1. Mesoform Ltd

1.1.  This privacy notice (the “Privacy Notice”) applies to all personal information processing activities carried out by Mesoform Limited (“MESOFORM”).

1.2.  MESOFORM is a data controller in respect of personal information that we process in connection with our business and in order to provide you with our services. In this notice, references to “we”, “us” or “our” are references to MESOFORM.

1.3.  Our principal address is 4 Wulfstan St London W12 0AH and our contact details can be located at

1.4.  We respect individuals’ rights to privacy and to the protection of personal information. The purpose of these Special Conditions is, in part, to explain how we collect, store, use and share your personal information in connection with our business.

1.5.  “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). We may update our Privacy Notice from time to time and will inform you usually by writing or by publishing updated content on our website.

2. The Information We Process

2.1.  We may collect and process various categories of personal information at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal information may include:

  (a)  basic personal information, including name and address, date of birth and contact details;

  (b)  organisation or business name and address;

  (c)  financial information including invoice and billing details;

  (d)  identification documents to verify your identity, visual images and personal appearance (such as copies of passports);

  (e)  information relating to the matter in which you are seeking our advice or representation;

  (f)  your employment status and details (including your salary, benefits and pension arrangements) and employment records if you instruct us on an employment-related issue or where such information is relevant to the matters on which you seek our services; and

  (g)  online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your Internet Protocol (IP) address.

2.2.  We may also process certain special categories of information for specific and limited purposes such as your racial or ethnic origin, or religious beliefs or health if this information is relevant to your legal issue(s) or claim. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided).

2.3.  Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data with law enforcement and regulatory bodies.

3. How We Obtain Information

3.1.  In the provision of our services, it is likely that information will be provided by you. Your information is made up of all the personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. However, from time to time and depending on the nature of our engagement, information may be collected via another party. Such information will only be processed in order to provide our services or where applicable for the purpose of complying with our professional obligations, Court orders, co-operation with investigations by the Information Commissioner’s Office or any other statutory regulator. Personal information held about you may include therefore:

  (a)  information you give to us;

  (b)  information that we receive from third parties – including third parties who provide services to you or us;

  (c)  information that we learn about you through our relationship with you;

  (d)  information that we gather from the technology which you use to access our services (for example an IP address or telephone number); and

  (e)  information that we gather from publicly available sources, such as the press, Companies House, HM Land Registry and online search engines.

4. Your Rights

4.1.  Under the General Data Protection Regulation, individuals (or ‘data subjects’) have a number of important rights regarding their personal information. In summary, these rights are as follows and include the right to:

  (a)  Request access to personal information;

  (b)  Request that inaccurate information is corrected;

  (c)  Request that processing of personal information is restricted;

  (d)  Request the personal information you provided to us in a portable format;

  (e)  Request that personal information that we hold is erased in certain circumstances;

  (f)  Object to the processing of personal information or the continued processing of personal information;

  (g)  Request not to be subject to automated decision making which produces legal effects that concern or affect data subjects in a significantly similar way.

4.2.  Further information regarding rights under the General Data Protection Regulation can be found by visiting These rights are subject to the conditions and restrictions set out in the General Data Protection Regulation and the Data Protection Act 2018.

4.3.  Should you wish to make a request to exercise any of the above rights you should contact us at When contacting us, please ensure that you provide relevant information to allow us to identify you and state the right or rights that wish to exercise. We may need to contact you to request further information to verify your identity. We will respond to you within one month from when we receive a valid request.

5. Sharing with Third Parties

5.1.  We will not share your information with anyone outside MESOFORM except and as necessary:

  (a)  where we have your permission;

  (b)  where required to provide our services for example with 3rd parties such as professional advisors who we instruct on your behalf or refer you to such as barristers, medical professionals, accountants, tax advisors or other experts;

  (c)  where necessary to carry out your instructions e.g. HM Land Registry or Companies House;

  (d)  where we provide our services with 3rd parties acting as agents or sub-contractors acting on our behalf such as typing and copying services;

  (e)  where we need to enforce our contractual rights;

  (f)  where we are under a legal or regulatory duty to do so;

  (g)  where we are required to lawfully assist the police or security services with prevention and detection of crime;

  (h)  where disclosure is necessary to protect the safety or security of any person(s);

  (i)  where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business; or

  (j)  where otherwise permitted by law, it is necessary for our legitimate interests or those of a third party and it is not inconsistent with the purposes listed above.

5.2.  We will not share your information with third parties for their own marketing purposes without your permission.

6. Transferring Information Overseas

MESOFORM does not transfer data outside of the European Economic Area (EEA) in general. There may however be a requirement from time to time to transfer some or all of your personal data outside of the EEA if so required in order to progress to provide our services e.g. if you are based outside the EEA or where there is an international dimension to the matter on which we are advising you. Where this happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is afforded the same or similar safeguards and processes that we undertake within the EEA.

7. Promotional Communications

MESOFORM may engage in promotional communication with you via email, social media and other digital platforms. We may therefore collect your name, address, email address, name of your organisation (if applicable) and telephone number. Any personal data you provide to use will only be used to provide information about our services, or new services or legal developments. We will not use your data for purposes which are not clear when you provide your details. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us at

8. How Long We Keep Your Information

8.1.  MESOFORM will keep your personal data after we have finished our contract with you. We will do so for one of these reasons:

  (a)  To respond to any questions, complaints or claims made by you or on your behalf;

  (b)  To show that we treated you fairly;

  (c)  To keep records required by law.

8.2.  MESOFORM will retain personal information for no longer than is reasonably necessary for the provision of its services and personal information will not be retained indefinitely or for reasons incompatible with relevant data protection legislation including the General Data Protection Regulation and the requirements of other regulatory bodies.

8.3.  Different retention periods apply for different types of data. Our standard retention period for personal information provided to us for the purpose of providing our services is depending on the between 7 and 12 years (from the completion of the work and services) at which point the data will be securely deleted or destroyed unless the work remains outstanding in some material respect after that period has expired. For agreements made by Deed, details need to be retained for 12 years for legal reasons.

9. Security

9.1.  MESOFORM takes the security of personal information seriously and it has appropriate measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed by those individuals authorised to do so and where there is a legitimate need to access the data.

9.2.  Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by MESOFORM and in line with its obligations under data protection legislation including the General Data Protection Regulation.

10. Assurances from You as our Client/Customer

10.1.  This paragraph 10 shall apply unless you have provided us with information in writing to the contrary and we have acknowledged the same as having been brough to our attention.

10.2.  Part of the services provided by MESOFORM includes allowing clients to store data in the cloud as a backup facility. To achieve this MESOFORM operates a cloud-based platform as a re-seller from providers such as Google, AWS, Azure or any other public or private Cloud Service. Software is installed to the client’s platform by MESOFORM which allows the client to place data on the cloud platform. In providing these services MESOFORM is a data processor and not a data controller. You agree that you are the data controller in that context.

10.3.  You are informed that MESOFORM may test the data on the cloud platform and that it will access the data to test user details and periodically test user data

10.4.  In relation to the data provided to us by you, it is agreed:

  (a)  Any processing of data by us will only be conducted during the period of the Services identified in the Service Agreement

  (b)  We shall keep the data confidential subject to the rights of the data subjects and any order of any competent court or tribunal

  (c)  Details of the security measure applicable to the data will be available on request. We shall take appropriate technical and security measure to allow the Customer to process requests from data subjects to exercise their rights

  (d)  We will not use sub-processors without your approval

  (e)  At the conclusion of the period covered by the Service Agreement we will no longer be able to access the data and shall take no responsibility therefor. At the choice of the Customer the data will either be deleted or returned to the Customer

  (f)  We shall only process data on the instructions of the Customer or the data subject (where permitted) or on the order of the Court. You, the Customer, have the overall responsibility for the processing of data and giving instructions

  (g)  We shall assist you in keeping the data secure; notifying any breaches to the relevant authorities and to the data subjects; carrying out DPIAs when required; consulting the relevant authorise when a DPIA indicates a risk that cannot be mitigated.

  (h)  We will provide all reasonable assistance to comply with duly authorised audits and inspections

10.5.  You represent and warrant to us that

  (a)  The data uploaded by you or that you might ask us to upload on your behalf is not confidential, or personal sensitive information, or special categories of personal data (as referred to in GDPR) or any type of data that might require the consent of the data subject to be uploaded accessed monitored or tested

  (b)  All necessary consents have been obtained in writing by you from all relevant persons (including data subjects) to allow MESOFORM to perform the Services according to the terms of the Service Agreement with the Customer

  (c)  All such consents remain current and copies can be provided to MESOFORM on request

  (d)  No information has been or will be transferred from or to an area outside the EEA

  (e)  As data controller you will at all times comply with the principles of GDPR and you acknowledge that in providing the Services MESOFORM is relying on your due observance of GDPR at all times

10.6.  You indemnify MESOFORM, its servants and agents in respect of all liability that might be incurred by them in the event that you, the Customer, are in breach of the terms of this paragraph 10, including (without limitation) all fines, penalties loss of profit, pure economic loss, loss of reputation and all legal costs incurred in addressing any mater arising as a result of such breach. You will also indemnity us in respect of any claim by a data subject for breach of GDPR or for any damages or compensation payable due to any alleged infringement of the rights of a data subject

Schedule A - Purposes of Processing by Mesoform Limited

We will only use and share your information where it is necessary for us to carry out our lawful business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:


We may process your information where it is necessary to enter into a contract with you for the provision of our services or to perform our obligations under that contract.

Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide services to you.

(a)  provide and administer those services throughout your relationship with MESOFORM, including collecting and issuing all necessary documentation; executing your instructions; resolving any queries or discrepancies and administering any changes.

(b)  manage and maintain our relationships with you; and

(c)  communicate with you about services you receive from us.


When you engage our services (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:

(a)  confirm your identity and perform checks to comply with laws relating to money laundering;

(b)  share data with police, law enforcement, tax authorities or other agencies where we have a legal obligation and complying with production and court orders;

(c)  investigate and resolve complaints;

(d)  conduct investigations into alleged breaches of conduct by our employees;

(e)  disputes or litigation;

(f)  perform assessments for the purposes of managing, improving communications;

(g)  provide assurance that MESOFORM has effective processes to identify, manage, monitor and report the risks it is or might be exposed to;

(h)  investigate and report on incidents or emergencies on MESOFORM’s premises;

(i)  coordinate responses to business-disrupting incidents and to ensure facilities, systems and people are available to continue providing services.


We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.

(a)  We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our client, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:

  (i)  monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;

  (ii)  ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;

  (iii)  ensure network and information security, including for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;

  (iv)  perform general accounting and reporting;

  (v)  protect our legal rights and interests;

  (vi)  manage and monitor premises (for example with CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and

  (vii)  enable a sale, reorganisation, transfer or other transaction relating to our business.

(b)  It is in our interest as a business to ensure that we provide you with the most services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:

  (i)  identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;

  (ii)  send you relevant marketing information which we believe may be of interest to you;

  (iii)  understand our clients’ preferences, expectations and feedback in order to improve our services, develop new services, and to improve the relevance of services;

  (iv)  monitor the performance and effectiveness of our services and to provide staff training;

  (v)  perform analysis on any complaints for the purposes of preventing errors and rectifying any negative impacts.

About Mesoform

For more than two decades we have been implementing solutions to wasteful processes and inefficient systems in large organisations like TiscaliHSBC and HMRC, and impressing our cloud based IT Operations on well known brands, such as RIMSonySamsung and SiriusXM... Read more

Mesoform is proud to be a