🎉 20% off. Code: FIRST20
Right Formations

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: 1 January 2026

1. Introduction

Right Formations Limited ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website (rightformations.com) and our company formation and related services. We are registered in England and Wales under company number 16928912, with our registered office at Suite 11, Enterprise House, Meadowfield Avenue, Spennymoor, County Durham, England, DL16 6JF. This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully to understand our practices regarding your personal data.

2. Data Controller

Right Formations Limited is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:
Email: support@rightformations.com Phone: +44 7861 642847 Address: Suite 11, Enterprise House, Meadowfield Avenue, Spennymoor, County Durham, England, DL16 6JF

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data

Full name, date of birth, nationality, former names, and identity document details as required for company formation filings with Companies House.

Contact Data

Email address, telephone number, residential address, and correspondence address.

Financial Data

Payment card details (processed securely via Stripe), billing address, and transaction history.

Company Data

Proposed company name, registered office address, SIC codes, share structure, director and shareholder information, and persons with significant control (PSC) details.

Technical Data

IP address, browser type and version, operating system, device information, time zone setting, and browsing actions on our website.

Usage Data

Information about how you use our website and services, including pages visited, features used, and interaction patterns.

Communications Data

Records and content of correspondence with us, including emails, live chat transcripts, and support tickets.

4. How We Collect Your Data

We collect personal data through the following means:
  • Direct interactions — when you create an account, place an order, complete our company formation forms, subscribe to our newsletter, or contact us.
  • Automated technologies — as you navigate our website, we automatically collect technical and usage data through cookies, server logs, and similar technologies.
  • Third-party sources — we may receive data from analytics providers (such as Google Analytics), payment processors (Stripe), identity verification services, and Companies House public records.
  • Social login — if you choose to sign in via Google, Microsoft, or Apple, we receive profile information as authorised by you.

5. How We Use Your Data

We use your personal data only where we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal basis:
PurposeLegal Basis
To register your account and manage your relationship with usPerformance of a contract
To process and submit company formation applications to Companies HousePerformance of a contract
To process payments and manage billingPerformance of a contract
To verify your identity for Anti-Money Laundering (AML) complianceLegal obligation
To communicate with you about your orders, applications, and accountPerformance of a contract
To send you marketing communications (where you have opted in)Consent
To improve our website, services, and user experienceLegitimate interest
To detect, prevent, and address fraud or technical issuesLegitimate interest
To comply with legal and regulatory obligationsLegal obligation

6. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

Companies House

To file incorporation documents, annual returns, and other statutory filings as required by law. Information filed with Companies House becomes part of the public register.

HM Revenue & Customs (HMRC)

For VAT registration, Corporation Tax registration, and other tax-related filings.

Payment Processors

Stripe processes your payment information securely. We do not store your full card details on our servers.

Identity Verification Providers

To conduct AML and Know Your Customer (KYC) checks as required by the Money Laundering Regulations 2017.

Cloud Service Providers

Our website and services are hosted on secure cloud infrastructure. All providers are contractually bound to protect your data.

Professional Advisers

Including accountants, lawyers, and auditors who provide consultancy, banking, legal, insurance, and accounting services.

We do not sell your personal data to third parties. We only share data where necessary to provide our services, comply with the law, or with your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our standard retention periods are:
  • Account and transaction data: 7 years after your last transaction (to comply with tax and accounting regulations).
  • Company formation records: 7 years after the company is dissolved or the service relationship ends.
  • AML/KYC verification records: 5 years after the end of the business relationship (as required by the Money Laundering Regulations 2017).
  • Marketing consent records: Until you withdraw consent or unsubscribe.
  • Technical and analytics data: 26 months from the date of collection.

8. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data, including: • Encryption of data in transit (TLS/SSL) and at rest • Secure authentication with multi-factor options • Regular security assessments and penetration testing • Access controls limiting data access to authorised personnel • Secure payment processing through PCI DSS-compliant providers • Regular backups and disaster recovery procedures While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee the absolute security of your data.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data.

Right to Erasure

You can ask us to delete your personal data in certain circumstances. Note that we may need to retain some data to comply with legal obligations.

Right to Restrict Processing

You can ask us to limit how we use your personal data.

Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format.

Right to Object

You can object to the processing of your personal data for direct marketing or where we rely on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@rightformations.com. We will respond to your request within one month. There is no fee for making a request, unless your request is manifestly unfounded or excessive.

10. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). Where we transfer data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or transfers to countries with an adequacy decision.

11. Cookies

Our website uses cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

12. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Complaints

If you have concerns about how we handle your personal data, we would appreciate the opportunity to address them. Please contact us at support@rightformations.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: ico.org.uk

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Right Formations Limited Suite 11, Enterprise House, Meadowfield Avenue Spennymoor, County Durham, England, DL16 6JF Email: support@rightformations.com Phone: +44 7861 642847 Company Number: 16928912 VAT Number: 510345732