Privacy Policy

Information provided directly

We may collect:

• name and contact details;
• business, company, partnership, sole trader, landlord or personal tax information;
• details relevant to your enquiry, engagement or instructions;
• information required for onboarding, Anti-Money Laundering (AML) checks, Know Your Client (KYC) checks and client due diligence;
• documents you supply, including identity documents, proof of address, tax records, accounting records, payroll records, company records, bank records and correspondence;
• payment, billing and engagement information; and
• communications with us by email, telephone, video call, online form, post or other channels.

Information collected automatically

We use privacy-friendly website analytics to understand general website usage and improve the website. We do not currently use analytics cookies or advertising tracking cookies. The website may use essential cookies or browser storage where necessary for security, forms, administration, accessibility preferences or core website functionality.

Sources of personal data

We may receive personal data directly from you, from your business, from HMRC, Companies House, previous accountants, banks, payroll providers, bookkeeping software providers, identity verification providers, professional advisers, public registers, publicly available sources, or other third parties you authorise or ask us to deal with.

We process personal data for the following purposes:

• responding to general enquiries;
• providing accountancy, tax, bookkeeping, payroll, company secretarial, compliance and advisory services;
• preparing and submitting returns, accounts, forms, claims, elections, applications or correspondence;
• communicating with HMRC, Companies House, ACCA, previous accountants, professional advisers and other relevant bodies where necessary;
• requesting or responding to professional clearance and handover information when you appoint us or leave our services;
• performing statutory duties and professional obligations;
• conducting AML, KYC, Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) checks;
• maintaining regulatory, compliance, risk management and quality control records;
• managing, administering and improving our practice;
• issuing engagement letters, invoices, reminders and service communications;
• protecting our legal position and dealing with complaints, disputes or potential claims; and
• sending newsletters or updates where you have requested them or where the law allows us to do so.

We do not sell personal data. We do not share personal data for third-party marketing.

We process personal data under one or more of the following lawful bases:

• Contract: to take steps before entering into an engagement with you, to provide requested services, or to perform our contract with you.
• Legal obligation: to comply with tax law, company law, HMRC requirements, statutory record-keeping duties, AML Regulations, professional obligations, and ACCA supervisory or monitoring requirements.
• Legitimate interests: to operate and manage our practice, respond to enquiries, maintain appropriate business records, protect our legal position, improve our services, communicate with clients and prospective clients, prevent fraud, and ensure the security and resilience of our systems, provided these interests are not overridden by your rights and freedoms.
• Consent: where we specifically ask for your consent, for example for optional newsletters, certain marketing communications, or optional uses of information.

Where consent is relied upon, you may withdraw it at any time. Withdrawal of consent will not affect processing that took place before consent was withdrawn.

We may occasionally process special category data or criminal offence data where this is necessary for legal, regulatory, tax, payroll, AML, professional or advisory purposes. This may include, for example, information relevant to payroll, benefits, tax claims, employment records, identity checks, source of funds checks, legal claims or regulatory compliance.

Where we process this type of information, we rely on an appropriate UK GDPR Article 9 condition or Data Protection Act 2018 condition, such as employment law obligations, legal claims, substantial public interest, preventing or detecting unlawful acts, or compliance with legal and regulatory obligations.

As an ACCA-regulated firm, and as a relevant person under UK AML requirements, we are required to:

• conduct CDD and, where required, EDD, including verification of identity and beneficial ownership;
• understand the nature and purpose of client relationships and, where relevant, the source of funds or source of wealth;
• retain AML-relevant data and records for at least five years after the end of the business relationship, unless another lawful reason requires or permits longer retention;
• permit ACCA and relevant regulators or authorities to access certain information for monitoring, quality assurance, investigation, supervisory or disciplinary purposes; and
• maintain appropriate working papers and evidence supporting the services delivered.

These obligations may override certain data deletion or restriction requests where the law requires us to retain or disclose information.

We may share personal data with:

• HMRC, Companies House, law-enforcement agencies, government bodies, courts or tribunals where required or appropriate;
• ACCA and other relevant professional or regulatory bodies for monitoring, supervision, quality assurance, investigation or disciplinary purposes;
• previous or successor accountants and professional advisers for professional clearance, handover or continuity of service;
• IT hosting providers, cloud storage providers, email providers, secure client communication tools, document management systems and backup providers;
• identity verification, AML screening and electronic signature providers;
• bookkeeping, accounting, payroll, tax, company secretarial and practice management software providers;
• payment processors, banks and finance providers where relevant;
• professional advisers, insurers, legal advisers, compliance advisers and technical consultants; and
• subcontractors or consultants engaged to support service delivery, under appropriate confidentiality and data protection obligations.

We require third parties who process personal data for us to use appropriate data protection safeguards and to process personal data only in accordance with our instructions or other lawful authority.

Some technology providers or professional service providers may store or process data outside the UK or EEA. Where this occurs, transfers will only take place where:

• the destination has an adequacy decision;
• appropriate safeguards, such as Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum, are in place; or
• another lawful transfer mechanism applies.

We do not intentionally transfer data internationally unless required by the tools, providers, clients or engagement arrangements involved.

We use appropriate technical and organisational measures to protect personal data, including access controls, strong authentication, secure storage, secure transmission methods where appropriate, backups, confidentiality obligations and procedures for managing suspected data incidents.

Only authorised individuals have access to client information where this is necessary for their role or the services being provided.

Data is retained for the minimum period necessary to fulfil legal, regulatory, professional, contractual and legitimate business obligations.

Typical retention periods include AML and due diligence records for at least 5 years after the end of the business relationship, and accounting, tax and engagement records normally for at least 6 years, unless a longer period is required by law, regulation, HMRC enquiry, professional obligations, insurance requirements or our legal position.

When data is no longer required, it is securely deleted, destroyed or anonymised.

Under UK GDPR, you have rights to access your personal data, request correction, request deletion subject to retention requirements, request restriction, object to certain processing, obtain a portable copy in certain circumstances and withdraw consent where processing is based on consent.

To exercise any right, please contact us using the data rights email shown on this page. We may need to verify your identity before responding.

If you have concerns about how your data is handled, please contact us first so that we can try to resolve the matter.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, at ico.org.uk or by calling 0303 123 1113.

You can also contact the Association of Chartered Certified Accountants (ACCA), Professional Conduct Department, The Adelphi, 1-11 John Adam Street, London WC2N 6AU. Phone: +44 (0)20 7059 5000. Website: accaglobal.com/complaints.

We may update this policy from time to time. The latest version will always be available on this page. Material changes may be highlighted on our website or communicated to affected clients where appropriate.