Contact PhoneRegister & Manage My Company
EAGLE BUSINESS

Privacy Policy

How we collect, use and protect your personal information

Eagle Business — Data Controller

Company Number: 16550268

AML Registration No. XWML00000211007

Last updated: 10 June 2026

Quick Navigation

1. Information We Collect

We collect information you provide directly to us, including:

  • Company information (name, number, registered address)
  • Identification documents required for KYC and anti-money-laundering checks
  • Financial data necessary to prepare accounts and tax returns
  • Contact information (email, name)
  • HMRC Government Gateway authorisation tokens — held only as needed to make the submissions you authorise
  • Website usage data (IP address, browser type, pages viewed) collected via essential cookies

2. How We Use Your Information

  • Provide, maintain and improve our services
  • Process company registrations and prepare and submit filings to HMRC on your instruction
  • Send you technical notices, receipts and support messages
  • Prevent fraud and meet KYC / anti-money-laundering obligations
  • Comply with our legal obligations

3. Information Sharing

We do not sell, trade or rent your personal information. We share data only:

  • With statutory recipients — HMRC and Companies House — to make or support filings on your instruction
  • With our sub-processors, each bound by a written agreement: cloud hosting and database (hosted in the AWS London / eu-west-2 region), transactional email delivery, and payment processing
  • With your consent or at your direction
  • To comply with legal obligations or to protect our rights, safety or property

4. Retention

We retain your data for the periods below. After the relevant period, data is deleted or anonymised. We retain longer where required by law (for example, accounting records under HMRC and Companies Act 2006 requirements).

Data typeRetention periodReason
Filings (CT600 returns, accounts, computations, supporting documents)7 years from the end of the accounting periodHMRC record-keeping (Finance Act 1998 Sch. 18)
Account and billing records7 years from account closureCompanies Act 2006 / VAT record-keeping
Support correspondence3 years from resolutionService quality and dispute resolution
Marketing communicationsUntil you unsubscribe, then up to 30 days for suppression-list maintenancePECR / UK GDPR compliance
Server and audit logs90 daysSecurity monitoring and operational diagnostics

5. Deletion

You can request deletion of your account and associated data at any time by emailing cs@ukcompany.org. We will:

  • Acknowledge your request within 5 working days.
  • Delete or anonymise your account, profile and any data not subject to a legal retention obligation within 30 days.
  • Retain only the categories listed in section 4 that are required by law (typically the filing record for the statutory period), with all other associated identifiers redacted where possible.
  • Confirm completion in writing, summarising what was deleted and what was retained under a legal basis.

6. Your Data Protection Rights (UK GDPR)

Under UK data protection law you have the following rights in respect of your personal data:

  • Access: request a copy of your personal data
  • Rectification: request correction of inaccurate data
  • Erasure: request deletion of your data, subject to legal retention requirements (see sections 4 and 5)
  • Restriction: request that we limit processing of your data
  • Portability: request your data in a portable, machine-readable format
  • Objection: object to certain types of processing

To exercise any of these rights, contact cs@ukcompany.org.

7. Lawful Basis for Processing

  • Contract: processing necessary to provide the services to you
  • Legal obligation: processing necessary to comply with HMRC, Companies House, anti-money-laundering and tax legislation
  • Legitimate interests: processing necessary for our operations, including service improvement and fraud prevention, where this does not override your rights
  • Consent: for non-essential cookies and marketing communications, withdrawable at any time

8. International Transfers

Production data is hosted within the United Kingdom (AWS London / eu-west-2 region). Where a sub-processor is located outside the UK, transfers are protected by the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another approved transfer mechanism.

9. Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+), row-level data isolation between customers, access controls and regular backups. However, no internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Cookies

We use only the cookies necessary to operate the website, and set non-essential cookies only with your consent. For full detail of the cookies we use and how to manage them, see our Cookie Policy.

11. Contact & Complaints

If you have any question or complaint about how we handle your data, please contact us first at cs@ukcompany.org. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113

By using our services, you acknowledge that you have read and agree to this Privacy Policy.