Privacy Policy

This privacy policy sets out how Mitchell Oswald Limited (“Mitchell Oswald”, “we” or “our”) look after your personal data and explains the rights you have in respect of the personal data that we hold.

For the purposes of the General Data Protection Regulations (“GDPR”) Mitchell Oswald Limited, 28 James Young Road, Bathgate, EH48 2UP is the data controller.

We have a data protection officer who can answer any questions that you have in respect of our privacy policy. Any requests to exercise your legal rights in respect of your personal data should be directed to the data protection officer.

Our data protection officer can be contacted at

What personal data do we collect

We collect, use, process and store the information you provide to us to enable us to discharge the Services (as defined in our Letter of Engagement).

We use cookies to collect data when you visit our website. More details on our use of cookies can be found in our Cookies Policy.

When you log into our client portal you provide us with limited personal information such as your name, email address and IP address to allow us to provide you with an individual profile which enables us to share information with you via the client portal. You can update these details by logging into the portal and editing your profile.

How do we use your personal data

Non-logged in visitors to the website

We only use the anonymised data collected via cookies and Google analytics to monitor the use of the website and improve the user experience.


We will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement, as we have identified above.  We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

To undertake money laundering checks, we may receive personal data from you, such as a copy of your passport.  This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.

As part of our engagement with you we may be required to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf.  However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We send regular technical updates and newsletters to clients. Clients can choose to stop receiving these emails by contacting us.

We will never share your information for marketing purposes with companies so that they may offer you their products and services.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We will not send personal data (other than your email address) by insecure or unencrypted forms of communication. This information will be available via our client portal which uses an encrypted connection using 256 bit encryption on SSL.

If you choose to communicate with us using an insecure or unencrypted form of communication we cannot guarantee the security of the information you send to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

If you believe that your account has been compromised, you should inform us immediately.

How long will we retain your information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or regulatory requirements.

Our regulator requires us to retain information for a certain period of time, depending on the Services we provide to you.  If you require more information please contact our Data Protection Officer.

If you cease to be a client we will delete your profile and all personal information held by us on our client portal.  As noted above, we will still be required to keep certain information for regulatory and legal reasons.

We will review the personal information that we hold on an annual basis to ensure that it is accurate.  We ask that you inform us of changes to your personal information.

The retention of data collected on visitors to our website via cookies and analytics is set out in our cookie policy.

Your legal rights under GDPR

You have legal rights over how your personal data is collected, used and stored.

These legal rights are as follows;-

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

Please contact our data protection officer ( should you wish to exercise any of these legal rights. There is no charge in respect of legitimate requests to access data.

In order to process any such request, we may require additional information from you to confirm your identity.

We will respond to all requests within 28 days.

Transferring data to outside of the EU

Where it is necessary for us to transfer data to outside of the EU we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.

If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted here.

This policy was last updated on 4 May 2018.

© 2013 – 2021 Mitchell Oswald Limited | Cookie policy | Legal notice | Privacy Policy