Privacy Policy

78 Mct Ltd t/as Apostilles Direct (“We”) are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from clients or prospects or that they may provide to us, will be processed by us.

Our views and practices regarding personal data and how we will treat it are outlined in this Policy and when a visitor to they are accepting and consenting to the practices described in this policy.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is 78 Mct Ltd of 483 Green Lanes London N13 4BY

Who? | Information we may collect

We may collect and process the following data about about an Individual:

  • Information an individual provides to us. Information about an individual may be given to us by filling in contact forms on our site  our site) or by corresponding with us by phone, e-mail, online chat or our online platform.   This includes information an individual provides when registering to use our site, signing-up to our service and when reporting a problem with our site or services we provide.  The information given to us may include name, contact address, e-mail address, phone number.
  • Information we receive from other sources.  We may receive information about you if you use any of the  services we provide. [In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.] We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.


  • Information we receive during the course or providing service.  We may receive information such as inbound / outbound tracking numbers of items, various mail forwarding addresses, envelope contents, parcel contents and sender’s sender’s information


  • Information we collect about an Individual. With regard to each visit to our site (including our Online Platform) or usage of our service, we may automatically or manually collect the following information:
  • technical information, including the Internet protocol (IP) address used to connect an individual’s computer to the Internet,  login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about an individual’s visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); services viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
  • Information we collect via Cookies  Our Website uses cookies to distinguish one individual from another. This provides an individual with a good experience when they browse our Website and navigate our Online Platform and also allows us to improve both of these mediums.   [By continuing to browse the site, an Individual agrees to our use of cookies.] A cookie is a small file of letters and numbers that we store within an individual’s browser or their device storage drive if the individual agrees. Cookies contain information that is transferred to an individual’s browser or device storage drive.   We use the following cookies:
  • Strictly Necessary Cookies | These are cookies that are required for the operation of our website. They include, for example, cookies that enable an individual to log into secure areas of our Website and Online Platform, sign-up to our services, renew and top-up an account, use a shopping cart or make use of e-billing services
  • Analytical & Performance cookies |  These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies |  These are used to recognise an individual when they return to our website. This enables us to personalise our content for an individual, greet them by name, remember their preferences (for example,  their choice of language or region).
  • Targeting cookies |. These cookies record an individual’s visit to our website, the pages they have visited and the links they have followed. We will use this information to make our website and the advertising displayed on it more relevant to an individual’s interests. We may also share this information with third parties for this purpose.

Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies] An individual blocks cookies by activating the setting on their browser that allows them to refuse the setting of all or some cookies. However, if an individual uses their browser settings to block all cookies (including essential cookies) they may not be able to access all or parts of our site.   Except for essential cookies, all cookies will expire after a reasonable time period.

Why? | Our lawful basis for processing

  • Consent |   Individual provides consent to use their data supplied on our contact form and application order form in order for us to provide a service quotation and/or information on requested service.
  • Contractual | The provision of a document legalisation service requires processing of the individuals personal data in order for the company to meet our contractual obligations to the Individual and for the service to operate.)  The personal data is supplied to 78 MCT Ltd by the Individual. The processing is necessary as the service cannot operate without it.

How? | Processing & Sharing an individual’s Information

An individual’s information may be processed and shared in one or more of the following ways.

  • Within our Service | Sending e-mail notifications and corresponding with the client and for generally providing the document legalisation service.
  • Approved Service Partners | Individuals data may be shared with approved service partners who operate part of our service under contracts that we enter into.
  • Legal Obligation | Subject to DPA requests where applicable, we may share an individual’s data with Government Agencies, Trading Standards, the Police and other bodies who may have an interest in the individual’s data when we are requested to by law or to comply with a legal obligation.     We also may share an individual’s information in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of 78 MCT Ltd. our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, Money Laundering and Terrorist Financing.
  • Third Party Providers |  acting as Processors based in the United Kingdom who provide IT and system administration services.
  • Professional advisers | acting as Processors including lawyers, bankers, auditors and insurers based in the United Kingdom] who provide consultancy, banking, legal, accounting and insurance services.


When? | Informing an Individual

We inform an individual at the point of when we first need them to supply their data or we intend to collect it or when we intend to change the way in which we process an individual’s data.

There are various stages when this can happen: –

    • Application / Order Form | A ‘Consent Statement’ in the form of a Client Privacy Notice is to be acknowledged by the Individual on our Order Form Form before submission.      If an individual does not agree to our Privacy Policy, they will not be able to proceed with the order of Services.
    • Completing Contact Forms on our Website | A ‘Consent Statement’ in the form of our Client Privacy Notice is to be acknowledged before submission of a form. Our Contact Forms ensure the user has to actually read our Policy by way of scrolling down the Privacy Notice before they can accept or decline.    If an individual does not agree to our Privacy Policy, they will not be able to proceed with the Sign-up Process.
    • Website | Display Privacy Policy with our other Policies and Procedures.



Where? | Storage of an Individual’s Data

  • The data that we collect from an individual may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting personal data to us, the individual agrees to this transfer, storing or processing. 78 MCT Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.


  • Other Cloud-Based Productivity Application and Storage | We may use third-party web-based applications to process an individual’s data that are encrypted using SSL technology.  


Security | Risk and Data Breach

Once we have received information on an individual, we will use strict procedures and security features to try to prevent unauthorised access.

  • Access to Information  | Individual User Access Rights with username and password protection.
  • Departmental Restriction  | Data restricted to only those internally who need access to it.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of your data transmitted to our site; any transmission to us is at the individual’s own risk.

Data Breaches

  • We will maintain logs of all data breaches.
  • Low-risk breaches of data will not require any further action.
  • All breaches of data will be notified (where necessary) to the ICO
  • All HIGH-RISK breaches of data will be notified to the individual immediately.

Review of Security Measures of Individual Data Storage Locations.

We will review our security measures at one or more of the following events: –

  • At Initial Implementation of GDPR before 25th May 2018
  • When an Employee Leaves
  • When an Employee Starts
  • When law / guidelines change
  • Otherwise on an Annual Basis from Policy implementation

Data Retention | How long for?

  • Once data is no longer required for processing, data will be retained for a minimum of 7 years to meet our legal obligations for HMRC and tax purposes. but no longer than 10 years or until an individual asks us for erasure (whichever is the sooner, subject to any legal obligations).
  • An individual may request to have their Data erased after we have finished processing by contacting the Data Controller at: The Data Controller, 78 MCT Ltd 483 Green Lanes, London, N13 4BY.     Email:


Right to Request | Subject Access

An individual has the right to ask us not to process their personal data for marketing purposes. We will usually inform them (before collecting their data) if we intend to use their data for such purposes or if we intend to disclose their information to any third party for such purposes

An individual can exercise their right to prevent such processing by checking certain boxes on the forms we use to collect their data.  An individual can also exercise their right at any time by contacting us at Data Controller at: The Data Controller, 78 MCT Ltd 483 Green Lanes, London, N13 4BY.     Email:

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If an individual follows a link to any of these websites, we do not accept any responsibility or liability for the privacy policies contained therein.  In individual should check these policies before they submit any personal data to these websites.


An individual can exercise their right to request erasure, rectification, objection, restriction and subject access requests at any time, subject to any other legal obligations we may have to comply with, by contacting the Data Controller at: Data Controller at: The Data Controller, 78 MCT Ltd 483 Green Lanes, London, N13 4BY.     Email:

An individual has the right to access information held about them.  Their right of access can be exercised at any time, by contacting the Data Controller at:  Data Controller at: The Data Controller, 78 MCT Ltd 483 Green Lanes, London, N13 4BY. Email:

However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

We will respond to all Subject Access Requests within 30 days of receipt and maintain a log of all requests received.

Training & Awareness

In order to ensure that this policy and associated procedures are being followed, training and awareness will take place at one or more of the following events: –

  • At Initial Implementation of GDPR before 25th May 2018
  • When an Employee Leaves
  • When an Employee Starts
  • When law / guidelines change
  • Otherwise on an Annual Basis from Policy implementation

Training Methods

Training of our Data Protection procedures comprises a mixture of face-to-face training and internal emails and documentation.

Accessing Records, Policies and Training Notes

Staff are made aware of how to access our policies, procedures and training notes.     All of which are stored securely on cloud-based drives for easy of access, update and amendment.

Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to the individual via email.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to  Data Controller at: The Data Controller, 78 MCT Ltd 483 Green Lanes, London, N13 4BY.    Email:

This Policy is Copyright to 78 MCT Ltd