+44 212 582 0192 [email protected]

Privacy Notice

Last Updated: [Insert Date]

Version: [e.g., 2.1]

1. Introduction

Formiti Data International (“Formiti,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. As a global data privacy consultancy, we hold ourselves to the highest standards of data compliance.

This Privacy Notice explains how we collect, use, share, and protect personal data when you:

  • Visit our website (www.formiti.com).
  • Engage our services (e.g., DPO as a Service, Article 27 Representation).
  • Interact with us as a business partner, vendor, or job applicant.

2. Who We Are (Data Controller)

For the purposes of the UK and EU General Data Protection Regulation (GDPR), the primary Data Controller for your information is:

Formiti Data International UK Ltd * Headquarters: Grosvenor House, St Pauls Square, Birmingham, B3 1RB, United Kingdom]

  • Company Registration Number: 13800105

EU Representative (for EU GDPR Article 27): Entity: Formiti Data International (EU Office)

  • Address: 6 Fern Road, Sandyford,Dublin, D18 FP98, Ireland

Swiss Representative (for CH FADP Article 14): Entity: Formiti Data International (CH Office)

  • Address: Chamerstrasse 172, 6300 Zug Switzerland (eigene Büros)

 

Data Protection Officer (DPO): To contact our internal privacy team regarding your rights:

3. Data We Collect

We collect personal data to provide our consultancy services and manage our business operations.

A. Information You Provide to Us

Category Identity Data, Contact Data, Technical Data, Marketing Data, 
Identity Data First name, last name, job title, username.
Contact Data Billing address, email address, telephone numbers.
Marketing Data Your preferences in receiving marketing from us and your communication preferences.
Recruitment Data CVs, resumes, and background check info (if you apply for a job).

 

B. Information We Collect Automatically

When you use our website, we may automatically collect:

  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
  • Usage Data: Information about how you use our website and services (e.g., clickstreams, page interaction).

4. How and Why We Use Your Data (Legal Basis)

Under GDPR, we must have a lawful basis for processing your data. We rely on the following:

Purpose/Activity Type of Data Lawful Basis for Processing
Client Onboarding: To register you as a new client and perform conflict checks. Identity, Contact, Financial Performance of Contract
Service Delivery: To deliver DPO, legal representation, or consultancy services. Identity, Contact,  Performance of Contract
Relationship Management: To notify you about changes to our terms or privacy policy. Identity, Contact Legal Obligation
Marketing: To send you newsletters, regulatory updates, or service offers. Identity, Contact, Usage Consent (where required) or Legitimate Interest (B2B)
Security & Optimization: To administer and protect our business and website (troubleshooting, data analysis). Technical, Usage Legitimate Interest (Network security and running our business)

5. International Data Transfers

As a global firm, we may transfer your data outside the UK or European Economic Area (EEA), specifically to our offices or partners in the USA, Thailand, or other jurisdictions.

We ensure your data remains protected by implementing one of the following safeguards:

  • Adequacy Decisions: Transferring data to countries deemed to provide an adequate level of protection (e.g., UK to EU flows).
  • Standard Contractual Clauses (SCCs) / IDTA: Where we transfer data to the USA or other non-adequate countries, we utilize the UK International Data Transfer Agreement (IDTA) or EU SCCs.
  • Binding Corporate Rules (BCRs): For internal group transfers.

6. Disclosure of Your Data

We may share your personal data with:

  • Internal Parties: Other companies in the Formiti Group (e.g., Branch Offices Formiti Thailand, Format Switzerland) acting as joint controllers or processors.
  • Service Providers: IT and system administration providers (e.g., cloud hosting, CRM providers).
  • Professional Advisers: Lawyers, bankers, auditors, and insurers.
  • Regulators: The ICO (UK), DPC (Ireland), or other authorities if required by law.

We do not sell your personal data.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including satisfying any legal, regulatory, tax, or accounting requirements.

  • Client Files: Typically retained for 6–7 years after the conclusion of the matter (for limitation periods).
  • Marketing Data: Retained until you opt-out or withdraw consent.

8. Your Legal Rights (GDPR & UK DPA)

Under data protection laws, you have the right to:

  1. Request Access (Data Subject Access Request).
  2. Request Correction of incomplete or inaccurate data.
  3. Request Erasure (“Right to be Forgotten”).
  4. Object to Processing (specifically for direct marketing).
  5. Request Restriction of processing.
  6. Request Transfer (Data Portability).
  7. Withdraw Consent at any time.

To exercise any of these rights, please email [email protected]. We aim to respond to all legitimate requests within one month.

9. California Residents (CCPA/CPRA Addendum)

If you are a resident of California, this section provides additional disclosures required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

A. Categories of Information Collected (Last 12 Months)

  • Identifiers: Name, email, IP address.
  • Commercial Information: Records of services purchased.
  • Internet Activity: Browsing history on our site.
  • Professional Info: Job title, employer.

B. Your California Rights

  • Right to Know: You may request the specific pieces of personal information we have collected about you.
  • Right to Delete: You may request that we delete personal information we have collected from you (subject to exceptions).
  • Right to Opt-Out of Sale/Sharing: Formiti does not sell personal data. We do not “share” data for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: We do not collect “Sensitive Personal Information” (as defined by CPRA) for the purpose of inferring characteristics about you.

To exercise these rights, email [email protected].

11. Third-Party Links

Our website may include links to third-party websites (e.g., regulatory bodies, partners). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

12. Changes to This Notice

We keep our privacy notice under regular review.

  • Current Version: 19/01/2026

Quick Links

About Us

Services

Projects

Blog

Contact Us

Branch Offices

Ireland                                    6 Fern Road, Sandyford,    Dublin, D18 FP98, Ireland

Switzerland    Chamerstrasse 172, 6300 Zug (eigene Büros)

Thailand                        Village Chai Charoen Ville Project 7 88/103 Village No. 8, Nakhon Sawan Tok, Subdistrict Mueang Nakhon Sawan Province 60000, Thailand

Headquarters

Grosvenor House,           11 St Pauls Square, Birmingham B3 1RB, UK 

[email protected]

+44 (0) 1215820192

Follow Us

Formiti Logo