We are committed to protecting your personal data. This policy explains what we collect, why we collect it, and how we keep it safe.
Last updated: April 2025FormationsHQ LimitedRegistered in England & Wales
This Privacy Policy applies to all services provided by FormationsHQ Limited, including our website at formationshq.com, customer dashboard, and all associated services. By using our services, you agree to the collection and use of information in accordance with this policy.
1. Who We Are
FormationsHQ Limited is a company formation and business services provider registered in England and Wales. We operate the website formationshq.com and provide company registration, virtual address, and business management services.
Registered Address: Unit 7 Initial Business Centre, Wilson Business Park, Manchester, M40 8WN, United Kingdom.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, FormationsHQ Limited is the data controller of your personal data.
2. Data We Collect
Information you provide directly
Full name, email address, phone number
Home and business address
Date of birth (for identity verification)
Passport or government-issued ID details
Company name, structure, and director/shareholder details
Payment card information (processed securely by Stripe — we never store card numbers)
Messages and communications you send us
Information collected automatically
IP address and device identifiers
Browser type and version
Pages visited, time spent, and click activity
Referral source (how you found us)
Cookie and session data
Information from third parties
Companies House public register data
Identity verification services
Payment processors (Stripe)
Analytics providers (e.g. Google Analytics)
3. How We Use Your Data
We use your personal data to:
Process your company formation and related service orders
File documents with Companies House, the IRS, or Canadian authorities on your behalf
Provide and manage your registered address service
Process payments and issue invoices
Verify your identity and comply with Anti-Money Laundering (AML) regulations
Google Analytics — anonymised website usage statistics
Identity verification providers — solely for AML compliance
Legal and regulatory bodies — where required by law
All third-party processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.
6. Data Retention
We retain your personal data for as long as your account is active and as required by law:
Customer account data — retained for the duration of your relationship with us, plus 6 years after account closure (for tax and legal compliance)
Transaction records — 6 years (UK HMRC requirement)
AML identity records — 5 years from the end of the business relationship
Marketing consent records — until you withdraw consent
Communication records — 3 years from last interaction
After applicable retention periods, data is securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete data
Right to erasure — request deletion of your data (subject to legal retention obligations)
Right to restrict processing — ask us to limit how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests or for direct marketing
Rights related to automated decisions — not to be subject to solely automated decisions with legal effect
To exercise any of these rights, email us at info@formationshq.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use cookies and similar tracking technologies on our website. These include:
Essential cookies — required for the website and dashboard to function (session management, security)
Analytics cookies — help us understand how visitors use our site (Google Analytics — anonymised)
Marketing cookies — used to deliver relevant advertising (only with your consent)
You can manage your cookie preferences via the cookie banner on your first visit, or by adjusting your browser settings. Note that disabling essential cookies may affect site functionality. Full details are in our Cookie Policy.
9. Security
We implement industry-standard technical and organisational security measures to protect your personal data, including:
256-bit SSL/TLS encryption for all data in transit
Encrypted storage for sensitive data at rest
Access controls and role-based permissions for staff
Regular security audits and penetration testing
Secure, GDPR-compliant hosting infrastructure
Despite these measures, no system is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by law.
10. International Data Transfers
Some of our service providers (such as Stripe and Google) are based outside the UK and EEA. Where we transfer your data internationally, we ensure appropriate safeguards are in place, such as:
UK adequacy regulations
Standard Contractual Clauses (SCCs) approved by the ICO
Binding Corporate Rules
We will always ensure your data receives the same level of protection regardless of where it is processed.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. We will notify you of significant changes by email or by displaying a prominent notice on our website.
The date of the most recent revision appears at the top of this page. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us: