Privacy Policy

Your privacy is important to us. This policy explains how we handle and use your personal information.

Last updated: 21 October 2025

1Contact Information

Organisation: Millstone Compliance Ltd

Address: United Kingdom

Email: hello@millstonecompliance.com

Phone: +447591092103

For data protection inquiries or to exercise your rights, please contact us using the details above.

2Data Collection

What Personal Data We Collect

We collect personal information that you voluntarily provide to us, including:

  • Name and contact details (email address, phone number)
  • Company name and business information
  • Information about your packaging and compliance needs
  • Assessment responses and compliance data
  • Payment information (processed securely by third-party providers)
  • Communication history and enquiry records

Technical Data

We automatically collect certain technical information when you visit our website:

  • IP address and browser type
  • Pages visited and time spent on each page
  • Referring URL and device information
  • Interaction data with our website features

How We Collect Data

  • Through contact forms and assessment questionnaires
  • Via email communications
  • Through website analytics and cookies
  • From calendar scheduling systems (Calendly)
  • Through email template interactions

Legal Basis for Processing

We process your personal data based on:

  • Consent: When you voluntarily provide information and explicitly consent to processing
  • Contract Performance: To provide compliance assessment services you've requested
  • Legitimate Business Interests: To improve our services, maintain security, and communicate with you
  • Legal Compliance: To meet UK regulatory requirements

3Data Usage and Purpose

We use your personal data for the following purposes:

Service Delivery

Providing PPT compliance assessments, audit support, and related services

Communication

Responding to enquiries, sending assessment results, scheduling consultations, and providing updates

Business Improvement

Analysing service usage to improve our offerings and personalise user experience

Marketing & Updates

Sending relevant compliance updates, resources, and news (only with your consent)

Security & Compliance

Detecting fraud, maintaining security, and complying with legal obligations

Data Sharing

We do not sell or share your personal data with third parties except:

  • With trusted service providers (email providers, payment processors, hosting providers)
  • When required by law or regulatory authority (HMRC, ICO)
  • To comply with legal obligations or protect our rights
  • With calendar scheduling services when you book a consultation

All third parties are contractually obligated to protect your data.

Data Retention

  • Assessment data: Retained for 7 years (in line with UK tax regulations)
  • Email communications: Retained for 3 years unless legally required longer
  • Website analytics: Retained for 26 months
  • Contact enquiries: Retained for 2 years unless active service relationship

4Your Rights and Choices

Under UK GDPR and Data Protection Act 2018, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you

Right to Rectification

You can request correction of inaccurate or incomplete information

Right to Erasure

You can request deletion of your data (subject to legal retention obligations)

Right to Restrict Processing

You can limit how we use your data while your request is investigated

Right to Data Portability

You can request your data in a structured, portable format

Right to Withdraw Consent

You can withdraw consent to marketing communications at any time

How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@millstonecompliance.com. We will respond within 30 days (or up to 60 days for complex requests).

5Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: All sensitive data is encrypted in transit (SSL/TLS) and at rest
  • Access Controls: Only authorised staff can access personal data, with role-based permissions
  • Secure Servers: Data is hosted on secure, managed servers with regular security updates
  • Regular Audits: We conduct regular security assessments and penetration testing
  • Data Backups: Regular encrypted backups ensure data recovery in emergencies
  • Incident Response: We have procedures to detect and respond to security breaches
  • Staff Training: Our team receives regular data protection and security training

Security Note

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data. If you believe your data has been compromised, please contact us immediately.

6Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience:

Essential Cookies

Required for website functionality (authentication, security, form submission)

Analytics Cookies

Help us understand how visitors use our website to improve performance

Preference Cookies

Remember your preferences and settings for future visits

Third-Party Services

We use the following third-party services which may set cookies:

  • Calendly (for scheduling consultations)
  • Google Analytics (for website analytics)
  • Email providers (for communication tracking)

These services have their own privacy policies.

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling cookies may affect website functionality.

7Updates and Legal Compliance

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our website constitutes acceptance of any changes.

Legal Framework

This Privacy Policy complies with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • UK Privacy and Electronic Communications Regulations (PECR)
  • HMRC compliance regulations

Data Protection Authority

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: www.ico.org.uk
  • Email: casework@ico.org.uk
  • Phone: 0303 123 1113

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@millstonecompliance.com.

This Privacy Policy was last updated on 21 October 2025 and is effective immediately.