last contact |
| Customer order and account data | 7 years (UK financial and legal requirement) |
| Companies House filing records | 7 years minimum |
| Website analytics data | 26 months (Google Analytics default) |
| Marketing email list | Until you unsubscribe or withdraw consent |
After the retention period, data is securely deleted or anonymised.
8. Cookies
Our website uses cookies — small text files stored on your device — to help the site function and to understand how visitors use it.
8.1 Types of cookies we use
- Strictly necessary cookies: Required for the website to work (e.g. session cookies). These cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with the site (e.g. Google Analytics). These are only set with your consent.
- Preference cookies: Remember your settings or choices on the site.
- Marketing cookies: Used to show relevant advertising (only if you consent).
8.2 Managing cookies
You can control cookies through your browser settings. Most browsers allow you to refuse all cookies or alert you when a cookie is being sent. Note that disabling some cookies may affect the functionality of this website.
You can also opt out of Google Analytics tracking specifically by installing the Google Analytics Opt-out Browser Add-on.
We use a cookie consent banner to obtain your permission before setting non-essential cookies.
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right to access: You can request a copy of the personal data we hold about you (a Subject Access Request or SAR).
- Right to rectification: You can ask us to correct inaccurate or incomplete data.
- Right to erasure: You can ask us to delete your data (“right to be forgotten”), subject to certain legal exceptions.
- Right to restrict processing: You can ask us to pause processing of your data in certain circumstances.
- Right to data portability: You can request your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interests or for direct marketing.
- Rights related to automated decision-making: We do not make solely automated decisions that significantly affect you. If this changes, we will inform you and provide the right to request human review.
To exercise any of these rights, email us at info@britroots.co.uk. We will respond within 30 days as required by law. We may need to verify your identity before processing your request.
10. Marketing Communications
We will only send you marketing emails if you have actively opted in — for example, by ticking a consent checkbox on our contact form or signing up to our newsletter.
Every marketing email we send includes an unsubscribe link. You can withdraw your consent at any time by clicking unsubscribe or emailing info@britroots.co.uk. We will remove you from our mailing list within 5 business days.
Withdrawing consent does not affect the lawfulness of any processing that occurred before you withdrew it.
11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:
- SSL/TLS encryption on all data transmitted via our website
- Secure, access-controlled hosting infrastructure
- Limited staff access to personal data on a need-to-know basis
- Regular security reviews and software updates
- Secure deletion of data when no longer required
No method of transmission over the internet is 100% secure. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals as required by law.
12. Children’s Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read the privacy policy of any website you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
If changes significantly affect how we process your data, we will notify you by email (if we hold your email address) or by a prominent notice on our website.
15. How to Complain
If you are unhappy with how we have handled your personal data, please contact us first at info@britroots.co.uk — we will do our best to resolve your concern.