Mustardtree Partners Ltd (company number 16815318), trading as Mustardtree Partners, operates the website mustardtreegroup.com (the "Site"). We provide professional company secretarial, business intelligence and governance services. When we collect and process personal data in connection with the Site and our services, we are the "data controller" for the purposes of the UK GDPR and the Data Protection Act 2018.
2. What information we collect
We collect and process a variety of information depending on how you interact with us. This may include:
Contact details: such as your name, job title, email address, postal address and telephone number when you correspond with us, request information or purchase services.
Business information: including your company name, registration number and professional interests.
Service usage data: details about your visits to our Site including IP address, browser type and version, time‑zone setting, pages viewed and the date and time of your visit. This may be collected automatically through cookies and similar technologies (see Cookies below).
Payment information: basic billing details and transaction history if you engage us for paid services. We do not store complete payment card details; these are processed securely by our payment service providers.
We do not intentionally collect special categories of personal data (such as health information) or data relating to criminal offences through the Site.
3. How we use your information
We use the personal data we collect for the following purposes:
To provide our services: We use contact and business information to set up company secretarial services, maintain statutory registers, prepare filings, manage registered office addresses and deliver business intelligence reports.
To administer our relationship: We use your details to respond to enquiries, send quotations, invoice for services, collect payments and maintain our records.
To operate and improve the Site: Usage information helps us understand how visitors use our Site so that we can maintain security, fix technical issues and improve user experience.
To promote our business: Where permitted by law or with your consent, we may send marketing communications about our services. You can opt out at any time by following the unsubscribe instructions in our emails or contacting us.
To comply with legal obligations: We retain records and share information where necessary to comply with company law, HMRC requirements, anti‑money laundering obligations or court orders.
4. Legal bases for processing
Under the UK GDPR, we must have a lawful basis for processing personal data. Depending on the context, we rely on one or more of the following:
Contract: Processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
Legitimate interests: We have a legitimate interest in running and promoting our business, keeping our Site secure and developing our services. We balance this with your interests and fundamental rights.
Legal obligation: Processing is necessary to comply with a legal obligation, such as maintaining statutory records or responding to lawful requests.
Consent: In some cases we may ask for your consent (for example, to send certain marketing communications). You can withdraw consent at any time.
5. How we share your information
We will not sell or rent your personal data. We may share it with trusted third parties under written agreements that protect your privacy, including:
Service providers and suppliers who help us deliver our services (for example, cloud hosting providers, email marketing platforms, analytics providers, payment processors, identity verification and anti‑money‑laundering services, or Companies House filing agents). These providers only process your data on our instructions and subject to confidentiality obligations.
Professional advisers (such as accountants, auditors and lawyers) as necessary for our legitimate business interests and as permitted by law.
Government agencies, regulators or law enforcement where we are required to do so by law or to protect our rights and the rights of others.
In the event of a business reorganisation, sale or merger, personal data may be transferred to the new entity subject to this Privacy Policy and UK data protection laws.
6. International transfers
Some of our service providers are located outside the UK, so your personal data may be transferred internationally. Whenever we transfer data to countries that are not subject to an adequacy decision by the UK Government, we put in place appropriate safeguards, such as the International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, to ensure your information remains protected.
7. How long we keep your information
We keep personal data only for as long as is necessary for the purposes described in this policy. This generally means we will retain information:
For at least six years after the end of a client relationship to comply with legal and tax obligations;
For marketing contacts, until you opt out or we determine that your details are no longer up to date;
For enquiries that do not result in a contract, for up to two years.
We securely delete or anonymise data when it is no longer needed.
8. Your rights
UK data protection law gives you rights in relation to your personal data. You may:
Request access to the personal data we hold about you;
Request correction of inaccurate or incomplete data;
Request erasure of your data, where there is no good reason for us to continue processing it;
Request restriction of processing in certain circumstances;
Object to processing based on legitimate interests or to direct marketing;
Request the transfer of your data to another provider (data portability); and
Withdraw consent at any time when we are processing your data on the basis of consent.
You can exercise these rights by contacting us at the details below. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Cookies
Our Site uses cookies and similar technologies to enable essential functionality and to help us understand how people use it. We use:
Strictly necessary cookies: required for the Site to function (for example, to remember your cookie preferences).
Analytics cookies: used to collect information about how visitors interact with our Site so we can improve it. Analytics data is aggregated and does not directly identify you.
Functionality cookies: used to remember your preferences (such as language or region).
When you first visit our Site, we will ask for your consent to use non‑essential cookies. You can change your cookie preferences at any time by adjusting your browser settings or by using the cookie banner if available.
10. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss or destruction and unlawful disclosure. However, no online transmission can be guaranteed to be completely secure, so you should always take care when sharing information over the internet.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the law or our practices. The updated version will be posted on this page with a new effective date. Please review this page regularly to stay informed.
12. Contact us
If you have any questions about this Privacy Policy, our data practices or your rights, please contact us at:
Mustardtree Partners Ltd
33A Great George Street, Leeds LS1 3BB, United Kingdom