Privacy Policy

Last updated: 8 June 2026

1. About This Notice

This Privacy Policy explains how Mitos Relocation Solutions Ltd ("Mitos", "we", "us", "our") collects, uses, shares, and protects personal data. It applies to:

  • visitors to our website (mitosrelocation.com);

  • people who subscribe to our newsletter or contact us through our website;

  • prospective clients in discovery calls or pre-engagement discussions;

  • clients who engage us for advisory services;

  • business partners, professional contacts, and individuals whose data is shared with us in the course of client engagements (for example, family members of clients).

We are the data controller for the personal data we process. Our company is registered in England and Wales (company number 16002689), with registered office at C/O Aardvark Accounting, 1 Cedar Office Park, Cobham Road, Wimborne, BH21 7SB, United Kingdom.

We are registered with the UK Information Commissioner's Office (ICO) under registration reference ZB923476.

You can contact us about this notice or any data protection matter at data.protection@mitosrelocation.com.

2. What Personal Data We Collect

The data we collect depends on how you interact with us.

Website visitors and newsletter subscribers. When you submit a form on our website, we collect the information you provide — typically your name, email address, country of residence, and any details you choose to include in your message or inquiry.

Prospective clients. Before or during a discovery call, we ask you to complete a short intake form. This typically covers: your name and contact details, age group, current country of residence, citizenship(s), intended destination country and region, target relocation timeline, family or household situation (whether relocating alone, with a partner, or with dependants), and the drivers behind your relocation (for example, lifestyle, tax, family, climate, healthcare). You may also share other context relevant to assessing whether our services are a fit.

Clients. Where you engage us, we collect more detailed personal data necessary to deliver our services. This typically includes:

  • identification and contact data (full name, date of birth, nationality, residential address, email, phone, identity document copies, proof of address);

  • family and household data (information about spouses, partners, dependants, or other co-clients);

  • financial and asset data (income sources, pension structures, investment holdings at a general level, property ownership, anticipated transfers);

  • residency and immigration data (current and previous residency, visa or citizenship status, travel history relevant to tax residency);

  • preferences and lifestyle data relevant to your relocation (health considerations only where you choose to disclose them, lifestyle priorities, location preferences);

  • correspondence and notes from our interactions with you.

Some of this data is special category data under UK GDPR (for example, health information). We process this only where you have voluntarily disclosed it because it is relevant to your relocation decision, and on the basis set out in section 4 below.

Business partners and professional contacts. We hold standard business contact data for lawyers, tax advisers, immigration specialists, real estate professionals, and other partners we work with on behalf of clients.

Data we receive from third parties. Occasionally we receive personal data about you from third parties — for example, from a professional referrer who has introduced you to us, from co-clients in a joint engagement, or from public databases used for sanctions and politically-exposed-persons screening.

Whether you must provide data. Providing personal data is not a legal requirement in general, but some data is necessary for us to deliver our services. If you choose not to provide identification documents required for client due diligence, we will not be able to accept you as a client. If you choose not to provide information relevant to your relocation circumstances, this will limit our ability to give meaningful advice.

3. How We Use Your Personal Data

We use personal data to:

  • respond to inquiries and provide information about our services;

  • send newsletters and marketing communications where you have subscribed (you can unsubscribe at any time);

  • assess whether to take on an engagement, including conducting client due diligence, identity verification, and sanctions screening;

  • deliver the advisory services agreed under our Terms of Engagement;

  • coordinate with third-party professionals (lawyers, tax advisers, immigration specialists, real estate professionals) involved in your relocation;

  • maintain a record of prospect conversations to support continuity if you return to us at a later date (retirement relocation decisions often have long lead times);

  • manage our relationship with you, including billing, scheduling, and post-engagement support;

  • keep records to meet our legal, regulatory, and tax obligations;

  • improve our services, internal processes, and content (using anonymised or aggregated data wherever possible);

  • defend or pursue legal claims where necessary.

4. Our Lawful Bases For Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The basis depends on the activity:

  • Responding to inquiries and discovery calls — legitimate interests (responding to your request) and steps taken at your request prior to entering a contract.

  • Retaining prospect data for pipeline continuity — legitimate interests (maintaining context for prospects who may return to us over long lead times).

  • Newsletter and marketing communications — your consent, which you can withdraw at any time.

  • Delivering services under an engagement — performance of a contract with you.

  • Client due diligence, identity verification, sanctions and PEP screening — compliance with a legal obligation (UK Money Laundering Regulations 2017) and legitimate interests.

  • Coordinating with third-party professionals — performance of a contract with you.

  • Retaining records for legal and regulatory purposes (AML, tax) — compliance with a legal obligation.

  • Retaining records to defend potential legal claims — legitimate interests (defence of claims within the limitation period).

  • Processing special category data (e.g. health information you disclose) — your explicit consent, given at the point of disclosure, or where necessary for the establishment, exercise, or defence of legal claims.

  • Improving our services — legitimate interests (with anonymisation where possible).

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You can ask us for more information about this balancing assessment.

5. Who We Share Your Personal Data With

We share personal data only where necessary. Recipients include:

  • Third-party professionals engaged in your relocation: lawyers, tax advisers, immigration specialists, real estate professionals, notaries, and similar advisers, primarily in Greece, Cyprus, Italy, and the United Kingdom, but occasionally in other jurisdictions relevant to your circumstances;

  • Co-clients in a joint engagement (see section 7 below);

  • Service providers who support our business operations: our accountants, IT and software providers (including cloud storage, CRM, email, video conferencing, and document management providers), payment processors, and professional indemnity insurers;

  • Regulators, tax authorities, law enforcement, and courts where we are legally required to disclose data;

  • Professional advisers acting for us (our own lawyers, accountants, auditors);

  • Any successor entity in the event of a sale, merger, or restructuring of our business.

We do not sell personal data. We do not share personal data for third-party marketing.

6. International Transfers

Mitos is based in the United Kingdom, but our clients, business partners, and service providers are located across the world. Delivering our services routinely involves transferring personal data outside the UK.

Specifically:

  • We work with clients located in the UK, EU, United States, and other jurisdictions globally, and process their data in connection with services.

  • We share data with third-party professionals in countries including Greece, Cyprus, and Italy (all EU/EEA), and occasionally in other jurisdictions relevant to a specific engagement.

  • Some of our service providers (for example, certain cloud and software providers) are based in or process data in the United States or other non-UK countries.

Where personal data is transferred outside the UK, we ensure that an appropriate transfer mechanism is in place for each transfer:

  • Transfers to EU/EEA countries are covered by the UK's adequacy decision in respect of the EU.

  • Transfers to the United States rely on the UK-US Data Bridge where the relevant recipient is certified under it, and otherwise on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

  • Transfers to other jurisdictions rely on the UK IDTA, the UK Addendum to the EU Standard Contractual Clauses, or another approved transfer mechanism, supplemented by additional safeguards where appropriate.

You can request further information about the safeguards applied to a specific transfer by contacting us.

7. Multi-Person And Joint Engagements

Where we are engaged by more than one person (for example, spouses, civil partners, unmarried couples, or family members), we treat the engagement as a single, integrated piece of work. This means that information shared by any one co-client may be discussed with, disclosed to, and used in advice directed at any or all of the other co-clients.

If you wish any specific piece of information to be held in confidence and not shared with your co-client(s), you must tell us so expressly and in writing at the time you share it. Please be aware that holding such information confidentially may, in some cases, mean we are unable to continue acting for all co-clients — for example, if the undisclosed information is material to the advice we are giving. We will discuss this with you if the situation arises.

The contractual terms governing this are set out in our Terms of Engagement, which each co-client accepts at onboarding.

8. How Long We Keep Personal Data

We keep personal data only as long as necessary for the purposes for which we collected it. Specifically:

  • Prospective client inquiries that do not lead to engagement: retained for up to 5 years from last meaningful contact, on the basis of our legitimate interest in maintaining context for prospects who may return to us (retirement relocation decisions typically have long lead times). After this period, data is deleted unless you have separately consented to ongoing marketing communications, in which case data is retained until you unsubscribe.

  • Newsletter and marketing subscribers: retained until you unsubscribe, then deleted within a reasonable period.

  • Client engagement records: for the duration of the engagement and for 6 years after the engagement ends. This reflects (i) the UK Money Laundering Regulations 2017 requirement to retain client due diligence records for 5 years after the end of the business relationship, and (ii) the standard 6-year limitation period for contractual claims in England and Wales.

  • Records required for tax purposes: 6 years from the end of the relevant tax year, in line with HMRC requirements.

  • Records subject to a legal hold (for example, in connection with actual or threatened litigation): for as long as the hold remains in place.

After these periods, data is securely deleted or anonymised.

9. How We Protect Personal Data

We apply technical and organisational measures appropriate to the nature of the data and the risk involved. These include access controls, encryption in transit and at rest where appropriate, secure cloud storage with reputable providers, multi-factor authentication, and staff training on confidentiality and data protection.

We restrict access to client data to those within Mitos who need it to deliver services, and to third-party professionals on a need-to-know basis under appropriate confidentiality arrangements.

No system is entirely secure, and we cannot guarantee absolute security. We will notify you and, where required, the Information Commissioner's Office of any personal data breach in accordance with our legal obligations.

10. Your Rights

You have the following rights under UK data protection law:

  • Access: to obtain a copy of the personal data we hold about you.

  • Rectification: to ask us to correct inaccurate or incomplete data.

  • Erasure: to ask us to delete data, in certain circumstances.

  • Restriction: to ask us to limit how we use your data, in certain circumstances.

  • Objection: to object to processing based on legitimate interests, and to object to direct marketing at any time.

  • Portability: to receive certain data in a structured, machine-readable format, where applicable.

  • Withdrawal of consent: where processing is based on consent, you can withdraw it at any time (without affecting the lawfulness of processing before withdrawal).

  • Complaint: to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk). Before doing so, we would appreciate the chance to address your concerns directly. You can raise a complaint with us by emailing data.protection@mitosrelocation.com with "Data protection complaint" in the subject line. We will acknowledge within 5 working days and aim to provide a substantive response within 30 days.

Some of these rights are qualified — for example, we may need to retain certain data despite an erasure request in order to meet our legal obligations under anti-money-laundering rules. We will explain this if it applies.

To exercise any of these rights, contact us at data.protection@mitosrelocation.com. We will respond within one month, and may ask you to verify your identity before releasing data.

11. Automated Decision-Making And Profiling

We use two forms of automated processing that involve profiling. No decisions about you are made solely by automated means — human review is always part of any decision that affects you.

Sanctions and PEP screening. When you complete our client intake form, we run an automated check against sanctions lists and politically-exposed-persons (PEP) databases. The check uses your name, date of birth, nationality, and country of residence, and screens them against lists maintained by OFSI, OFAC, the UN Security Council, the EU consolidated list, and other national registries.

A clear result is resolved automatically and the engagement proceeds. A potential match is reviewed by us before any decision is made — we do not decline a client solely on the basis of an automated result.

The legal basis for this processing is compliance with our obligations under UK sanctions law and, where applicable, the UK Money Laundering Regulations 2017, and our legitimate interests in preventing sanctions violations.

Background research on prospective clients. When you submit an initial inquiry or take a discovery call with us, we may carry out background research using publicly available information to build a picture of your circumstances relevant to our services. This helps us assess whether our services are a good fit before either side invests significant time. The results of this research may influence whether and how we follow up with you.

Your rights. You have the right to ask us about any automated processing or profiling that relates to you, including what data was used and how any outcome was reached. You also have the right to request human review of any outcome that affects you. To exercise these rights, contact us using the details in section 15.

12. Cookies And Tracking

Our website uses cookies and similar tracking technologies to keep the site functioning, to understand how visitors find and use our content, and to support our marketing. This section explains the categories of tools we use, why we use them, and how you can control them.

The specific tools within each category may change over time as our marketing and analytics setup evolves. A full and up-to-date list of the cookies and tracking technologies currently active on our site — including provider, purpose, and duration — is available in our cookie preferences panel, accessible via the cookie settings link in our website footer.

Our consent position. Non-essential cookies and tracking tools — including analytics, session replay, advertising pixels, and marketing attribution — are only activated after you give consent through our cookie banner. You can refuse, change, or withdraw your consent at any time, as easily as you give it, using the cookie settings link in the footer of our site. Refusing non-essential cookies does not affect your ability to use the site.

Categories of cookies and tracking technologies we use

Strictly necessary cookies. These are required for the website to function and to deliver the service you have requested — for example, remembering your cookie consent choices and maintaining basic security. They do not require your consent because the service cannot operate without them.

Analytics. We use analytics tools to understand how visitors find and navigate our site, such as which pages are most read, where visitors come from, and how long they stay. Data is collected in aggregated form and is not used to identify individuals. We currently use Google Analytics 4, deployed via Google Tag Manager. Google Tag Manager itself is a tag management system; any non-essential tags it loads on our site are gated behind your consent.

Session replay and heatmapping. We use session replay and heatmapping tools to record anonymised interactions on our site (mouse movements, clicks, scrolling) so we can improve the design and clarity of our pages. We currently use Microsoft Clarity. Data is processed by the provider in accordance with its own privacy terms.

Marketing and advertising cookies. We use advertising pixels and similar technologies to measure the effectiveness of our marketing campaigns and to show relevant ads to people who have previously visited our site. These tools share limited data with the relevant advertising platforms. We currently use the Meta (Facebook) Pixel, and we may add equivalent tools from other advertising platforms (such as LinkedIn, Google Ads, or others) in future. Where we do, they will be added under this category and listed in our cookie preferences panel, and your existing consent settings for marketing cookies will apply.

Marketing attribution. We use a lightweight first-party script that stores attribution data — such as the referrer that brought you to our site and the pages you visited — in your browser's session storage for the duration of your visit. This data is deleted when you close the tab and is not shared with third parties. Because this data is used for marketing attribution rather than essential site functionality, we treat it as non-essential and load it only with your consent, even though it is not a cookie.

Hosting platform. Our website is hosted on Framer. As part of providing the hosting service, Framer processes basic server-side data (such as IP addresses, page request logs, and aggregate traffic data) on the basis of its legitimate interest in operating a secure, reliable, and performant platform. This data is not used by us for marketing purposes. For detail on how Framer processes data, see Framer's Privacy Statement and Cookie Policy.

Managing your preferences

When you first visit our site, we present a cookie banner that allows you to accept or refuse non-essential cookies and tracking. You can change your preferences at any time via the cookie settings link in the footer of our website. You can also block or delete cookies through your browser settings.

For Google Analytics specifically, you can additionally opt out using Google's browser opt-out tool.

Further information

For detail on how each third-party provider handles data, see their respective documentation: Google, Microsoft, Meta, and Framer.

13. Children

Our services are directed at adults. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us.

14. Changes To This Notice

We may update this notice from time to time to reflect changes in our practices or in the law. We will post any updated version on this page with a revised "Last updated" date. Where changes are material, we will take reasonable steps to notify clients directly.

15. Contact

For any questions, requests, or complaints about how we handle personal data, contact data.protection@mitosrelocation.com.

Mitos Relocation Solutions ICO registration: ZB923476

Mitos Relocation logo white

Home

Services

Countries

About us

Book an Intro Call

Mitos Relocation logo white
Mitos Relocation logo white