Legal

Privacy Policy

MV Public Relations Ltd ("MVPR") - Last updated: April 2026

1. Who we are

MVPR is an AI-powered public relations platform that helps communications teams manage journalist outreach, content creation, media monitoring, and campaign performance.

The company is registered in England and Wales (Company No. 09312518) at 83 Baker Street, London, W2 4AP, UK.

The Data Protection Officer is Konrad Fuger (CTO), reachable at konrad@mvpr.io.

2. Scope of this policy

This policy explains how we handle personal data when MVPR acts as a data controller, covering:

  • Website visitors (mvpr.io)
  • Individuals inquiring about or subscribing to services
  • Journalist and media contacts in the database
  • People communicating via email, phone, or social media

When processing data on behalf of customers (as a processor), a Data Processing Agreement governs the handling. Individuals whose data was submitted by a customer should contact that organisation first.

3. What personal data we collect

Website visitors

  • Technical data: IP address, browser type, device information, pages visited, referring URL
  • Cookie and analytics data

Prospective and existing customers

  • Contact details: name, email, phone, job title, company
  • Billing and account information
  • Communications history
  • Platform usage: login activity, feature usage, preferences

Journalist and media contacts

  • Professional contact details: name, email, job title, publication, social media profiles
  • Editorial information: beat coverage, articles, publication history, expertise areas
  • Engagement data: response rates, interaction history, platform interactions
  • Publication metrics: domain authority scores

We do not intentionally collect special category data under Article 9 of the UK GDPR.

4. How and why we use personal data

Purpose Legal basis (UK GDPR)
Providing platform and servicesPerformance of a contract (Art. 6(1)(b))
Account administration and billingPerformance of a contract (Art. 6(1)(b))
Maintaining journalist/media contact databaseLegitimate interests (Art. 6(1)(f))
Responding to enquiries and customer supportLegitimate interests (Art. 6(1)(f))
Sending marketing to prospective customersConsent (Art. 6(1)(a)), or legitimate interests
Platform improvement, analytics, feature developmentLegitimate interests (Art. 6(1)(f))
Security monitoring and fraud preventionLegitimate interests (Art. 6(1)(f))
Complying with legal and regulatory obligationsLegal obligation (Art. 6(1)(c))

For legitimate interests reliance, balancing assessments have been completed to ensure organisational interests don't override individual rights. Copies are available upon request from the Data Protection Officer.

5. Journalist and media contact data

MVPR maintains a database of journalist and media contact information to support our core service: connecting communications teams with relevant journalists. Data originates from publicly available sources including published bylines, publication websites, and professional social media profiles. Profiles update daily as new content publishes.

Processing occurs under legitimate interests (Art. 6(1)(f) UK GDPR), considered proportionate because the data involves professionals in media roles, information is limited to professional contact and editorial coverage, and journalists reasonably expect PR outreach about relevant stories.

Journalists can review, correct, or request deletion of their information by contacting konrad@mvpr.io, with responses within 30 days.

6. AI processing

MVPR uses artificial intelligence in service delivery, including large language models from Anthropic (Claude) and OpenAI for content drafting, journalist matching, opportunity identification, and quality assessment.

  • All AI outputs are subject to human review before they are acted upon. MVPR operates a human-in-the-loop workflow and does not use AI to make solely automated decisions that produce legal or similarly significant effects on individuals (Article 22 UK GDPR).
  • Data minimisation principles apply when submitting to AI providers; only necessary information is included.
  • AI providers operate through EEA entities (Anthropic Ireland Limited and OpenAI Ireland Ltd.) and do not use customer data for model training.
  • AI-generated content becomes customer property after editorial review.

Full AI governance details appear in the AI Transparency & Governance Addendum.

7. Who we share personal data with

Data sharing occurs only when necessary with appropriate safeguards:

  • AI providers: Anthropic Ireland Limited and OpenAI Ireland Ltd.
  • Cloud infrastructure: Google Cloud Platform (EU multi-region data centres)
  • Email and productivity: Google Workspace and Microsoft Office 365
  • Domain analytics: Moz (non-personal domain authority data)
  • Compliance monitoring: Vanta (SOC 2 certified)
  • Professional advisors: legal, accounting, and insurance providers

We do not sell personal data or share it with third parties for their marketing.

8. International transfers

Primary data storage and processing occurs in the European Economic Area using Google Cloud Platform's EU multi-region data centres. AI providers operate through Irish entities within the EEA.

Where data transfers outside the EEA occur (to US-based sub-processors like Moz or Vanta), appropriate safeguards include Standard Contractual Clauses approved by the European Commission under GDPR Article 46(2)(c), supplemented by transfer impact assessments when required.

9. Cookies

The website uses essential cookies ensuring proper function and analytics cookies for understanding visitor interaction. Users can manage preferences through browser settings or the website's cookie consent mechanism. Disabling non-essential cookies does not prevent site browsing.

10. Data retention

  • Customer account data: duration of relationship plus 30 days after termination
  • Billing and financial records: up to 7 years per UK law
  • Website analytics: per analytics provider retention settings
  • Journalist contact data: maintained and refreshed while relevant; deleted on request
  • Marketing data: until consent withdrawal or unsubscription

11. Your rights

Under UK data protection law, you have the right to:

  • Access - request copies of your personal data
  • Rectification - correct inaccurate or incomplete information
  • Erasure - request deletion where no compelling processing reason exists
  • Restriction - limit how we use your data
  • Portability - receive your data in a structured, machine-readable format
  • Object - oppose legitimate interests processing, including direct marketing
  • Withdraw consent - remove consent at any time without affecting prior lawful processing

Exercise these rights by contacting konrad@mvpr.io. We will respond within one month. If you are dissatisfied, you may lodge a complaint with the Information Commissioner's Office (ICO).

12. Security

MVPR holds ISO 27001:2022 certification and maintains a comprehensive information security management system. Measures include encryption at rest and in transit, multi-factor authentication, role-based access controls, network segmentation, and regular penetration testing and vulnerability assessments.

Security details and certifications are at trust.mvpr.io.

13. Changes to this policy

We update this policy periodically. Material changes will be communicated through the website or by email to affected individuals. The "Last updated" date at the top indicates the most recent revision.

14. Contact us

Data Protection Officer

Konrad Fuger, CTO

Email: konrad@mvpr.io

MV Public Relations Ltd

83 Baker Street

London, W2 4AP

United Kingdom