1. Introduction
We take privacy and data protection very seriously. This Privacy Policy explains how My Centre Office (MyCo) collects, uses, stores, and protects your personal data. Please read this carefully. If you have any questions, contact us at any time via our helpdesk or the Contact Us page on our website.
2. Who We Are
My Centre Office is a product of My Centre Office Ltd, a registered company in the United Kingdom, company registration number 07719756. We are registered with the UK Information Commissioner's Office (ICO) and the Nigeria Data Protection Commission (NDPC) as a Data Controller.
3. What Information Do We Collect?
When you register an account with MyCo, we collect the following information about you as an account holder:
- First name, last name, and email address
- Phone number and business details
- Payment information processed through our payment partners
- Any additional user details you provide when creating users on your account
As a platform, MyCo also acts as a Data Processor on behalf of our account holders (Data Controllers). This means we process the personal data that you as a business owner collect from your own clients and contacts through MyCo. The nature of that data is determined by you as the Controller, not by MyCo.
4. How Do We Use Personal Information?
Personal information collected directly from you is used to:
- Provide and manage your MyCo account and subscription
- Communicate with you regarding system updates, notifications, password resets, and account information
- Process payments for your subscription
- Deliver the services you have subscribed to
Where MyCo processes your contacts' data on your behalf, this is done strictly in accordance with your instructions as the Data Controller and our Data Processing Agreement.
5. What Legal Basis Do We Have for Processing Your Personal Data?
We process your personal data on the following legal bases:
- Contract — Processing necessary to provide the services you have subscribed to
- Legitimate Interests — Where we have a legitimate business reason to process data, such as improving our platform and ensuring security
- Legal Obligation — Where we are required to process data to comply with applicable law
6. When Do We Share Personal Data?
We treat your data confidentially. We only share data with trusted third party partners where necessary to deliver our services. These partners are listed below:
| Partner | Location | Purpose |
|---|---|---|
| Sendgrid | United States | Email delivery |
| Voodoo SMS | United Kingdom | SMS delivery (UK) |
| Kudisms | Nigeria | SMS delivery (Nigeria) |
| Stripe | United States | Payment processing |
| Paystack | Nigeria | Payment processing |
| Flutterwave | Nigeria | Payment processing |
| Korapay | Nigeria | Payment processing |
| Webhosting UK | United Kingdom | Server hosting |
Data shared with these partners is limited strictly to what is necessary to fulfil the specific service they provide.
7. International Data Transfers
Some of our third party partners are based outside the United Kingdom and the European Economic Area — specifically Sendgrid and Stripe in the United States. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses where applicable.
8. Where Do We Store and Process Personal Data?
All MyCo platform data is hosted on servers in the United Kingdom through Webhosting UK. Emails and SMS messages initiated from MyCo are routed through our delivery partners' systems as described in Section 6. Message history is stored on their secure systems for delivery tracking purposes and is deleted upon account closure.
9. How Do We Store Personal Data?
We store personal data securely through our hosting partner. Our security measures include:
- SSL/TLS encryption for all data in transit
- Encrypted password storage
- Automatic blocking of suspected unauthorised access
- Secure data centre facilities
- Ongoing staff awareness of data privacy responsibilities
MyCo is also certified under Cyber Essentials, demonstrating our commitment to protecting against common cyber threats.
10. How Long Do We Keep Your Personal Data?
We retain your personal data for the duration of your subscription with MyCo. If you request account closure, your data will be deleted promptly. Where we are required to retain certain data for legal or regulatory reasons, we will inform you of this.
11. Your Rights in Relation to Personal Data
You have the following rights regarding your personal data:
- Right of Access — You can request a copy of the personal data we hold about you
- Right to Rectification — You can request correction of inaccurate data
- Right to Erasure — You can request deletion of your personal data
- Right to Restrict Processing — You can ask us to limit how we use your data
- Right to Object — You can object to certain types of processing
- Right to Data Portability — You can request your data in a portable format
- Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please submit a request via our helpdesk.
12. Data Export and Delivery
We respect your right to access and obtain copies of your personal data held within MyCo. Requests for data export must be made by authorised representatives of your organisation. To protect the security and confidentiality of your data, we only deliver data through verified and secure channels officially associated with your organisation. We do not transfer personal data to third party platforms or domains unless explicitly authorised in writing by your organisation's designated officers.
13. Data Processing Agreement
By using MyCo, you agree that your personal data will be processed in accordance with our Data Processing Agreement (DPA), which forms part of our contractual relationship. The DPA sets out the responsibilities and obligations of both parties regarding the collection, use, security, and protection of personal data, in compliance with applicable data protection laws including UK GDPR and the Nigeria Data Protection Act 2023. You can review the full DPA at any time via your account. Your continued use of MyCo confirms your acceptance of the DPA.
14. Regulatory Compliance
MyCo is registered and compliant with the following regulatory bodies:
- UK Information Commissioner's Office (ICO) — Registered under UK GDPR
- Nigeria Data Protection Commission (NDPC) — Registered as a Data Controller under the Nigeria Data Protection Act 2023
- Cyber Essentials — Certified against common cyber threats
15. How to Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us via the MyCo helpdesk at hello@mycentreoffice.com.
Last updated: February 2026