How we handle your data.
This policy explains what personal data Compare The Firm collects from people who use the site, why we collect it, who we share it with, and the rights you have under UK GDPR. We have written it in plain English. If anything is unclear, email Contact@comparethefirm.co.uk.
1. Who we are
Compare The Firm is a trading name of AP Media Lab Ltd, a company registered in England and Wales.
- Registered company number: TODO companies-house-number
- Registered office: TODO registered-address
- Contact: Contact@comparethefirm.co.uk
For the purposes of UK GDPR, AP Media Lab Ltd is the data controller for personal data collected through this site. We are not a regulated financial or legal adviser; we operate an introduction service that matches UK buyers (individuals and businesses) to accountancy and legal firms.
2. What personal data we collect
We collect only what we need to run the service and meet our legal obligations:
| Category | Examples | How it reaches us |
|---|---|---|
| Profile data | Sector, business size, services required, urgency, budget band, location. | You submit it through the match questionnaire. |
| Contact data | Full name, email address, telephone number, company name. | You submit it on the final step of the questionnaire. |
| Technical data | IP address, device type, browser, referring URL, pages viewed. | Automatically logged by our hosting (Vercel) and analytics tools. |
| Marketing preferences | Whether you have opted in to newsletter or product updates. | You opt in via the questionnaire or a separate sign-up form. |
| Firm-side data | Acceptance rate, response time, client feedback you give us about a firm. | Generated as part of using the platform. |
We do not ask for and do not store bank details, accounting records, tax returns, or other financial documents. Those move directly between you and the firm once you choose to engage them.
3. Why we use it and our lawful basis
Under UK GDPR we must have a lawful basis for each purpose we process personal data. Ours are:
| Purpose | Lawful basis |
|---|---|
| Matching you to up to three firms and sending your profile to them. | Consent (Article 6(1)(a)). You tick the consent box on the final step. You can withdraw at any time. |
| Sending transactional emails (match confirmation, quote summaries, account-related notices). | Legitimate interests (Article 6(1)(f)). These messages are necessary to deliver the service you requested. |
| Sending newsletter and product-update marketing emails. | Consent (Article 6(1)(a)). You can unsubscribe in one click from any such email. |
| Aggregated, anonymised analytics to improve the platform. | Legitimate interests (Article 6(1)(f)). |
| Identifiable analytics (Google Analytics 4) and marketing cookies. | Consent via the cookie banner (PECR regulation 6). Off by default. |
| Preventing fraud, debug, security incident response, complaint handling. | Legitimate interests (Article 6(1)(f)) and where applicable legal obligation (Article 6(1)(c)). |
4. Who we share your data with
We share personal data only with these categories of recipient:
- Matched firms. Once you tick the consent box on the final step of the questionnaire, your quiz answers and contact details are sent to up to three vetted firms that fit your profile. Each receives the same data set.
- Processors who act only on our instructions. Our hosting (Vercel Inc.), email infrastructure, analytics tools, and customer-support platforms. Each is contractually bound by UK GDPR Article 28 obligations.
- Authorities if we are legally required to disclose data (for example, in response to a valid court order or regulator notice).
- A buyer of the business. If AP Media Lab Ltd or the Compare The Firm service is sold, personal data may transfer to the new owner under the same protections in this policy.
We do not sell your personal data. We do not pass your details to firms outside the three you are matched with, and we do not pass them to firms at all unless you have ticked the consent box.
5. International transfers
Most of our processors are in the UK or European Economic Area. Where data is transferred outside the UK or EEA (for example, to Google or Vercel infrastructure in the United States), we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other safeguards approved by the ICO.
6. How long we keep your data
- Quiz answers and contact details: 24 months from your last interaction, then deleted or anonymised. This window lets us re-match you if your first three firms do not work out.
- Marketing consent records and emails sent: kept for as long as you remain subscribed, plus 24 months after unsubscribe to evidence consent history if challenged.
- Technical logs: 90 days.
- Accounting and tax records: 6 years from the end of the relevant financial year, as required by HMRC.
7. Your rights
Under UK GDPR you have the right to:
- Ask what personal data we hold about you (right of access).
- Have inaccurate data corrected (right to rectification).
- Have your data deleted when we no longer need it (right to erasure).
- Restrict processing while a dispute about accuracy or lawfulness is resolved (right to restriction).
- Receive a copy of the data you gave us in a structured, machine-readable format (right to portability).
- Object to processing based on legitimate interests, including for direct marketing (right to object).
- Withdraw consent at any time. Withdrawal does not affect processing done before withdrawal.
- Complain to the Information Commissioner's Office (ICO). Their helpline is 0303 123 1113 and their website is ico.org.uk.
To exercise any of these rights, email Contact@comparethefirm.co.uk. We respond within one calendar month, free of charge, unless your request is manifestly unfounded or excessive.
8. Cookies and similar technologies
We use a small number of cookies, all categorised and explained in our cookie policy. Non-essential cookies are off by default and only set after you give consent in the cookie banner. You can change your choices at any time using the link.
9. Children
The service is intended for adults in the UK, whether acting in their own personal capacity or on behalf of a UK business. We do not knowingly process personal data of anyone under 18. If you believe we have, email us and we will delete it.
10. Security
We use industry-standard technical and organisational measures to protect personal data, including TLS encryption in transit, access controls, and regular review of processor security. No system is perfectly secure, so we cannot guarantee absolute protection, but we treat any incident seriously and will notify you and the ICO where required by law.
11. Changes to this policy
We update this policy when our processing changes. Material changes are announced on the site and, where appropriate, by email. The "last updated" date at the top of this page always reflects the latest version. Earlier versions are available on request.
12. Contact and complaints
If you have a question or a complaint about how we handle your data, email Contact@comparethefirm.co.uk first. We aim to resolve concerns inside 14 days. If you are not satisfied with our response, you can complain to the ICO at ico.org.uk/make-a-complaint.