PRIVACY POLICY

www.OffshoreCompanyReg.com

Last updated: 23rd February 2025

1. Introduction

Offshore Company Reg LTD ("Company," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy sets out how we collect, use, disclose, and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

This Privacy Policy applies to users of our website https://www.offshorecompanyreg.com/ and clients engaging our services, including offshore company formation, offshore banking assistance, shelf company sales, business consultancy, and company renewals. It explains how we handle personal data, your rights as a data subject, and how you can contact us regarding privacy matters.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you must refrain from using our services.

For any privacy-related inquiries, you may contact our Data Protection Officer (DPO) at:

Email: privacy@offshorecompanyreg.com
Registered Address: 71 – 75 Shelton Street, Covent Garden, London, WC2 9JQ, UK

2. Legal Basis for Processing Personal Data

We process personal data in strict compliance with the UK GDPR. The legal bases for processing depend on the specific purposes for which the data is collected:

2.1 Contractual Necessity

We process personal data where it is necessary for the performance of a contract between you and Offshore Company Reg LTD. This includes:

Processing your company formation application.
Providing offshore banking assistance and liaising with financial institutions on your behalf.
Managing renewals of offshore companies and ensuring compliance with jurisdictional requirements.
Fulfilling consultancy services related to offshore business structuring.

2.2 Legal Obligations

Certain data must be processed to comply with legal and regulatory obligations, including:

Anti-Money Laundering (AML) and Know Your Customer (KYC) checks.
Compliance with tax and financial reporting laws.
Responding to legally binding requests from regulatory authorities.

2.3 Legitimate Interests

We process data where it is necessary for our legitimate business interests, provided that such processing does not override your fundamental rights and freedoms. These interests include:

Preventing fraud, security threats, and unauthorised access.
Improving service delivery and optimising our website functionality.
Handling disputes and enforcing legal claims.

2.4 Consent

Where required by law, we seek your explicit consent before processing personal data for:

Direct marketing communications, including promotional emails.
Use of non-essential cookies (see our Cookie Policy for more details).

You have the right to withdraw your consent at any time by contacting us at privacy@offshorecompanyreg.com or using the unsubscribe option in marketing emails.

3. Information We Collect

Offshore Company Reg LTD collects different types of personal data, depending on how you interact with us. The categories of data we collect include:

3.1 Information Provided Directly by You

Full Name
Email Address
Phone Number
Billing Address
Nationality

3.2 Data Required for Offshore Incorporation Services

Full Legal Name
Date of Birth
Residential Address
Proposed Business Activities
Countries of Operation
Proof of Identity (e.g., passport, national ID)
Proof of Address (e.g., utility bill, bank statement)
Source of Funds and Financial Statements (if required by regulatory authorities)

3.3 Payment Information

We do not process or store payment card details directly. Payments are securely handled by third-party payment processors (e.g., Stripe, PayPal). However, we may collect:

Transaction details (e.g., date, amount, currency)
Bank transfer details for direct payments

3.4 Automatically Collected Data

When you visit our website, we automatically collect:

IP Address
Device Information (e.g., browser type, operating system)
Geolocation Data (if permitted by your device settings)
Usage Data (e.g., pages visited, time spent on site)

For details on automated data collection, please refer to our Cookie Policy.

3.5 Information from Third Parties

We may receive data from external sources, including:

Regulatory agencies or compliance databases for KYC/AML verification.
Partner institutions such as banks and incorporation agents.

We only collect and process third-party data in accordance with UK GDPR regulations.

4. How We Use Your Data

We process your data strictly in line with the purposes outlined below:

4.1 Service Delivery & Account Management

Registering and managing your account.
Processing offshore company formation, banking assistance, and renewals.
Communicating with you regarding service updates and compliance requirements.

4.2 Legal and Compliance Requirements

Conducting KYC/AML checks to prevent fraud and financial crime.
Fulfilling obligations under UK corporate, financial, and tax laws.
Responding to legal requests, subpoenas, or regulatory audits.

4.3 Payment Processing & Transaction Management

Facilitating payments through Stripe, PayPal, or bank transfers.
Detecting fraudulent transactions and ensuring payment security.

4.4 Marketing & Service Improvements

Sending service-related announcements and promotional offers (with user consent).
Analysing website traffic and user interactions to improve functionality.
Customising content to enhance user experience.

4.5 Security & Fraud Prevention

Monitoring website activity for suspicious behaviour.
Protecting against data breaches and cyber threats.
Investigating unauthorised access attempts.

We do not use your data for automated decision-making that significantly affects your legal rights.

5. How We Store and Secure Your Data

We implement strict technical and organisational measures to safeguard your data:

5.1 Data Encryption & Access Control

Personal data is encrypted in transit and at rest using industry-standard security protocols.
Access to sensitive data is restricted to authorised personnel only on a need-to-know basis.

5.2 Data Retention Periods

Personal data is stored only for as long as necessary to fulfil legal, contractual, or regulatory obligations.

Account data – Retained while your account is active.
AML/KYC records – Retained for at least 5 years (as required by UK financial regulations).
Payment transaction records – Retained for legal and audit compliance.
Marketing preferences – Retained until you opt-out.

5.3 Secure Data Disposal

Upon expiry of the retention period, data is securely deleted or anonymised to prevent recovery.
Physical documents are shredded and electronic data is permanently erased.

5.4 Data Breach Procedures

Assess the risk and contain the breach.
Notify affected users and regulatory authorities within 72 hours (as per UK GDPR rules).
Implement corrective measures to prevent future incidents.

6. Third-Party Data Sharing

Offshore Company Reg LTD does not sell, rent, or trade your personal data. However, in order to deliver our services efficiently and in compliance with legal requirements, we may share your data with carefully selected third parties, subject to strict confidentiality and data protection agreements.

6.1 Categories of Third-Party Recipients

To provide our services effectively, ensure compliance with legal obligations, and enhance security, we may share your personal data with the following third-party service providers, each of whom has their own privacy policies governing their data processing practices:

Payment Processors (Secure Transactions & Fraud Prevention)

We use third-party payment providers to facilitate secure transactions and prevent fraud. Your payment information is processed directly by these providers in accordance with their privacy policies:

Stripe – Privacy Policy
PayPal – Privacy Policy
UK Banks (for Direct Transfers) – Please refer to your bank’s privacy policy.

Hosting & Website Security Providers (Cybersecurity & Performance Management)

To protect our website, prevent cyber threats, and optimise performance, we rely on:

Cloudflare – Privacy Policy

Email & Communication Platforms (Transactional & Marketing Emails)

We use third-party email platforms to send important communications, including service updates, account notifications, and marketing emails (where consent is given):

SendGrid (by Twilio) – Privacy Policy

Live Chat & Customer Support Services (Real-Time Customer Engagement)

To provide live chat support and improve customer interactions, we use:

Tawk.to – Privacy Policy

Regulatory & Compliance Authorities (AML/KYC, Tax Reporting & Legal Obligations)

To comply with UK financial regulations, anti-money laundering (AML) laws, and tax reporting requirements, we may share data with:

UK Government & Financial Regulatory Bodies – As required by AML/KYC regulations, tax laws, or legal authorities.

Professional Advisors (Auditing, Legal Compliance & Financial Reporting)

Where necessary, we may share data with external legal, accounting, and auditing professionals for regulatory compliance, legal obligations, and tax reporting. All such advisors are bound by strict confidentiality obligations.

We ensure that all third-party service providers process personal data in compliance with UK GDPR and implement adequate security measures to protect user data.

6.2 Legal Disclosure Requirements

We may be legally obligated to disclose personal data if:

We receive a court order, subpoena, or regulatory demand.
Disclosure is necessary for legal claims, fraud prevention, or security investigations.
We are required to comply with UK AML/KYC regulations and financial crime laws.

All disclosures will be made in accordance with UK GDPR and limited to the extent necessary to fulfil legal or contractual obligations.

6.3 Third-Party Data Processors Outside the UK

Some of our service providers operate outside the UK and European Economic Area (EEA). When transferring data internationally, we ensure compliance with GDPR safeguards such as:

Standard Contractual Clauses (SCCs) to guarantee data protection under UK law.
Binding Corporate Rules (BCRs) where applicable.
Adequacy Decisions if the recipient country has been deemed secure by the UK Government.

If you require details on specific international data transfers, you may contact us at privacy@offshorecompanyreg.com.

7. International Data Transfers

Offshore Company Reg LTD is a UK-based company, but due to the global nature of offshore services, personal data may be transferred and stored outside the UK.

7.1 When We Transfer Data Internationally

Your personal data may be transferred:

When we register offshore companies in non-UK jurisdictions.
If you request banking assistance with international financial institutions.
If our third-party service providers store or process data outside the UK.

7.2 How We Protect International Transfers

Where personal data is transferred outside the UK, we apply the following protections:

Transfers to EEA Countries: Data is protected under UK GDPR equivalency.
Transfers to Non-EEA Countries: Data is only transferred where the recipient country:
- Has an adequacy decision from the UK Government (e.g., Canada, Switzerland).
- Uses Standard Contractual Clauses (SCCs) to ensure GDPR-compliant protection.
- Implements additional security measures, including encryption and restricted access.

If no adequacy decision or SCCs are in place, we will not transfer data internationally without your explicit consent.

7.3 Your Rights Regarding International Transfers

You have the right to:

Request details of any international transfers of your personal data.
Object to data transfers that do not meet GDPR safeguards.
Withdraw consent for any discretionary transfers (where consent was the legal basis).

To make such a request, email privacy@offshorecompanyreg.com.

8. Your Data Protection Rights (Under GDPR)

Under the UK GDPR, you have specific rights regarding your personal data. Offshore Company Reg LTD ensures that you can exercise these rights in accordance with UK law.

8.1 Right to Access

You have the right to request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR). We will provide this information free of charge, unless the request is excessive or repetitive, in which case a reasonable fee may be charged.

8.2 Right to Rectification

If your personal data is inaccurate, outdated, or incomplete, you may request correction. We will update your information within 30 days, or inform you if we require further verification.

8.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data where:

The data is no longer necessary for the purpose it was collected.
You withdraw consent (if consent was the basis of processing).
Your data has been processed unlawfully.
You successfully object to processing (see Right to Object below).

However, certain data cannot be erased immediately due to:

Legal obligations (e.g., AML/KYC laws requiring data retention for 5+ years).
Ongoing contractual obligations.

8.4 Right to Restriction of Processing

You can request a temporary halt to processing if:

You contest the accuracy of the data.
Processing is unlawful, but you do not want the data deleted.
You have objected to processing and verification is pending.

8.5 Right to Data Portability

Where processing is based on consent or contract, you may request your personal data in a structured, machine-readable format to transfer to another service provider.

8.6 Right to Object

You may object to processing where:

Your data is used for direct marketing (you can opt out at any time).
Processing is based on legitimate interests, but you have compelling reasons to stop.

8.7 Right to Withdraw Consent

If you previously gave consent, you may withdraw it at any time without affecting the lawfulness of past processing.

To exercise any of these rights, contact us at privacy@offshorecompanyreg.com.

9. How to Exercise Your Rights

9.1 Submitting a Data Subject Request

To exercise any GDPR rights, email privacy@offshorecompanyreg.com with:

Your full name and email address.
The specific right you wish to exercise.
Any additional details required to process your request.

We may require identity verification before processing the request to prevent unauthorised access.

9.2 Response Time

We will respond to all valid requests within one month. If the request is complex, we may extend this period by up to two additional months, in which case we will inform you of the delay.

9.3 Complaints to the ICO (UK Data Regulator)

If you are unsatisfied with our response, you have the right to file a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
📞ICO Helpline: 0303 123 1113
🌐 Website: www.ico.org.uk

We encourage you to contact us first to resolve any concerns before reaching out to the ICO.

10. Automated Decision-Making & Profiling

10.1 No Automated Decision-Making

We do not use personal data for fully automated decisions that have legal or significant effects on users.

10.2 AML/KYC Compliance & Fraud Prevention

We may use automated tools to:

Verify identity documents for AML/KYC compliance.
Detect fraudulent transactions or suspicious activity.

If you are impacted by an automated decision, you have the right to challenge it and request human review.

11. Marketing Communications & Opt-Outs

11.1 Lawful Basis for Marketing Communications

We may send you service updates, promotions, or newsletters if:

You have explicitly opted in to receive marketing communications.
You are an existing client and our communications relate to similar services you have previously used (soft opt-in under UK GDPR).

Marketing emails will only be sent with legitimate interest or consent, and you may withdraw your consent at any time.

11.2 Opting Out of Marketing Communications

Email Unsubscribe: Every marketing email includes an unsubscribe link that allows you to opt out.
Account Preferences: You can manage your marketing preferences in your account settings.
Direct Request: You may also contact privacy@offshorecompanyreg.com to request removal from marketing lists.

11.3 Transactional vs. Marketing Emails

Opting out of marketing communications does not stop necessary transactional emails such as:

Service confirmations.
Legal notices.
Security alerts and compliance communications.

12. Cookies and Tracking Technologies

12.1 How We Use Cookies

Our website uses cookies and similar technologies to:

Improve website performance and user experience.
Provide secure authentication and fraud detection.
Conduct website traffic analysis and marketing insights.

12.2 Types of Cookies We Use

We classify cookies as:

Essential Cookies: Required for website security and functionality (e.g., authentication, fraud prevention).
Analytical Cookies: Used to measure website performance (e.g., Google Analytics).
Marketing Cookies: Used to deliver targeted advertising (subject to consent).

A full breakdown of the cookies used on our site is available in our Cookie Policy.

12.3 Managing Cookie Preferences

Cookie Banner: Users can accept or reject cookies via the consent pop-up on our website.
Browser Settings: Users can manually disable cookies through their browser settings.
Opt-Out Links: Some third-party cookies (e.g., Google Ads) allow opt-outs via their privacy settings.

For full details on cookie management, refer to our Cookie Policy.

13. Data Retention Policy

13.1 Retention Periods for Different Data Categories

We only retain personal data for as long as necessary for legal, contractual, and business purposes:

Type of Data	Retention Period	Reason for Retention
Account details	Active account duration	Required for service delivery
AML/KYC verification records	5+ years	Required by UK financial regulations
Transaction records	7 years	UK tax & audit compliance
Contact form submissions	1 year	Customer support & follow-up
Marketing preferences	Until opt-out	Direct marketing compliance
Website analytics data	26 months	Google Analytics retention settings

13.2 Secure Disposal of Personal Data

When the retention period expires:

Digital records are permanently erased.
Paper records are securely shredded.
Backups are purged where legally permitted.

We never retain data longer than necessary, and retention policies are reviewed annually.

14. Children's Data

14.1 No Services for Individuals Under 18

Offshore Company Reg LTD does not knowingly collect, process, or store data from individuals under 18. Our services are intended for adults only.

14.2 Parental Consent & Reporting

If we discover that a minor has submitted data without parental consent:

We will delete the data immediately.
Parents can contact privacy@offshorecompanyreg.com to request removal.

If you suspect a child has provided personal data, please notify us immediately.

15. Data Breach Notification Procedures

15.1 Our Commitment to GDPR Data Security

While we take every precaution to secure data, no system is immune to potential breaches. Offshore Company Reg LTD follows GDPR-mandated breach notification procedures in case of a security incident.

15.2 What Happens If a Data Breach Occurs?

In the event of a breach affecting personal data, we will:

Contain and investigate the incident immediately.
Assess the risk to affected individuals.
Notify the Information Commissioner’s Office (ICO) within 72 hours, if legally required.
Inform affected individuals as soon as possible, with recommended security actions.
Implement corrective measures to prevent future breaches.

15.3 How You Will Be Notified

If a breach poses a high risk to your rights and freedoms, we will notify you via:

Email (if contact details are available).
Public notification (if a large number of users are affected).

For further inquiries about data security, contact privacy@offshorecompanyreg.com.

16. Third-Party Links & External Services

16.1 External Links Disclaimer

Our website may contain links to third-party websites, affiliates, or service providers. Offshore Company Reg LTD is not responsible for:

How third parties collect, process, or use personal data.
The content, policies, or security of external websites.

We encourage users to review third-party privacy policies before engaging with external links.

16.2 Third-Party Banking & Incorporation Partners

If you engage with third-party banking providers or incorporation agents, their privacy policies will govern their data collection. We do not control their data processing activities.

If you have concerns about a third-party service provider, you should contact them directly.

17. Compliance with Regulatory Authorities

17.1 Cooperation with UK & International Regulators

We comply with data protection authorities, including:

The Information Commissioner’s Office (ICO) in the UK.
Financial regulators & AML/KYC authorities where applicable.

If required by law, we will provide necessary disclosures while ensuring minimal impact on data subjects.

17.2 How to Lodge a Complaint

If you believe Offshore Company Reg LTD has mishandled your data, you can:

Contact our Data Protection Officer (DPO): privacy@offshorecompanyreg.com.
Lodge a complaint with the ICO (UK’s data regulator):

📍 Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
📞 Helpline: 0303 123 1113
🌐 Website: www.ico.org.uk

We encourage users to contact us first before escalating to regulators.

18. Changes to This Privacy Policy

18.1 Our Right to Modify This Policy

Offshore Company Reg LTD reserves the right to update or modify this Privacy Policy at any time to reflect:

Changes in legal or regulatory requirements (e.g., updates to UK GDPR or financial compliance laws).
Adjustments to our data processing practices.
Updates to our services, technology, or security measures.

We will always ensure that our Privacy Policy remains transparent and compliant with UK data protection laws.

18.2 How We Will Notify Users of Changes

We will take reasonable steps to inform users of significant changes, including:

Email notifications for material changes.
Website updates, where the revised Privacy Policy will be available.
Pop-up banners or alerts, where legally required.

Users are encouraged to review this Privacy Policy periodically to stay informed of any updates.

18.3 Continued Use as Acceptance

By continuing to use our website or services after an update, you acknowledge and agree to the revised terms of this Privacy Policy. If you do not agree with any modifications, you must cease using our services immediately.

19. Dispute Resolution & Governing Law

19.1 Governing Law

This Privacy Policy shall be governed by and interpreted in accordance with the laws of England and Wales, without regard to conflict-of-law principles.

19.2 Dispute Resolution Process

If a dispute arises concerning this Privacy Policy or how Offshore Company Reg LTD handles personal data, we encourage you to:

Contact us first at privacy@offshorecompanyreg.com to attempt an informal resolution.
If the issue is unresolved, you may escalate the matter to the Information Commissioner’s Office (ICO).
If necessary, legal action may be brought before the courts of England and Wales.

19.3 No Class Actions

Users agree that any dispute resolution shall be conducted on an individual basis. Class actions or collective legal proceedings against Offshore Company Reg LTD are not permitted under this Privacy Policy.

20. Contact Information

For all privacy-related inquiries, requests, or complaints, please contact us using the details below:

📧 Email: privacy@offshorecompanyreg.com
📍 Registered Address: Offshore Company Reg LTD, 71 – 75 Shelton Street, Covent Garden, London, WC2 9JQ, UK

For legal or regulatory concerns, you may also contact the Information Commissioner’s Office (ICO):

📍 Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
📞 Helpline: 0303 123 1113
🌐 Website: www.ico.org.uk

We are committed to handling your data with the highest standards of transparency, security, and compliance.