The Formations Company Privacy Policy

In this Privacy Policy the terms, ‘we’ or ‘us’ is The Formations Company.

Your privacy is important to us and we are committed to keeping your information secure and managing it in accordance with our legal responsibilities under applicable data protection laws. We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number ZA155749.

Please read this Privacy Statement carefully as it contains important information to help you understand how and why we process any personal information that you give to us.

What does ‘processing’ mean when it comes to personal data?

The term ‘processing’ refers to any manual or automated action performed on personal data. So that includes (but isn’t limited to) collecting it, recording it, organising it, structuring it, storing it, altering it, retrieving it, consulting it, transmitting it, making it available somewhere, combining it, restricting it, or erasing or destroying it.

What  information do we collect about you?

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments and other details of products and services you or your business have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Profile Data includes your username and password, purchases or orders made by you or your business, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Please note any data about a company or about a person in capacity for a company would not necessarily fall under a data subject or personal information. Should any the of the records held be about a specific company director of a company customer and information/ processing decision does not relate to them as an individual then it will not be deemed personal data and will not fall within the scope for any requests/processing. 

Special Categories of Personal Data

We don’t generally process information referred to as ‘special categories of personal data’. So that’s data about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, and so on. We’ll only do this if you give it to us voluntarily, or we need it for a service you’ve asked us for. And wherever we can we’ll keep the collection and use of this type of data to a minimum.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you or your business, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How we use your Information

We process the info we collect from you to:

Provide to you or your company products and services and to administer your account (including billing you) when we are dealing with your account through our website, in writing or over the phone so we can give you any information or help you ask us for

So we can comply with our legal obligations for the prevention of financial crime and money laundering, include checking your identity, and for any audits we need to do to carry out any duties we’ve agreed to do in any contracts we have with you.

For services and legal services of third party providers on our panel, who we quote or refer on behalf of.

We will process your information in order to meet our contractual obligations to you, where have a legitimate interest to do so, to tell you about products and services you or your business might be interested in  so you can use the interactive features of our services when you choose to (like the online chat service on our website) to help us train our people and improve our service to you and where we are permitted by law or to comply with applicable laws and regulation.

Providing a service and internal processing
To assess your needs and provide you with suitable products and services

·      Contractual obligation to provide you with, or a proposal including a costs estimate

·      Where special categories of personal data are processed, these are necessary to assess your needs

To service and administer your matter including billing

·      Legitimate interests to provide and manage the service

Contractual obligation


To verify the identity of our clients ·      To comply with legal obligations to prevent money laundering
To confirm, update and improve our client records ·      To comply with legal obligations in the Data Protection legislation
To provide you with any information on the services that you have requested

·      To meet our contractual obligation to provide information on the services you have requested


Relationship Management
To manage and develop our relationship with you ·      Legitimate interest to service your matter and improve our service to you

To inform you of products and services that may be of interest to your business(es), where you have chosen to be made aware of this



  • With your consent

Legitimate interests


Training and development
For training purposes and to improve our service to you ·      Legitimate interests to improve our services and develop our employees
Complying with Legal Obligations
To prevent, investigate and prosecute crime, fraud and money laundering

·      To comply with legal obligations for prevention of financial crime and money laundering


For auditing purpose ·      To comply with our legitimate interest to conduct audits
If we are obliged to disclose information by reason of any law, regulation or court order

·      To comply with legal obligations



To transfer information to any entity which may acquire rights in us ·      Legitimate interests for commercial interests
For any other purpose to which you agree. ·      With your consent


How long we keep your personal information

We follow the laws that apply when it comes to how long we hold on to your personal information. So we’ll destroy it or make it anonymous when we don’t need it anymore.

Our retention periods are:

Type of Personal Information Retention Period
General personal data which includes your normal personal data, personal identity and personal financial data ·      6 years after the end of our business relationship with you, or the end of your matter which ever comes later
Material we need for legal reasons i.e. documents that show we’ve done our ‘due diligence’ to prevent fraud, financial crime and money laundering. That includes things like copies of your passport, driver’s licence, bank statements and any other documents you give us. ·      5 years after the end of our business relationship with you, or the end of your matter which ever comes later
Special categories of personal data ·      6 years after the end of our business relationship with you
Call recordings ·    3 months
CCTV – digital images if you visit our offices ·      90 days


Who we share your information with

There are a few third-party companies and organisations we might give your information to. They are:

Any company within the LegalZoom Group, for the purposes set out in this notice (information and customer relationship, software and service improvements, to provide you with any information, applications, products or services that you have requested);

our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you ;

regulatory authorities, government bodies and any other third party necessary – we might need to do this to make sure we’re following our legal obligations and/ or regulations;

third parties used to facilitate payment transactions;

credit reference and fraud prevention agencies;

insurers – so we can give you the right level of financial cover, or if you make a claim against us;

Our own and our Group professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;

government departments like HMRC, Companies House, Local London Authorities and Trading Standards – for legal reasons;

our auditors and external assessment bodies – this is so we can meet any regulatory or quality assurance standards and accreditations we need to, and so we can give you quality services;

third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities. For example, financial services organisations (such as banks, insurers, finance providers), payment solutions providers, software and services providers that provide business solutions).

Information Security

We invest appropriate resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.

How we keep your data secure

We do everything we can to keep your personal information safe. So we have systems in place to protect it from loss, misuse, unauthorised access, modification or disclosure.

Where we store your personal data

We usually hold your data inside the UK and we will only ever send your data outside of the UK to:

Comply with a legal duty or legitimate interest

Provide our products and services

If we do transfer information outside of the UK, we will make sure that it is protected in the same way as if it was being used in the UK. To do this, we will use one or more of these safeguards:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.

Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

If any of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

You can find out more about these safeguards on the European Commission Justice and Information Commissioner’s Office (ICO) websites.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.


We will keep this Privacy Policy under review and make updates from time to time. Any minor changes to this Privacy Statement will be posted on this page and we will communicate any major changes to you.

If you want to see or change the data we have about you

You have the right to ask us for a copy of the personal information we hold about you.

And if any of it’s wrong, you can ask us to put it right, or delete it. Under certain circumstances you might also have the right to ask us to stop processing your personal information – but this doesn’t apply where there’s a legal or legitimate business reason for us to keep doing it.

If you’d like to do this, please email us or write to Data Protection Supervisor, 6th Floor, 9 Appold Street, London, EC2A 2AP.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

In relation to all of these rights, please write to us at the address below.

If you want to contact us or complain about the way we’ve handled your personal dataYou can contact us by writing to us at:

Data Protection Supervisor, The Formations Company, 6th Floor, 9 Appold Street, London, EC2A 2AP or at

If you are located within the European Economic Area (EEA) and you wish to contact us in respect to any personal data we’ve handled, please contact our EU Representative: Instant EU GDPR Representative Ltd  on email and/ or telephone + 353 15 549 700. The EU Representative  Dublin address is INSTANT EU GDPR REPRESENTATIVE LTD 69 Esker Woods Drive, Lucan Co. Dublin Ireland.

You can also complain to the Information Commissioner’s Office at any time – go to their website to find out how. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.