# Kent Business Address Privacy Policy

Canonical URL: https://kentbusinessaddress.com/privacy-policy

Version 1.0 | 11 April 2026

This Privacy Policy explains how Kent Business Address & Virtual Mail collects, uses, protects, and retains personal data in connection with its mail handling and registered office services.

[Your Full Address], Kent, [Postcode], United Kingdom
Email: [info@kentbusinessaddress.co.uk]
ICO Registration: [INSERT REGISTRATION NUMBER]

## 1. Who We Are

Kent Business Address & Virtual Mail is the data controller responsible for personal data collected in connection with the services. The policy states that the business is registered with the Information Commissioner's Office, with the registration number to be inserted.

## 2. Personal Data We Collect

- Full legal name, date of birth, nationality, home address, correspondence address, forwarding address, email, and telephone number.
- Company details including company name, registration number, nature of business, and SIC code.
- Identity and proof-of-address documents, billing details, signed contracts, forms, and correspondence.
- Details of directors, beneficial owners, and PSCs of client businesses.
- Personal data contained within Mail Items where mail is received, handled, opened, or scanned on the client’s behalf.
- CCTV footage for clients visiting the premises for collection appointments.
- Technical and website usage data such as IP address, browser type, page visits, and cookie-related data.

## 3. How and Why We Use Your Data

| Purpose | Data Used | Lawful Basis |
| --- | --- | --- |
| Provide and manage services | Account, identity, mail data | Performance of contract |
| Verify identity before onboarding | ID documents, personal details | Legal obligation / Legitimate interests |
| Sanctions and PEP screening | Name, nationality, date of birth | Legal obligation / Legitimate interests |
| Process payments | Payment and billing data | Performance of contract |
| Send mail arrival notifications | Email address | Performance of contract |
| CCTV monitoring at premises | CCTV footage | Legitimate interests / Legal obligation |
| Comply with legal obligations | All relevant data | Legal obligation |
| Prevent fraud and crime | Identity, account, mail data | Legal obligation / Legitimate interests |
| Handle complaints and disputes | Account and correspondence data | Legitimate interests / Legal obligation |
| Improve services | Anonymised usage data | Legitimate interests |
| Document shredding and storage services | Document content, client details | Performance of contract |

## 4. Special Category Data

Mail Items may occasionally contain special category data including health information, financial distress information, or other sensitive personal information. The policy states this data is processed only where necessary to deliver the service, on the basis of explicit consent through the Mail Handling Authority or another lawful basis, and is not retained beyond what is strictly necessary.

## 5. Automated Decision-Making

Where AI-assisted tools are used to classify, sort, or process incoming mail, the policy states this does not amount to automated decision-making producing legal effects. Outputs are reviewed by staff before action is taken, and clients may request human review.

## 6. Data Sharing

- Payment processors and financial institutions.
- Royal Mail, couriers, and postal operators for forwarding services.
- Cloud storage and IT service providers acting as processors under written agreements.
- Sanctions screening and PEP database providers.
- Professional advisers such as solicitors and accountants under confidentiality obligations.
- Law enforcement, regulators, courts, Companies House, and other public bodies where required by law.
- Document shredding and storage contractors where the relevant optional service is used.

## 7. Retention Schedule

| Category | Retention Period | Legal Basis |
| --- | --- | --- |
| Identity verification documents | 5 years post-termination | Legal obligation |
| Client account data | 6 years post-termination | Legal obligation |
| Financial and billing records | 6 years | HMRC requirement |
| Mail Handling Authority | 6 years post-termination | Contract / Legal obligation |
| Scanned mail images | 90 days | Contract (deletable on request) |
| Mail log and audit records | 6 years | Legal obligation |
| CCTV footage | 31 days | ICO guidance |
| Complaints records | 6 years | Legal obligation |
| Document storage records | Duration + 6 years | Contract / Legal obligation |
| Website analytics | 26 months | ICO guidance |

## 8. Your Rights Under UK GDPR

Requests can be made using [info@kentbusinessaddress.co.uk]. The policy states that responses will normally be provided within one calendar month.

Where erasure is requested for data that must legally be retained, processing may instead be restricted.

- Right of access.
- Right to rectification.
- Right to erasure where no lawful basis exists.
- Right to restriction of processing.
- Right to portability.
- Right to object where processing relies on legitimate interests.
- Right to withdraw consent where consent applies.
- Right to human review of automated decisions.

## 9. International Transfers

The policy states that data is stored and processed within the United Kingdom. Where any third-party processor transfers data outside the UK, appropriate safeguards such as UK-approved standard contractual clauses or adequacy arrangements are to be used.

## 10. Security

The policy states that technical and organisational measures are used to protect personal data, including encrypted storage and transmission, restricted access, secure physical storage of mail and documents, CCTV monitoring, staff training, and periodic security reviews.

In the event of a personal data breach, the ICO will be notified within 72 hours where required, and affected individuals will be notified without undue delay where a high risk exists.

## 11. Children

The services are not directed at children under 18, and the company does not knowingly collect data from children.

## 12. Complaints

If you have a concern, contact the company first. If the matter is not resolved, you may complain to the Information Commissioner's Office.

Information Commissioner's Office | www.ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF