Privacy Policy

Privacy Notice

This privacy notice explains how mXm Ltd (a company registered in England number 04103441) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.

Data controller

mXm Ltd is the data controller, this is because we make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at 13 Tonbridge Chambers Pembury Road, Tonbridge, Kent, United Kingdom, TN9 2HZ. Our telephone number is 01732 505282 or you can email

On what basis do we collect and process your data?

We process personal data for the purpose of providing contracted consultancy services to clients. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose. To allow us to engage with you to provide our services, we will collect and process personal data where it is necessary to negotiate and / or enable a contract for services to be put in place and subsequently to deliver that service. We may also process personal data where it is in our legitimate interest to do so. In doing this we are careful to do this in a way that does not outweigh your own rights and freedoms. Our legitimate interests are to fulfill your requirements to the best of our ability, maintain our client base and third party contacts.

We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.

This is the data we collect and the basis for doing so.

Purpose Data Type Data Collected Legal Basis
Provide required service Identity details Full name Contract (Article 6(1)(b)) GDPR
Provide required service Contact details Telephone number(s) Contract (Article 6(1)(b)) GDPR
Provide required service Contact details Email address Contract (Article 6(1)(b)) GDPR
Provide required service Identity details Signature Contract (Article 6(1)(b)) GDPR
Provide required service Identity details Job title Contract (Article 6(1)(b)) GDPR
Provide required service Contact details Address Contract (Article 6(1)(b)) GDPR


We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication.

The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, although some contact details may be obtained from third party referrals. Please see our Cookie Policy for information on the data collected by our website.

Some of the data we collect is deemed necessary to contractually deliver our service to you. If you do not provide this data, we will be unable to enter into an agreement with you.

Data recipients and data transfers

We do not sell any of your personal data to any third party. We do share your information with trusted associates who carry out contracted services on our behalf.  We use Microsoft 365 for email and storage of documents. We also transfer personal data to Dropbox, Hightail (opentext), Google Drive and WeTransfer for document storage and secure transfer of data.

Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, we will disclose your personal data in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Personal data in electronic form is held in UK, EU and US accredited data centres. If data must be transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through mechanisms such as standard contractual clauses as approved by the EU and UK’s Information Commissioner

Sensitive information

mXm Ltd does not process sensitive data as defined by Article 9 of the GDPR.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing activity described above. Personally Identifiable Information processed by us will be deleted in accordance with legal obligations and or our retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Full personal data of clients will be retained for a minimum of 3 years following the end of any commercial agreement. Personal data required for statutory reporting or HMRC audit purposes will be retained for 7 years.

Data Storage and Security

We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures such as strong passwords to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.

Only persons who need the information to fulfil their roles and responsibilities are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. mXm Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office  A full and detailed explanation of all rights can be found at

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office

Automated decision making

We do not use automated decision making to process personal data.

Third party websites

Our website may contain links to other websites. This privacy policy only applies to mXm Ltd., so if you follow a link to another website, you should read that organisation’s own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review, and we will place any updates on our website. This privacy policy was last updated in September 2020

How to contact us

You can write to us at this address:

mXm Ltd
13 Tonbridge Chambers
Pembury Road,
Kent, United Kingdom,

You can telephone us on this number: 01732505282

You can email us at

PM Society