Français

Privacy

Privacy notice

Last updated: 25 April 2026

This privacy notice explains how Essential Studio Ltd, trading as Essential Governance Services, collects and uses personal data.

Essential Studio Ltd is the controller for personal data used for its own business administration, enquiries, billing, client management and website operation.

Where Essential Governance Services processes personal data on behalf of a client as part of a defined client matter, it may act as a processor and process that data under the client’s documented instructions and any agreed data processing terms.

Who we are

Essential Governance Services is a trading name of Essential Studio Ltd.

Essential Studio Ltd is a private limited company registered in England and Wales.

Company number
16471280
Registered office
Suite A
82 James Carter Road
Mildenhall
United Kingdom
IP28 7DE
Email
info@essentialgovernance.co.uk

What personal data we collect

Depending on the nature of the enquiry or work, we may collect and use:

  • Name, business name and job title.
  • Business email address, telephone number and postal address.
  • Details of enquiries, instructions, deadlines and project scope.
  • Company information, statutory records, forms, filings and supporting documents.
  • Information about directors, shareholders, beneficial owners, officers, representatives or other individuals contained in business documents.
  • Billing, payment and invoice information.
  • Correspondence, notes and records of work carried out.
  • Technical information needed to provide workflow, automation or software support.

We do not ask clients to provide special category data unless it is strictly necessary for a defined piece of work. If such data appears in client-provided documents, we will handle it only as needed for the agreed work.

How we collect personal data

We may collect personal data:

  • Directly from you when you contact us.
  • From your organisation or professional advisers.
  • From documents you or your organisation provide.
  • From public registers, official filing portals or company information services.
  • From email correspondence and business records.
  • From suppliers or service providers used to deliver agreed work.

Why we use personal data

We use personal data to:

  • Respond to enquiries.
  • Assess and agree the scope of work.
  • Provide B2B company formalities, document workflow and technology advisory services.
  • Prepare documents, records, forms, notes and handoff materials.
  • Communicate with clients, suppliers and professional contacts.
  • Manage invoices, payment records and accounting obligations.
  • Maintain internal records and evidence of work completed.
  • Protect the business from fraud, misuse, disputes or legal claims.
  • Comply with legal, tax, accounting and regulatory obligations.

Lawful bases

We rely on one or more of the following lawful bases:

Contract
Where processing is necessary to take steps before entering into a contract or to perform a contract.
Legitimate interests
Where processing is necessary for normal B2B operations, client communication, internal administration, record keeping, service improvement, dispute prevention or business protection.
Legal obligation
Where processing is necessary to comply with legal, tax, accounting or statutory requirements.
Consent
Where we specifically ask for consent, for example for optional marketing or non-essential cookies. You can withdraw consent at any time.

Legitimate interests

Our legitimate interests include:

We only rely on legitimate interests where we consider that those interests are not overridden by the rights and freedoms of the individuals concerned.

  • Operating a B2B services business.
  • Responding to business enquiries.
  • Delivering agreed work.
  • Keeping clear records of instructions, work carried out and client communications.
  • Managing business risk, quality, security and disputes.
  • Improving internal processes and service delivery.

Who we share personal data with

We may share personal data with:

We do not sell personal data.

  • Clients and their authorised representatives.
  • Public registries, official filing portals or professional platforms where necessary for agreed work.
  • IT, hosting, email, cloud storage and software providers.
  • Banks, payment providers, accountants and bookkeeping providers.
  • Professional advisers, insurers or legal representatives where needed.
  • Authorities, regulators or courts where required by law.

International transfers

Some service providers may process data outside the United Kingdom or the European Economic Area.

Where this happens, we aim to use providers and safeguards that are appropriate for the transfer, such as adequacy regulations, standard contractual clauses or other lawful transfer mechanisms.

How long we keep personal data

We keep personal data only for as long as reasonably necessary.

Typical retention periods are:

  • Enquiries that do not become client work: up to 2 years.
  • Client files, project records and correspondence: normally up to 6 years after the end of the client relationship or the relevant matter.
  • Invoices, accounting and tax records: normally at least 6 years from the end of the relevant financial year.
  • Legal or dispute-related records: as long as necessary to protect rights or respond to claims.

Some records may be kept for longer where required by law, where a matter remains active, or where the information is needed for legitimate business, legal or compliance reasons.

Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration.

No email, website or digital system can be guaranteed to be completely secure. Please avoid sending highly sensitive information unless it is necessary for the agreed work and appropriate safeguards have been discussed.

Your rights

Depending on the circumstances, you may have the right to:

These rights are not absolute and may depend on the lawful basis, the nature of the data and any legal or contractual obligations.

To exercise your rights, contact:

  • Access your personal data.
  • Ask for inaccurate data to be corrected.
  • Ask for data to be erased.
  • Restrict how data is used.
  • Object to processing based on legitimate interests.
  • Receive a copy of data in a portable format.
  • Withdraw consent where processing is based on consent.

info@essentialgovernance.co.uk

Complaints

If you have concerns about how we use personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office.

Changes to this notice

We may update this privacy notice from time to time. The latest version will be published on this page.