Privacy Policy
1. Information We Collect
We collect personal information necessary to provide tax consultancy services, including names, contact details, financial information, and tax-related documents. This information includes your National Insurance number, employment details, income sources, bank account information, and details of assets and liabilities.
We also collect information about your business activities if you are self-employed or operate a company. This includes business registration details, VAT numbers, employee information, and financial records. All information collected is relevant to providing professional tax advisory services.
2. How We Use Your Information
Your information is used solely for providing tax advisory services, maintaining client records, and communicating with HMRC on your behalf when authorized. We use your personal data to prepare tax returns, calculate tax liabilities, identify tax planning opportunities, and ensure compliance with UK tax legislation.
We may use your contact information to send you updates about tax legislation changes that affect your circumstances. We do not use your information for marketing purposes unless you have explicitly consented to receive such communications.
3. Data Protection
We comply with UK GDPR and Data Protection Act 2018. All personal data is processed lawfully, fairly, and transparently. We have implemented appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.
Our lawful basis for processing your personal data is typically the performance of a contract (our professional services agreement) or legitimate interests (providing professional tax advisory services). For sensitive personal data, we rely on explicit consent or legal obligations.
4. Data Storage and Security
Client data is stored securely using encrypted systems and access is restricted to authorized personnel only. We maintain appropriate technical and organizational measures including firewalls, encryption, access controls, and regular security audits. Our systems are updated regularly to address emerging security threats.
Physical records are stored in locked filing cabinets within secure premises. Access to client files is logged and monitored. We use secure cloud storage providers who comply with UK data protection standards and have appropriate security certifications.
5. Data Sharing
We do not share client information with third parties except when required by law or when you have provided explicit consent. We may share information with HMRC when authorized by you or required by law. We may also share information with other professional advisors (such as solicitors or accountants) when instructed by you.
We use carefully selected third-party service providers for specific purposes such as secure document storage, software services, and professional indemnity insurance. These providers are bound by data processing agreements and are required to maintain the same security standards we apply.
6. Your Rights
You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You can request a copy of the personal data we hold about you and ask us to correct any inaccuracies. In certain circumstances, you can ask us to delete your personal data.
You have the right to withdraw consent where we rely on consent as the lawful basis for processing. However, this will not affect the lawfulness of processing before consent was withdrawn. You also have the right to complain to the Information Commissioner's Office if you believe we have not handled your data properly.
7. Retention Period
We retain client records for the period required by professional regulations and tax law, typically seven years after the end of our professional relationship. Some records may be retained for longer periods where required by law or for the establishment, exercise, or defence of legal claims.
Tax returns and supporting documentation are retained for at least six years after the end of the relevant tax year. Corporate client records may be retained for longer periods as required by company law and tax legislation. Personal data is securely destroyed when no longer required.
8. International Transfers
We do not routinely transfer personal data outside the UK. Where international transfers are necessary, we ensure appropriate safeguards are in place such as adequacy decisions, standard contractual clauses, or binding corporate rules. Any transfers comply with UK GDPR requirements.
Some of our cloud service providers may store data in EU countries with adequacy decisions. We ensure all such providers maintain appropriate security standards and comply with data protection requirements.
9. Cookies and Website Data
Our website uses essential cookies for functionality. You can control cookie settings through your browser preferences. We do not use tracking cookies or analytics tools that collect personal information. Our cookie banner allows you to accept or decline non-essential cookies.
We may collect website usage statistics in anonymized form to improve our services. This information cannot be used to identify individual users and is used solely for website improvement purposes.
10. Data Breach Procedures
In the event of a data breach affecting personal data, we will assess the risk and notify the Information Commissioner's Office within 72 hours where required. If the breach poses a high risk to individuals, we will also notify affected clients without undue delay.
We have procedures in place to detect, investigate, and respond to data breaches. Our incident response plan includes steps to contain the breach, assess the impact, and implement measures to prevent similar incidents.
11. Contact Us
For privacy-related inquiries, contact our data protection officer at info@domain.com or call +44 2853 192509. You can also write to us at 1784 Mill Lane, Bristol W1A 1AA, England. We aim to respond to all privacy requests within one month.