Your privacy.
Our responsibility.

Activate Global Limited is the Data Controller for personal data processed through our website and services. As Data Controller, we determine the purposes and means of processing your personal data and are responsible for ensuring it is handled in accordance with applicable data protection law.

If you have any questions about how we use your personal data, or wish to exercise any of your rights under UK GDPR, you can contact us at the details above or via the Contact page.

We collect personal data through the following means: information you provide to us directly, information collected automatically when you use our website, and information obtained from third parties in connection with service delivery.

We use your personal data only for the purposes for which it was collected or for compatible purposes. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

• Service delivery: To process your application for UK company formation, bank account opening, registered office address, nominee director services, and any other services you request from us.
• KYC / AML compliance: To verify your identity and conduct legally required anti-money laundering and Know Your Customer checks in connection with the services we provide.
• Communication: To respond to your enquiries, provide service updates, send order confirmations, and follow up on incomplete applications.
• Partner programme administration: To manage referral partner relationships, process commission payments, and provide access to the partner portal and marketing materials.
• Legal and regulatory compliance: To comply with Companies House filing requirements, HMRC obligations, and other applicable UK laws and regulations.
• Marketing communications: To send you information about our services, new offerings, and relevant updates — only where you have given consent or we have a legitimate interest, and always with an easy opt-out.
• Website improvement: To understand how visitors use our website and improve the user experience through analytics data.
• Fraud prevention and security: To detect and prevent fraudulent activity, protect our clients, and maintain the security of our systems.

UK GDPR requires us to have a lawful basis for processing your personal data. We rely on the following lawful bases:

• Contract (Article 6(1)(b)): Processing is necessary to perform the service contract we have with you — for example, processing your application and delivering your UK company or bank account.
• Legal obligation (Article 6(1)(c)): Processing is necessary to comply with legal requirements — including KYC, AML, Companies House filings, and tax record-keeping obligations.
• Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests — including responding to enquiries, maintaining partner relationships, improving our services, and preventing fraud — where these interests are not overridden by your data protection rights.
• Consent (Article 6(1)(a)): Where we send marketing communications, we rely on your consent. You may withdraw consent at any time by contacting us or using the unsubscribe link in any email.

We do not sell, rent, or trade your personal data to third parties. We share data only where necessary to deliver our services or meet legal obligations, and only with parties who have agreed to process data in compliance with UK GDPR.

We may share your data with the following categories of recipients:

• Banks and financial institutions: Where you have applied for a UK bank account, we share the personal and business information necessary to process your application with the chosen bank (e.g. Barclays, NatWest, Monzo, Lloyds, Anna, Zempler Bank, WorldFirst, or Tide). These institutions have their own privacy policies and are independent data controllers for their portion of the process.
• Companies House: Personal data for directors, shareholders and persons with significant control (PSC) is submitted to Companies House as required by the Companies Act 2006. This data becomes part of the public register.
• HMRC and regulatory authorities: Where we are required by law to report or disclose information to HMRC, the ICO, law enforcement, or other regulatory bodies.
• Payment processors: We use secure third-party payment processors to handle payments. We do not receive or store full card or bank account details.
• IT and software service providers: Including secure cloud storage, email providers, CRM systems, and website hosting providers — all operating under data processing agreements.
• Professional advisors: Including solicitors, accountants and auditors bound by professional confidentiality obligations.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting or regulatory requirements.

When data is no longer required, it is securely deleted or anonymised in accordance with our data destruction procedures.

Activate Global Limited is a UK-registered company. Our primary data processing and storage takes place within the United Kingdom and the European Economic Area (EEA), both of which maintain adequate data protection standards under UK GDPR.

Where any service provider or tool we use processes data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO or the European Commission
• Adequacy decisions recognising the destination country's data protection standards
• Binding Corporate Rules where applicable

If you are based outside the UK and provide us with personal data to process your service application, that transfer is necessary for the performance of your contract with us — a recognised basis for international transfers under UK GDPR.

Our website uses cookies and similar tracking technologies to improve your experience, analyse traffic, and understand how visitors interact with our content. You can control cookie preferences through your browser settings or our cookie consent tool.

You can withdraw or modify your cookie consent at any time by clearing your browser cookies or adjusting your consent preferences. Withdrawing consent for analytics or marketing cookies will not affect the functionality of our website.

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us using the details in Section 13.

We will respond to all data rights requests within 30 days. In complex cases, we may extend this by a further two months, in which case we will notify you promptly and explain the reason for the delay.

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encryption in transit: All data submitted via our website is transmitted using TLS (HTTPS) encryption.
• Access controls: Personal data is accessible only to authorised personnel who require it to perform their role, and is subject to confidentiality obligations.
• Secure document handling: Identity documents uploaded for KYC purposes are transmitted and stored using encrypted channels and deleted in accordance with our retention policy once no longer required.
• Third-party security assessments: We review the security practices of third-party service providers before sharing data with them.
• Incident response: We maintain procedures to detect, report, and respond to data breaches. Where a breach is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours of discovery.

No method of transmission over the internet or electronic storage is 100% secure. While we implement strong safeguards, we cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately.

Our website and services are directed exclusively at adults (persons aged 18 and over). We do not knowingly collect personal data from children under the age of 18.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete that information from our records. If you believe we may have collected data from a minor, please contact us at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The date of the most recent revision is displayed at the top of this page and in the Version strip in the banner above.

Where changes are material — meaning they significantly affect how we use your personal data or your rights — we will notify you by email (if we hold your email address) or by placing a prominent notice on our website prior to the change taking effect.

Your continued use of our website or services after the updated policy has been posted constitutes your acceptance of the revised terms. If you do not agree to the updated policy, please cease use of our services and contact us to request deletion of your data.

If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or want to raise a concern about how we handle your personal data, please contact us through any of the following channels:

If you are unsatisfied with our response to any privacy concern, you have the right to escalate your complaint to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF