Privacy may seem an odd thing to cover in a guide about setting up a limited company, but it touches on many aspects of running your company from the very start.
Privacy is a hot topic: it’s discussed on a daily basis in the media and it’s one of the most important aspects to protect when running a business. Your privacy and that of your clients should be at the forefront of your mind. Data protection can be a complex area, but with a few prudent protective measures, you can ensure that data is handled properly and securely.
How to protect your privacy
Registered office
Even though many contractors and freelancers work on site with clients, the majority use their home as their place of business. This poses an issue of privacy. Do you want your home address linked with your company in the public domain? Many contractors and freelancers opt to use their home address as their registered office, but some choose to pay for a registered office address service. It is a choice that every new limited company start-up must make.
Directors’ and officers’ addresses are held by Companies House, but are not available in the public domain, hence the ability to protect the use of your home address in connection with your company. However, your registered office details are firmly in the public domain: they appear on all official correspondence; they must be present on all letters, invoices and contracts; plus they are available on all company entries held with Companies House and other bodies.
If you want additional privacy or if you cannot register your company at home, a registered office service is invaluable. This is a service most accountants offer for a nominal fee which covers managing your statutory obligations such as maintaining registers and notifying Companies House of any changes. As well as safeguarding your privacy by preventing your residential address appearing on the Companies House company register, it can overcome residential property rental agreements or deeds that prevent the use of the property for business purposes. A registered office service can’t be used as a trading address and doesn’t usually include mail forwarding.
When selecting your accountant, you should ask them if they provide the following as a part of their registered office service:
- Processing of all your statutory mail including correspondence from HMRC, Companies House and Government Gateway
- Amendments to statutory records including updates to officers of the company, shareholdings and the accounting reference date
- Filing of your confirmation statement (inclusive of filing fee)
Other ways to protect your privacy
One of the best ways to separate your personal privacy is to have a dedicated phone number for your business. It’s not a legal requirement, but having a separate line for work enables you to protect your privacy. Whether it is a landline or mobile, a dedicated line means you can turn it off when required. All business-related calls are routed to it and it means that your personal numbers can be protected by being ex-directory and covered by the Telephone Preference Service. It’s a simple and cost-effective measure that can afford much needed separation between your home and work life.
It is also worth noting that you do not need to display your registered address on promotional materials: the majority of business communication is carried out over email and the phone; postal addresses tend to be reserved for official correspondence, so ensure that you promote your preferred business contact details where you can.
Personal housekeeping
When you set up your own company, it is worth taking an hour or so to ensure that any personal details that you wish to remain private are protected. There’s a checklist below as a starting point.
- Don’t use personal email addresses or phone numbers in connection with your company. It may not be possible to avoid in the start-up process, but don’t use them to communicate with potential clients or in any promotional materials.
- Go ex-directory. If you are going to use your home address as your registered address, you may want to go ex-directory for the home landline to deter business callers from using your personal numbers to get hold of you.
- Think about your public persona – do you use Twitter, Facebook or LinkedIn? It’s worth taking the time to review all the social media platforms you use and what information is held on them in the public domain. Keep your public and private life separate by setting up separate accounts and limiting what information is freely available. The most savvy business owners see themselves as always on duty when it comes to making comments in public.
- Consider the consequences each and every time you put something out there connected with your name or that of your company. It may seem innocuous, but even your reviews of purchases can show up in search results: are you sure that you want everyone to be able to see them?
- Google yourself. Yes, it may seem a little self-centred but it’s a great exercise to do to see what’s out in the public domain already. That way you can sort out any potentially embarrassing information before it becomes a problem.
Protecting the privacy and data of others
Many contractors and freelancers are confused or even unaware that they have a legal responsibility and a duty of care towards any data that they store, process and use in the course of running their business.
There are simple guides on all the key aspects of data protection on the Information Commissioner’s website. There is a breakdown of the responsibilities plus examples to show how the Data Protection Act works in practice.
Registering with the Information Commissioner’s Office
Under GDPR, all organisations (companies and sole traders) that process personal information need to register as a data controller with the Information Commissioner’s Office, unless they are exempt. It is a very simple process and costs £35 per year. There is a simple online self-assessment that deems whether you need to register as a data controller or if you are exempt, you can find it here.
GDPR for contractors and consultants
It is important to understand the basic principles of data protection and to ensure that you comply with the law. If you handle personal information relating to individuals then you have legal responsibilities under GDPR.
Handling data responsibly is not an onerous task; essentially you need to ensure that the data you hold is:
- appropriate – only hold the data that you need to perform the business tasks and only for as long as you need it.
- secure – it should be kept safe, in secure locations or protected electronic files to ensure that unauthorised access is prevented.
- captured with the permission of the data subject – you need to ensure that you have permission from the individual to collect the data from them for the intended use.
By following the guidance on http://www.ico.org.uk you can ensure that you are compliant with the law. If you process a lot of data, it is also worthwhile consulting a data protection expert for advice. This can include drafting policy statements, opt in and opt out statements for data collection and general privacy terms and conditions that you can use on any promotional materials or where you collect data, such as your website. As with hiring any professional, ensure that they are appropriately qualified.
PSC register
All companies must keep a register of people with significant control (PSC).
You’ll need to include the following information: name, date of birth, nationality, residential address and service address. You’ll also need to include the date when they became a PSC and how they are a PSC (e.g. they hold more than 25% of your company’s shares).
Remember, people are entitled to see your register but you must make sure you don’t share the residential addresses of your PSC.
Where an individual can show that they are at risk of intimidation or violence because of their connection with a certain company, they can apply to have their full details suppressed. In these cases the PSC register will include a statement that a PSC exists but their details are not available. The individual will need to make an application for protection, which will be assessed. An individual will only be granted protection if they’re able to show that there is a real risk of violence or intimidation (e.g. their company is the target of activists).