Legal
Last Updated 9 June 2026.
1.1 We are C S Business Ltd trading as The Company Shop (“TCS”), a company formation agent specialising in the formation of companies, registered office provision and related services. All services are provided within the United Kingdom and the EEA and we operate security controls in order to help protect the personal data we hold. Personal data is held within our offices and on hosted infrastructure in a secure datacentre in the UK, as well as partner datacentres for the providers listed below. We are registered at Forsyth House, Cromac Square, Belfast, BT2 8LA.
1.2 This Privacy Policy applies to information that we collect about you when:
1.3 Throughout this Privacy Policy, we’ll refer to our Website and other products and services collectively as the “Services”.
1.4 Below we explain how we collect, use, and share personal data about you, along with the choices that you have with respect to that personal data.
1.5 Please note that this Privacy Policy does not apply to any products or services offered by us or linked to by us but provided by third parties. Those products and services have separate privacy policies and are available directly from those third parties or they may be presented to you, as appropriate, should these products or services relate to you.
1.6 If you have any questions about this Privacy Policy, please contact us as described in the Contact Section below.
| Term | Definition |
|---|---|
| Consent | means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the Processing of personal data relating to them. The consent must be informed, meaning the Data Subject understands how their data will be processed and for what purposes. |
| Data Controller | means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of personal data. They are responsible for decisions regarding how, when, and where data will be processed. |
| Data Processor | means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller. The Processor acts only on the instructions of the Controller. The Data Controller may also act as a Data Processor in some cases. |
| Data Subject | means the individual to whom the personal data relates and who can be identified from that data. |
| Legitimate Interest | means a lawful basis for Processing personal data when it is necessary for the legitimate interests of the controller or a third party, provided that these interests are not overridden by the fundamental rights and freedoms of the Data Subject. This requires a balance between the organisation’s interest and the rights of individuals. |
| Personal Data | means any information relating to a Data Subject such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. |
| Processing | means any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction. It may also include automated decision-making processes based on that data. |
We only collect personal data about you if we have a reason to do so; for example, to provide our Services, to communicate with you, or to improve our Services.
We collect personal data:
The amount and type of information depends on the context and how we use the information:
We also collect some information automatically:
Log Information: Like most online service providers, we collect certain details automatically, such as browser type, IP address, device identifiers, language preference, referring site, access times and dates, operating system, and mobile network details. This log information helps us monitor system performance and improve your experience when using our Website.
Usage Information: We collect data on how you interact with our Services. This includes actions performed by administrators and users (e.g., who did what, when, and to what in our system, such as through hosting control panels), as well as details about your device (e.g., screen size, mobile network, and device manufacturer). We use this information to provide our Services to you and to gather insights into how people use them, so we can make improvements.
Location Information: We may determine your approximate location based on your IP address, which helps us understand how many people use our Services from different geographic areas.
Information from Cookies & Other Tracking Technologies: Cookies are small data files that websites store on your device, and they provide information back to the website when you return. Pixel tags (also known as web beacons) are small blocks of code placed on websites and emails. TCS uses cookies and pixel tags to track visitors, usage, and preferences for our Services, to measure the effectiveness of email campaigns, and to deliver targeted ads. For more information on how we use cookies and tracking technologies, and how you can control their use, please refer to our Cookies Policy.
We may also get information about you from other sources. For example, if you create or log into your account through another service (like Google) or if you connect your website or account to a social media service (like Twitter), we will receive information from that service (such as your username, basic profile information, and friends list) via the authorisation procedures used by that service. The information we receive depends on which services you authorise and any options that are available.
We may also obtain information from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.
We use information about you as mentioned above and as follows:
Under data protection law, we can only use your personal data if we have a proper reason, eg:
A Legitimate Interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on Legitimate Interests, to balance our interests against your own.
We do not sell our users’ personal data.
We share your personal data in the limited circumstances set out below and with appropriate safeguards on your privacy:
Employees and Independent Contractors: We may disclose information about you to our employees and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our employees and independent contractors to follow this Privacy Policy for personal data that we share with them.
With Your Consent: We may share and disclose information with your Consent or at your direction. For example, we may share your information with third parties with which you authorise us to do so. Where we require your Consent to share your data with third parties you will find these listed under Sharing with Third Parties. We may also request your Consent to process limited elements of your data in specific ways. Where we require this Consent, it will be presented to you in a way that allows you to have a clear understanding of what you are consenting to and enable you to agree to this in a clear and positive way.
Sharing with Third Parties: We may share information about you with third party suppliers who need to know information about you in order to provide their services to us. This group includes suppliers that help us provide our Services to you (like payment providers that process your credit and debit card information) and those that help us understand and enhance our Services (like analytics providers).
These third parties and the reason for sharing your data with them is listed below:
As Required by Law: We may disclose information about you in response to a regulator, court order, or other governmental request.
To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of TCS, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
Business Sale, Transfer or Reorganisation: If we are involved in a merger, the sale of company assets, a reorganisation, or the acquisition of all or part of our business by another organisation — or in the unlikely event that TCS goes out of business or enters bankruptcy — user information would likely be one of the assets transferred or acquired. We may also share information about you with a prospective purchaser so that they can evaluate the business, subject to appropriate confidentiality safeguards. If any of these events occur, this Privacy Policy will continue to apply to your information, and any party receiving your information may only continue to use it consistent with this Privacy Policy.
Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
While no online service is 100% secure, we work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable measures to do so. To enhance the security of your account, we encourage you to observe good security best practices with your account information, such as choosing strong passwords when registering with our systems and keeping this information secret.
We employ a range of security controls throughout our organisation to ensure that we look after your personal data and protect it from loss, corruption or unauthorised access. Our Data and Information Security Policy which outlines our commitment to protecting your data is available on request.
We only retain personal data for as long as is necessary to fulfil the purposes for which it was collected, including to meet legal, contractual, and business obligations. Retention periods vary depending on the nature of the data and the reasons for its collection:
Legal Requirements: Certain information, such as financial and transactional records, must be retained for specified periods to comply with legal and regulatory obligations, including but not limited to anti-money laundering (AML) regulations. This may require us to retain some data for longer than our standard periods.
Contractual Obligations: We retain personal data for the duration of your contract with us. Following the end of the contract term, we may retain certain information for up to one year for legitimate business purposes, such as marketing (if permitted) and analysis, unless a longer retention period is required by law or regulation.
Marketing: Where personal data is processed for marketing purposes, we retain this personal data for up to one year of inactivity (i.e., no engagement or response) before securely deleting it.
Business Analysis: Personal data used for business analysis is limited to what is necessary to perform the analysis and is retained for no longer than one year, unless required for longer under legal or regulatory obligations.
We regularly review our data retention practices to ensure they remain appropriate and lawful.
We always aim to keep the amount of personal data we hold to a minimum and so, unless we have received a specific request from you to erase any of your personal data before the retention periods expire, we will destroy/erase data with an expired retention period as soon as the retention period has expired.
You have several choices available when it comes to information that we hold about you:
Limit the Information that You Provide: If you have an account with us, you can choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services may not be accessible (contact us for more information).
Limit Access to Information On Your Mobile Device: Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information.
Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
Set Your Browser to Reject Cookies: At this time, TCS does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using the Website, with the drawback that certain features of the Website may not function properly without the aid of cookies.
When it comes to personal data you have defined rights regarding how your data is collected, processed and shared. These rights are explained below:
The Right of Access: You have the right to request that we show you what personal data of yours we hold and process.
The Right to Withdraw Consent: Where you have specifically given us Consent to process your personal data then you have the ability to withdraw that Consent at any time. Please be aware that where that personal data is used to provide you with services, then withdrawal of Consent to use this personal data may negatively impact on our ability to provide those services for you.
The Right to Erasure: In specific circumstances, you have the right to request that any personal data we hold about you be erased. This includes where:
The Right to Object: There are cases where we may process some of your data in order to help us assess and improve our business. This type of Processing may not be supported by a contractual requirement or your Consent, but would have been carefully assessed to ensure that we have a clear Legitimate Interest in doing so that does not adversely affect you as an individual. In these instances, we make you aware of these activities along with your right to object to this kind of Processing should you wish.
The Right to Rectification: If you become aware that any personal data we hold is incorrect you have the right to request that this personal data be corrected.
The Right to Data Portability: You have the right to request that we provide you with an electronic copy of any personal data you have given to us as part of a contractual relationship or following your Consent. This also includes any personal data about you that has been generated automatically as part of these agreements.
The Right to Restrict Processing: In some situations you may require us to restrict Processing, such as following an objection or if data accuracy is in question. Where you exercise your right to restrict Processing we shall not recommence Processing without first notifying you.
Automated Processing and Human Decision-Making: We use systems that help us reach decisions more quickly and consistently. For example, as part of our anti-money laundering and identity-verification obligations, our AML and identity-check providers run automated checks against identity, sanctions and politically-exposed-person (PEP) data sources and return a risk indication. These systems compare the information you provide against those reference sources to flag possible matches or risk factors.
However, these tools only support our decision-making — they do not make decisions on their own. All final decisions that affect you are made by a member of our staff, who reviews the relevant information before any decision is taken. This means we do not carry out decision-making based solely on automated processing that produces a legal effect concerning you or similarly significantly affects you. If you have any questions about how we use these systems, or wish to discuss a decision that affects you, please contact us using the details below.
If you wish to exercise any of your rights we would be happy to help you. Please use the contact details below to communicate your requirements. We will respond to valid requests without undue delay and within the timeframes required by law. There is normally no charge for exercising your rights, although we may charge a reasonable fee or decline to act where a request is manifestly unfounded or excessive.
We are based in the United Kingdom and most of your personal data is stored and processed within the UK and the EEA. However, some of our suppliers and service providers are based outside the UK, which means your personal data may be transferred to, stored in, or accessed from countries outside the UK in order to provide our Services. In particular, certain providers we use are located in, or process data in, the United States — these include The Constant Company, LLC t/a Vultr, Stripe Inc and Intuit Limited t/a Mailchimp.
Whenever we transfer your personal data outside the UK, we make sure that an appropriate safeguard is in place to protect it, as required by UK data protection law. Depending on the destination, these safeguards may include:
You can ask us for more information about the safeguards we have put in place for transfers of your personal data outside the UK, and for a copy of the relevant documents where appropriate, by contacting us using the details below.
Ads appearing on any of our Services may be delivered by advertising networks. Other parties may also provide analytics services via our Services. These ad networks and analytics providers may set tracking technologies (like cookies) to collect information about your use of our Services and across other websites and online services. These technologies allow these third parties to recognise your device to compile information about you or others who use your device. This information allows us and other companies to, among other things, analyse and track usage, determine the popularity of certain content, and deliver advertisements that may be more targeted to your interests. Please note this Privacy Policy only covers the collection of information by TCS and does not cover the collection of information by any third-party advertisers or analytics providers.
Our Services are intended for businesses and individuals aged 18 and over, and are not directed at children. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us using the details below and we will take appropriate steps to delete that information.
If you have any complaints about the way in which your personal data is being handled, then please contact us using the contact details below. Alternatively, you may also contact the national supervisory authority (the Information Commissioner’s Office) to register a complaint, whose details can be found at https://ico.org.uk.
To contact us about your personal data or with any data requests, please email us at [email protected]. You can also write to us at: The Company Shop, Forsyth House, Cromac Square, Belfast, BT2 8LA.
