Privacy Policy

Last updated: 17 April 2026

Introduction

Mystic Thread Benefits Advice Ltd is committed to protecting your privacy and handling your personal information responsibly. This policy explains how we collect, use, store, and protect the data you provide when using our services or visiting our website.

We are registered with the Information Commissioner's Office (ICO Registration Number ZB429817) and comply fully with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Who We Are

Mystic Thread Benefits Advice Ltd is the data controller responsible for your personal information. Our registered office is located at 142 Victoria Street, Bristol, BS1 6DL, United Kingdom.

For any questions about how we handle your data, you can contact us at [email protected].

Information We Collect

The type of information we collect depends on whether you're a client using our advisory services or simply a visitor to our website.

Information from Clients

When you engage our services, we collect information necessary to provide benefits advice and representation. This may include:

  • Your name, address, date of birth, and contact details
  • National Insurance number
  • Details of your financial circumstances including income, savings, and housing costs
  • Information about your health conditions and how they affect your daily life
  • Employment history and current employment status
  • Family composition and caring responsibilities
  • Copies of official documents such as medical reports, decision letters, bank statements, and tenancy agreements
  • Notes from consultations and meetings
  • Correspondence between you, us, and third parties such as the DWP or tribunal service

Information from Website Visitors

When you visit our website, we may collect:

  • Technical information such as your IP address, browser type, and device information
  • Information about your visit including pages viewed and time spent on the site
  • Cookie data as described in our Cookies Policy

How We Use Your Information

We process your personal data for the following purposes:

Providing Our Services

We use your information to deliver the advisory and representation services you've requested. This includes assessing your benefit entitlement, preparing applications, gathering evidence, and representing you in dealings with government departments or tribunals.

Legal Obligations

We may need to process your data to comply with legal requirements, such as maintaining accurate financial records for tax purposes or responding to legitimate requests from regulatory authorities.

Legitimate Interests

We process some data based on our legitimate business interests, such as improving our services, maintaining the security of our systems, and ensuring the quality of advice we provide. We always balance these interests against your rights and freedoms.

With Your Consent

In some cases, we may ask for your explicit consent to process certain types of information, particularly sensitive data about your health. You have the right to withdraw this consent at any time.

Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. For client services, we rely primarily on:

  • Contractual necessity: Processing your data is necessary to fulfil our agreement to provide advisory services
  • Legal obligation: We must process certain data to comply with laws and regulations
  • Legitimate interests: Processing is necessary for our legitimate business purposes, balanced against your rights
  • Consent: For processing special category data (such as health information), we obtain your explicit consent

Sharing Your Information

We will never sell your personal data to third parties. We only share information when necessary to provide our services or when required by law.

Third Parties We May Share Data With

  • Government departments: The Department for Work and Pensions, HM Courts & Tribunals Service, and other relevant authorities when submitting claims or appeals on your behalf
  • Medical professionals: GPs, consultants, or other healthcare providers when requesting evidence to support your claim (always with your consent)
  • Legal representatives: Barristers or solicitors if we instruct them to assist with your case
  • Service providers: Companies that provide IT support, data storage, or other services essential to our operations, under strict confidentiality agreements
  • Professional advisors: Accountants, auditors, or insurers when necessary for our business operations

We ensure that any third parties we work with are required to keep your information secure and confidential, and they may only use it for the specific purposes we've authorised.

How We Store Your Information

Your data is stored securely using a combination of physical and digital security measures:

  • Digital files are stored on encrypted, password-protected systems
  • Paper files are kept in locked cabinets within our secure office premises
  • Access to client data is restricted to staff members who need it to perform their duties
  • Regular backups are performed to prevent data loss
  • All staff receive training in data protection and confidentiality

How Long We Keep Your Information

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal requirements.

  • Active cases: We retain all information for the duration of your case and for six months after it concludes
  • Closed cases: After six months, we archive your file and retain it for seven years from the date your case closed. This period is necessary for potential future reference, complaints handling, and compliance with financial record-keeping requirements
  • After seven years: Files are securely destroyed. Digital records are permanently deleted and paper files are shredded

If you request deletion of your data before these periods expire, we will comply unless we have a legitimate legal reason to retain it.

Your Rights

Under data protection law, you have several important rights regarding your personal information:

Right of Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

Right to Rectification

If any information we hold is inaccurate or incomplete, you have the right to have it corrected.

Right to Erasure

In certain circumstances, you can ask us to delete your personal data. This right is not absolute and may not apply if we have legal grounds to retain the information.

Right to Restrict Processing

You can ask us to limit how we use your data in certain situations, such as when you contest the accuracy of the information.

Right to Data Portability

You can request that we provide your data in a structured, commonly used format so you can transfer it to another service provider.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our services.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within one month.

Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse:

  • Encrypted storage systems and secure file transfer protocols
  • Regular security audits and updates to our IT systems
  • Staff training on data protection and information security
  • Physical security measures at our office premises
  • Secure disposal of data when it is no longer needed

While we take every reasonable precaution, no method of electronic storage is completely secure. If you become aware of any security breach, please notify us immediately.

International Transfers

Your personal data is stored and processed within the United Kingdom. We do not transfer data outside the UK or European Economic Area except in rare circumstances where it may be necessary to provide our services (for example, if you relocate abroad during your case). In such cases, we ensure appropriate safeguards are in place to protect your information.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify clients by email and update the "last updated" date at the top of this page. We encourage you to review this policy periodically.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

Contact Information

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Email: [email protected]
Post: 142 Victoria Street, Bristol, BS1 6DL, United Kingdom