Privacy Policy

Last updated: 1at April 2026

This Privacy Notice explains how Ghost Mail Limited collects, uses, stores, and shares personal data when you use our websites, buy our services, contact us, or otherwise deal with us.

1. Who We Are

Ghost Mail Limited is the controller of the personal data covered by this Privacy Notice.

Company name: Ghost Mail Limited
Company number: 11432238
Registered office: 61 Bridge Street, Kington, Herefordshire, HR5 3DJ
Contact email: customerservice@ghostmail.co.uk
ICO registration number: ZA507548

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • name, title, date of birth, nationality, and contact details;
  • billing address, forwarding address, delivery details, and other account details;
  • company details, director details, PSC details, beneficial ownership details, and related Companies House information;
  • identity verification data, including copies of ID documents, selfies, video selfies, biometric checks, liveness checks, and verification results;
  • proof of address and supporting compliance documents;
  • payment and transaction details;
  • communications with us by email, telephone, website form, or other means;
  • mail-handling instructions, forwarding preferences, and service usage information;
  • call records, voicemail, and message records where telephone or call answering services are used;
  • technical and website information, including IP address, browser type, device information, and cookie-related data where applicable; and
  • any other information you provide to us or that we reasonably require to provide services, verify identity, carry out compliance checks, or comply with legal obligations.

3. How We Collect Personal Data

We may collect personal data:

  • directly from you when you place an order, complete forms, upload documents, contact us, or use our services;
  • from your company, agent, accountant, adviser, or authorised representative;
  • from Companies House and other public registers or publicly available sources;
  • from identity verification and compliance providers, including TrustID and similar providers;
  • from payment processors, banks, postal operators, couriers, telecoms providers, and other service providers; and
  • through our websites and systems, including cookies and similar technologies where used.

4. Why We Use Personal Data

We use personal data to:

  • provide and manage our services;
  • create and administer customer accounts;
  • verify identity and carry out anti-money laundering, sanctions, fraud, and risk checks;
  • comply with Companies House identity verification standards and our obligations as an Authorised Corporate Service Provider (ACSP);
  • process payments and refunds, where applicable;
  • handle mail, forwarding, scanning, storage, collections, telephone services, and related operational services;
  • communicate with you about your account, services, invoices, compliance matters, and support requests;
  • protect our addresses, systems, staff, business, and premises from misuse or fraud;
  • recover debts and enforce our contractual rights;
  • make, support, or respond to filings, objections, corrective applications, or legal processes;
  • comply with legal, regulatory, tax, audit, and reporting requirements; and
  • improve our services, systems, website security, and internal administration.

5. Our Lawful Bases for Processing

Depending on the circumstances, we process personal data because:

  • it is necessary to perform a contract with you or take steps before entering into a contract;
  • it is necessary to comply with legal obligations, including anti-money laundering, Companies House, tax, accounting, and law enforcement obligations;
  • it is necessary for our legitimate interests, including running our business, protecting our addresses, recovering debts, preventing misuse, ensuring security, and defending legal claims; and
  • you have given consent, where consent is the correct lawful basis.

6. Special Category Data and Biometric / Identity Data

Where identity verification is required, we may process document images, selfies, video selfies, biometric matching outputs, liveness checks, and related verification results. We do this only where reasonably necessary for identity verification, fraud prevention, anti-money laundering compliance, Companies House compliance, and related legal or regulatory obligations.

Such checks may be carried out by TrustID or another approved digital identity, screening, or compliance provider acting on our behalf or as an independent controller where applicable.

7. TrustID and Similar Verification Providers

We use TrustID and may use similar digital identity, screening, and verification providers to help us:

  • verify identity documents;
  • perform liveness and biometric checks;
  • screen against sanctions and PEP databases;
  • check proof of address and identity consistency;
  • meet our anti-money laundering and ACSP obligations; and
  • maintain audit trails and verification records.

Where you use a TrustID link or similar verification tool provided in connection with our services, your information may be processed by that provider in accordance with its own privacy information as well as this notice.

8. Who We Share Personal Data With

We may share personal data with:

  • identity verification and compliance providers, including TrustID and similar providers;
  • payment processors, banks, and fraud-prevention providers;
  • postal operators, couriers, telecoms providers, and website/hosting providers;
  • software providers, IT support providers, and cloud service providers;
  • accountants, auditors, insurers, legal advisers, and debt recovery providers;
  • Companies House, HMRC, the ICO, law enforcement, courts, regulators, and other authorities where required or reasonably necessary; and
  • other parties where you ask us to share information or where sharing is necessary to provide the service you have requested.

We do not sell client lists.

9. International Transfers

Some service providers may process personal data outside the United Kingdom. Where this happens, we will take reasonable steps to ensure appropriate safeguards are in place in accordance with applicable data protection law.

10. Retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, or as required by law.

Retention periods may vary depending on the type of data and the purpose for which it is used. For example:

  • customer account and transaction data may be retained for accounting, tax, and contractual purposes;
  • identity verification and anti-money laundering records may be retained for the period required by law, including at least the minimum AML retention period where applicable;
  • some records may be kept longer where reasonably necessary for legal claims, complaints, fraud prevention, corrective filings, or regulatory purposes.

11. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

However, no system or transmission of data over the internet can be guaranteed to be completely secure.

12. Your Rights

Depending on the circumstances, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete personal data;
  • request erasure of personal data;
  • request restriction of processing;
  • object to processing;
  • request portability of data; and
  • withdraw consent where consent is the lawful basis relied upon.

These rights are not absolute and may be limited where legal exemptions apply.

13. Complaints

If you have concerns about how we handle personal data, please contact us first.

You also have the right to complain to the Information Commissioner’s Office (ICO).

14. Cookies and Website Technologies

Our websites may use cookies and similar technologies for site operation, security, analytics, and payment or checkout functionality.

Where required by law, we will seek consent for non-essential cookies.

15. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. The latest version will be published on our website.

16. Contact Us

If you have any privacy-related questions or wish to exercise your rights, please contact:

Ghost Mail Limited
61 Bridge Street
Kington
Herefordshire
HR5 3DJ
Email: privacy@ghostmail.co.uk