DATA PROTECTION NOTICE (UK GDPR)
Last updated: 20/01/2026
1. Who we are (Data Controller)
Business Concierge MRUKWA Ltd (“we”, “us”, “our”) is the Data Controller for personal data collected via this website and in the course of providing our services (business documentation preparation, forecasting support and related consultancy).
Registered office / correspondence:
Business Concierge MRUKWA Ltd
5 South Charlotte Street, Edinburgh, Scotland, EH2 4AN, United Kingdom
ICO registration number: ZA644197
Contact for data protection queries:
Email: info@mybusinessplan.co.uk
Phone: +44 07908755169
2. What this notice covers
This notice explains how we collect, use, share and protect your personal data when you:
- visit our website,
- submit an enquiry or form,
- purchase or receive our services,
- communicate with us (email, phone, video calls, messaging).
3. The personal data we collect
We may collect the following categories of personal data:
A) Identity & contact data
- name, business name, address, email, phone number, role/title.
B) Service-related data you provide
- business background information,
- financial information and assumptions needed to prepare forecasts (e.g., revenues, costs, pricing, funding need, timelines),
- documents you share (e.g., CV, contracts, invoices, bank statements, pitch decks, IDs where relevant).
C) Communications data
- emails, call notes, meeting notes, messages and feedback.
D) Website/technical data
- IP address, device and browser type, pages visited, approximate location, cookies (see Cookies section).
Important: We do not require you to provide more data than is reasonably necessary to deliver the service you request. If you choose not to provide certain information, we may be unable to provide some or all services.
4. Special category data
We do not intentionally collect special category data (e.g., health, biometrics, political opinions). If you provide it to us, we will process it only where necessary and with appropriate safeguards.
5. How and why we use your data (purposes)
We use your personal data to:
- respond to enquiries and provide quotations,
- deliver contracted services (e.g., business plan drafting, forecast modelling, document review, narrative and evidence alignment),
- manage our relationship with you (meetings, updates, support),
- issue invoices, collect payments and maintain accounting records,
- maintain internal records and quality control,
- protect our business (prevent fraud, secure our systems, enforce contracts),
- meet legal obligations (tax, accounting, record-keeping),
- send service-related communications (not marketing) such as confirmations, schedules, document requests and delivery updates.
Marketing:
We will only send you marketing communications by email/SMS where you have provided consent, or where permitted by law for existing customers (and you have not opted out). You can unsubscribe at any time using the link in our messages or by contacting us.
6. Lawful bases for processing (UK GDPR)
We process your data under the following lawful bases:
- Contract: where processing is necessary to provide our services or take steps before entering into a contract.
- Legitimate interests: to run our business efficiently, respond to enquiries, improve services, secure systems, and enforce contractual rights (balanced against your rights).
- Legal obligation: to comply with UK legal requirements (e.g., HMRC and accounting obligations).
- Consent: for marketing communications (where required), and where we rely on consent for specific optional processing.
7. Sharing your data (who we share with)
We may share personal data with:
A) Service providers (processors)
- IT and hosting providers, cloud storage, email systems, document tools, accounting software, payment processors, scheduling/meeting platforms.
They process data only on our instructions and under contractual confidentiality and security obligations.
B) Professional advisers
- accountants, solicitors or insurers where necessary for business operations, compliance or dispute resolution.
C) Third parties you nominate (only on your instruction)
If you explicitly instruct us, we may share documents we prepare (e.g., business plan, forecasts, supporting pack) with third-party funders, lenders, grant bodies, investors or professional advisers that you nominate.
We do not select or recommend specific lenders or financial products, we do not broker or arrange regulated credit, and we do not act as an intermediary in arranging regulated credit agreements.
D) Legal/regulatory disclosures
We may disclose data if required by law, court order, or to protect legal rights.
8. International transfers
Some of our suppliers may process data outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place (such as UK adequacy regulations or approved contractual clauses) and that the transfer complies with UK GDPR.
9. How long we keep your data (retention)
We keep personal data only for as long as necessary for the purposes described above, including legal and accounting requirements. Typical retention periods include:
- Enquiries that do not become clients: up to 12 months.
- Client project files and core correspondence: up to 7 years after completion (to support contractual, accounting and legal needs).
- Financial/accounting records: as required by UK tax and accounting obligations.
We may retain data longer if required to establish, exercise or defend legal claims.
10. Your rights under UK GDPR
You have the right to:
- access your personal data,
- request correction of inaccurate data,
- request deletion (where applicable),
- object to processing (including direct marketing),
- request restriction of processing,
- data portability (where applicable),
- withdraw consent at any time (where processing is based on consent).
To exercise your rights, contact us using the details above. We may need to verify your identity before responding.
11. Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or loss. Access to client data is limited to those who need it to provide services.
12. Cookies and website analytics
Our website may use cookies and similar technologies to:
- enable core functionality,
- understand website usage and improve performance,
- remember preferences.
You can manage cookies through your browser settings and, where implemented, our cookie banner/preferences tool. Disabling some cookies may affect website functionality.
13. Third-party links
Our website may include links to third-party websites. We are not responsible for their privacy practices. Please review their privacy notices before providing personal data.
14. Complaints
If you are unhappy with how we handle your data, please contact us first so we can address your concern.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
15. Updates to this notice
We may update this notice from time to time. The latest version will always be posted on this page with the “Last updated” date.
CONSENT / ACKNOWLEDGEMENT (optional form wording)
By submitting your information, you confirm that you have read and understood this Data Protection Notice.
Marketing consent (optional checkbox wording):
