Data Retention Policy
 Effective Date: 10 Sep 2025

This Data Retention Policy outlines how long Company Formation365 Ltd retains personal and identification data collected through https://idverificationfordirectors.co.uk, in accordance with UK GDPR, Companies House regulations, and our role as an Authorised Corporate Service Provider (ACSP).

1. Legal Basis for Data Retention

As an ACSP acting on behalf of clients for director identity verification, we are legally required by Companies House and the Economic Crime and Corporate Transparency Act 2023 to retain verified identity evidence for a minimum of seven (7) years from the date of verification.

2. Retention of Personal and Identity Documents

The following data will be retained securely for 7 years:

  • Verified identity documents (passport, driving licence) 
  • Facial biometric images (selfie photos) 
  • Submission metadata (IP address, timestamp, verification outcome) 
  • Communication logs between client and Company Formation365 Ltd 
  • Final verification outcome logs submitted to Companies House 

After the 7-year retention period has expired, all data will be permanently and securely deleted from our systems, including encrypted backups.

3. Retention of Marketing and Contact Data

Contact data collected through form submissions or verification processes may be used (with consent) for marketing of relevant business and accountancy services.

  • This data will be retained for up to 12 months for marketing purposes 
  • You may unsubscribe or request removal at any time 
  • Email marketing data is deleted or anonymised if inactive after 12 months 

4. Payment Data

All payment processing is handled through Stripe.
 We do not retain or store your credit/debit card information.
 Stripe maintains PCI-DSS compliance and handles transaction logs independently.

5. Secure Storage Practices

All retained data is:

  • Encrypted at rest and in transit 
  • Stored on secure UK-based servers or data centres 
  • Accessible only to authorised personnel for compliance or audit purposes 

6. Data Subject Rights

Under UK GDPR, you have the right to:

  • Access your retained data 
  • Request correction or restriction 
  • Request deletion (where legally possible) 

Note: Deletion of verified identity data before the end of the 7-year retention window is not permitted under Companies House regulations.

For any data-related queries or concerns, please contact:

📧 cf@companyformation365.com

📧 services@companyformation365.com

Copyright 2025 © Company Formation 365

Developed by Greystack Solutions