Anguilla
Cyprus
France
Latvia
Norway
South
India
Austria
Czech
Finland
Lithuania
Poland
Sweden
Israel
Australian
Costa Rica
Germany
Malta
Portugal
Spain
Scotland
Belgium
California
Greece
Nevada
Russia
Switzerland
Middle East African
Bulgaria
Delaware
Hungary
Netherlands
Seychelles
Turkey
Pakistan
BVI
Denmark
Italy
New Zealand
Slovakia
Ukraine
Croatia
Estonia
Ireland
New York
Slovenia
West Indies
Context and overview
Introduction
Universal Company Incorporations Ltd – a holding company which encompasses the following websites: Open A European Company.com, Start An American Company.com, Open A Dubai Company.com, Start an Australian Company.com, Open A German Company.com, Open An Italian Company.com and Readymade Companies Worldwide.com – needs to gather and use certain information about individuals and companies.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the European Union (EU) General Data Protection Regulation (GDPR).
Why this policy exists
This data protection policy ensures Universal Company Incorporations Ltd:
Data protection law
The GDPR describes how organisations – including Universal Company Incorporations Ltd. – must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The GDPR is underpinned by eight important principles. These say that personal data must:
People, risks and responsibilities
Policy scope
This policy applies to:
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
Data Protection Risks
This policy helps to protect Universal Company Incorporations Ltd from some very real data security risks, including:
Responsibilities
Each time that Universal Company Incorporations Ltd handles personal data, it must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
General staff guidelines
Data Storage
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data retention
As per our Due Diligence policy, data from our clients will be kept according to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
Our role and responsibilities in relation to this data are clarified during the application process and application form. Data held for marketing purposes (e.g. through email newsletter signup) is held indefinitely.
Subject access requests (see below) can be made to receive a copy of this data and request its deletion by revoking previously held permission. UCI Ltd may be legally obligated to retain this data based upon The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and other related legislation.
Data Use
Personal data is of no value to Universal Company Incorporations Ltd unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
The more important it is that the personal data is accurate, the greater the effort Universal Company Incorporations Ltd. should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
Subject access requests
All individuals who are the subject of personal data held by Universal Company Incorporations Ltd are entitled to:
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller at heather@uci-ltd.com.
Individuals will not be charged per subject access request unless UCI Ltd can provide evidence of a significant administrative burden posed by the request. The data controller will aim to provide relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.
Disclosing data for other reasons
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, Universal Company Incorporations Ltd. will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers as appropriate.
Providing information
Universal Company Incorporations Ltd. aims to ensure that individuals are aware that their data is being processed, and that they understand:
The above privacy statement lays out all of these responsibilities, and sets out how data relating to individuals is used by the company. We also provide a short form version of this policy for immediate access on all forms which require the submission of personal data.