MV Public Relations Ltd ("MVPR") · Last updated: April 2026
1. Who we are
MVPR is an AI-powered public relations platform that helps communications teams manage journalist outreach, content creation, media monitoring, and campaign performance.
MV Public Relations Ltd is registered in England and Wales (Company No. 09312518). Our registered address is 83 Baker Street, London, W2 4AP, UK.
Our Data Protection Officer is Konrad Fuger (CTO), contactable at konrad@mvpr.io.
2. Scope of this policy
This policy explains how MVPR collects, uses, and protects personal data when we act as a data controller: that is, when we decide the purposes and means of processing. This covers:
- Visitors to our website (mvpr.io)
- Individuals who enquire about or sign up for our services
- Journalist and media contacts whose professional information we hold
- Individuals who communicate with us by email, phone, or social media
When we process personal data on behalf of our customers (as a data processor), that processing is governed by our Data Processing Agreement with the relevant customer. If you believe your data has been submitted to MVPR by one of our customers, please contact that organisation directly in the first instance.
3. What personal data we collect
Website visitors
- Technical data: IP address, browser type, device information, pages visited, referring URL
- Cookie and analytics data (see Section 9)
Prospective and existing customers
- Contact details: name, email address, phone number, job title, company name
- Billing and account information
- Communications with us
- Platform usage data: login activity, feature usage, preferences
Journalist and media contacts
- Professional contact details: name, email address, job title, publication, social media profiles
- Editorial information: beat coverage areas, recent articles, publication history, areas of expertise
- Engagement data: response rates, interaction history with MVPR platform users
- Publication metrics: domain authority scores
We do not intentionally collect special category data (as defined in Article 9 of the UK GDPR).
4. How and why we use personal data
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Providing our platform and services to customers | Performance of a contract (Art. 6(1)(b)) |
| Account administration and billing | Performance of a contract (Art. 6(1)(b)) |
| Maintaining a database of journalist and media contact information for media relations purposes | Legitimate interests (Art. 6(1)(f)): facilitating effective media outreach using publicly available professional information |
| Responding to enquiries and providing customer support | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications to prospective customers | Consent (Art. 6(1)(a)), or legitimate interests where we have an existing relationship |
| Improving our platform, conducting analytics, and developing new features | Legitimate interests (Art. 6(1)(f)) |
| Security monitoring, fraud prevention, and protecting our systems | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have carried out a balancing assessment to ensure that our interests do not override the rights and freedoms of the individuals concerned. A copy of the relevant assessment is available on request by contacting our Data Protection Officer.
5. Journalist and media contact data
MVPR maintains a database of journalist and media contact information to support our core service: connecting communications teams with relevant journalists. This data is sourced from publicly available information, including published bylines, publication websites, and professional social media profiles. Journalist profiles are refreshed daily as new content is published.
We process this information under the legitimate interests basis (Art. 6(1)(f) UK GDPR). We consider this processing to be proportionate because: the data relates to individuals acting in a professional media capacity; the information is limited to professional contact details and editorial coverage areas; and journalists have a reasonable expectation that PR professionals will contact them about relevant stories.
If you are a journalist and would like to review, correct, or request deletion of your information from our database, please contact us at konrad@mvpr.io. We will respond within 30 days.
6. AI processing
MVPR uses artificial intelligence in the delivery of our services, including large language models provided by Anthropic (Claude) and OpenAI. AI is used to assist with tasks such as content drafting, journalist matching, opportunity identification, and quality assessment.
Key points about how we use AI:
- All AI outputs are subject to human review before they are acted upon. MVPR operates a human-in-the-loop workflow and does not use AI to make solely automated decisions that produce legal or similarly significant effects on individuals (Article 22 UK GDPR).
- We apply data minimisation principles when submitting data to AI providers. Only the information necessary for a specific task is included.
- Our AI providers process data through their EEA entities (Anthropic Ireland Limited and OpenAI Ireland Ltd.) and do not use customer data to train their models.
- AI-generated content is treated as customer property once refined through editorial review.
For full details of our AI governance framework, see the AI Transparency & Governance Addendum available through our Trust Centre.
7. Who we share personal data with
We share personal data only where necessary and with appropriate safeguards in place. Our categories of recipients include:
- AI providers: Anthropic Ireland Limited and OpenAI Ireland Ltd., for AI-assisted processing within our platform
- Cloud infrastructure: Google Cloud Platform (EU multi-region data centres), for hosting and storage
- Email and productivity tools: Google Workspace and Microsoft Office 365, as configured by individual customers
- Domain analytics: Moz (domain authority data — non-personal)
- Compliance monitoring: Vanta (SOC 2 certified)
- Professional advisors: legal, accounting, and insurance providers as needed
A current list of our sub-processors is available at mvpr.io/subprocessors.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
8. International transfers
Our primary data storage and processing takes place within the European Economic Area (EEA), using Google Cloud Platform's EU multi-region data centres. Our AI providers operate through their Irish entities within the EEA.
Where personal data is transferred outside the EEA (for example, to US-based sub-processors such as Moz or Vanta), we rely on appropriate safeguards including Standard Contractual Clauses approved by the European Commission under GDPR Article 46(2)(c), supplemented by transfer impact assessments where required.
9. Cookies
Our website uses cookies and similar technologies. Essential cookies are used to ensure the website functions properly. We also use analytics cookies to understand how visitors interact with our site.
You can manage your cookie preferences through your browser settings or through the cookie consent mechanism on our website. Disabling non-essential cookies will not affect your ability to browse the site.
10. Data retention
We retain personal data only for as long as it is needed for the purposes described in this policy, or as required by law:
- Customer account data: for the duration of the customer relationship, plus 30 days for deletion after termination
- Billing and financial records: up to 7 years, as required by UK law
- Website analytics data: in accordance with our analytics provider's retention settings
- Journalist contact data: maintained and refreshed on an ongoing basis while relevant to our services; deleted on request
- Marketing data: until consent is withdrawn or you unsubscribe
11. Your rights
Under UK data protection law, you have the right to:
- Access: request a copy of the personal data we hold about you
- Rectification: ask us to correct inaccurate or incomplete data
- Erasure: ask us to delete your personal data where there is no compelling reason for its continued processing
- Restriction: ask us to limit how we use your data
- Portability: request your data in a structured, commonly used, machine-readable format
- Object: object to processing based on legitimate interests, including for direct marketing purposes
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact our Data Protection Officer at konrad@mvpr.io. We will respond within one month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
12. Security
MVPR is certified to ISO 27001:2022 and maintains a comprehensive information security management system. Our security measures include encryption at rest and in transit, multi-factor authentication, role-based access controls, network segmentation, and regular penetration testing and vulnerability assessments.
For more detail on our security posture and certifications, visit our Trust Centre at trust.mvpr.io.
13. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via our website or, where we hold your contact details and the change affects you, by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
14. Contact us
If you have questions about this policy or our data practices, contact:
Data Protection OfficerKonrad Fuger, CTO
Email: konrad@mvpr.io
MV Public Relations Ltd
83 Baker Street
London, W2 4AP
United Kingdom
