Privacy Notice
Accountants Direct (Essex) Ltd trading as Accountants Direct
Version: V2
Effective date: 26/06/2026
This privacy notice explains how Accountants Direct (Essex) Ltd trading as Accountants Direct collects, uses, stores, shares and protects personal data.
It applies to clients, prospective clients, directors, shareholders, partners, LLP members, employees, workers, subcontractors, landlords, tenants, bookkeepers, authorised contacts, suppliers, professional contacts, and other individuals whose personal data we process in connection with our services.
This privacy notice should be read together with our Standard Terms of Service, your Service Agreement, any applicable service-specific appendix, and any other privacy information or service-specific notice we provide to you.
We may update this privacy notice from time to time. Where we make material changes, we will notify you in writing, make the updated notice available on our website, or otherwise bring it to your attention.
1. Who we are
Accountants Direct (Essex) Ltd trading as Accountants Direct is a company registered in England and Wales.
Our contact details are:
- Accountants Direct, Chalice House, Bromley Road, Elmstead, Colchester, Essex, CO7 7BY
- Telephone: 01206 863 500
- Email: info@accountantsdirect.com
- Website: www.accountantsdirect.com
For privacy or data protection queries, please contact The Data Protection Contact by email at info@accountantsdirect.com using the subject line: Data Protection Query.
2. Our role under data protection law
For most client services, we act as a data controller. This means we decide why and how personal data is processed for the purpose of providing accountancy, tax, payroll, VAT, CIS, bookkeeping, company compliance, advisory, communication, administration, fee, regulatory and related services.
In some situations, we may act as a data processor on behalf of a client who is the data controller. This may apply, for example, where we process payroll, CIS, P11D, auto-enrolment, pension or employer compliance information on behalf of an employer client.
Where we act as a data processor, we will process the relevant personal data in accordance with our agreement with the client, our Standard Terms of Service, applicable data protection law, and the agreed scope of work.
3. Personal data we may collect
The personal data we process will depend on the services we provide and the information supplied to us. It may include the following categories.
Identity information
Names, previous names, titles, dates of birth, National Insurance numbers, Unique Taxpayer References, company numbers, VAT numbers, PAYE references, CIS references, pension references, identity documents, proof of address, anti-money laundering information, beneficial ownership details and verification information.
Contact information
Home addresses, business addresses, trading addresses, registered office addresses, email addresses, telephone numbers, SMS numbers, emergency contact details, authorised contact details and communication preferences.
Financial and tax information
Income, expenses, bank details, bank statements, credit card statements, loan details, mortgage details, tax returns, tax calculations, payslips, P60s, P45s, P11Ds, dividend vouchers, interest certificates, pension details, investment information, capital gains information, rental income, property expenses, CIS deductions, VAT records, bookkeeping records, accounts records, tax payment information, tax repayment information and HMRC correspondence.
Business information
Business activity, turnover, transaction volume, customers, suppliers, directors, shareholders, partners, LLP members, staff, subcontractors, business assets, property details, business records, contracts, invoices, receipts, bank feeds, payment provider records, till reports, online marketplace reports, software records and record-keeping information.
Payroll, CIS, P11D and employment-related information
Employee names, addresses, dates of birth, National Insurance numbers, UTRs, payroll identifiers, tax codes, pay details, bank details, pension details, employment details, benefits information, deduction information, sickness information, statutory payment information, maternity, paternity, adoption, shared parental leave, parental bereavement leave, student loan information, attachment of earnings information, subcontractor verification details, CIS deduction details and other employer compliance information.
Special category data
In limited circumstances, we may process special category data such as health information, sickness information, disability information, maternity information, trade union deduction information, or other sensitive information where this is necessary for payroll, statutory payments, employer compliance, tax compliance, legal claims, professional obligations or another lawful purpose.
Criminal offence or regulatory information
In limited circumstances, we may process criminal offence, sanctions, fraud prevention, regulatory, anti-money laundering, source of funds, source of wealth, insolvency, disqualification, HMRC enquiry, tax investigation, penalty, compliance or related information where this is necessary for anti-money laundering checks, professional obligations, risk assessment, legal claims, regulatory compliance or services we have agreed to provide.
Digital and communication information
Emails, letters, call notes, SMS messages, meeting notes, file notes, online form submissions, approval forms, Google forms, shared folder contents, uploaded files, CRM records, job management records, portal activity, document metadata, software exports, audit trails and other communication records.
Payment and fee information
Bank details, Direct Debit details, payment provider information, card payment information, invoices, statements, payment history, failed payment information, debt recovery records, personal guarantee information and correspondence about fees.
Website and technical information
Where you use our website or digital systems, we may process technical information such as IP address, device information, browser information, pages visited, cookies, analytics data and interaction data. Any cookie-specific information may be provided separately through our website or cookie notice.
4. How we collect personal data
We may collect personal data from:
- You directly;
- Your directors, shareholders, partners, LLP members, employees, workers, subcontractors, bookkeeper, spouse, civil partner, family member, authorised contact or representative;
- HMRC;
- Companies House;
- The Pensions Regulator;
- Pension providers;
- Previous accountants or professional advisers;
- Current professional advisers;
- Solicitors, barristers, tax advisers, insurers, lenders, finance providers or other third parties you ask or permit us to deal with;
- Banks, financial institutions, payment providers, merchant service providers and online marketplaces;
- Bookkeeping, payroll, tax, VAT, CIS, record-keeping or other software providers;
- Anti-money laundering and identity verification providers;
- Credit reference, sanctions screening, fraud prevention or risk information providers;
- Public registers, public websites, Companies House records, HMRC records and other publicly available sources;
- Professional bodies, regulators, quality reviewers, insurers and compliance reviewers;
- Courts, tribunals, law enforcement agencies or public authorities where relevant.
5. Why we use personal data and our lawful bases
We only process personal data where we have a lawful basis to do so under applicable data protection law. The table below explains the main purposes for which we use personal data and the lawful bases we normally rely on.
| Purpose or activity | Types of data | Lawful basis |
|---|---|---|
| Providing accountancy, tax, VAT, payroll, CIS, bookkeeping, company compliance, advisory and related services | Identity, contact, financial, tax, business, payroll, correspondence and records information | Performance of a contract; legitimate interests; legal obligation |
| Setting up and managing our engagement with you | Identity, contact, Service Agreement, approval, correspondence, fee and administration information | Performance of a contract; legitimate interests |
| Preparing and submitting tax returns, accounts, VAT returns, payroll filings, CIS returns, Companies House filings, MTD updates and other compliance submissions | Identity, contact, tax, financial, payroll, business, software and record information | Performance of a contract; legal obligation; legitimate interests |
| Communicating with HMRC, Companies House, The Pensions Regulator, pension providers, insurers, software providers, professional advisers and other third parties relevant to the services | Identity, contact, tax, financial, payroll, business, correspondence and supporting records | Performance of a contract; legal obligation; legitimate interests |
| Managing payroll, CIS, P11D, statutory payment, pension and employer compliance services | Employee, worker, director, subcontractor, payroll, pension, statutory payment, sickness and employment-related information | Performance of a contract; legal obligation; legitimate interests; special category conditions where relevant |
| Carrying out anti-money laundering, identity verification, sanctions, source of funds, source of wealth and risk checks | Identity, contact, ownership, financial, source of funds, source of wealth, sanctions and risk information | Legal obligation; legitimate interests; substantial public interest where relevant |
| Managing Tax Fee Protection Service, tax enquiry support, insurance notifications, claims and related administration | Identity, contact, tax, HMRC, insurance, enquiry, correspondence and fee information | Performance of a contract; legitimate interests; legal obligation |
| Managing fees, invoices, Direct Debit collections, failed payments, credit control, debt recovery and personal guarantees | Identity, contact, payment, invoice, bank, guarantee and debt information | Performance of a contract; legitimate interests; legal obligation |
| Maintaining our records, file notes, approvals, audit trails, working papers and evidence | Identity, contact, tax, financial, correspondence, approval and file information | Legal obligation; legitimate interests |
| Responding to complaints, disputes, professional enquiries, regulatory reviews, insurance matters or legal claims | Identity, contact, service, correspondence, complaint, insurance, legal and file information | Legitimate interests; legal obligation; establishment, exercise or defence of legal claims |
| Quality control, file reviews, practice assurance, training, supervision, internal compliance and professional monitoring | Client files, correspondence, working papers, approvals, service records and compliance records | Legitimate interests; legal obligation |
| Sending service updates, deadline reminders, regulatory updates, fee updates, process updates and engagement communications | Identity, contact, service and correspondence information | Performance of a contract; legitimate interests |
| Sending marketing communications about other services | Identity and contact information | Consent where required; legitimate interests where permitted by law |
| Using CRM systems, job management systems, email templates, automated reminders, Google forms, online approvals, shared folders, client portals, record-keeping tools and other workflow systems | Identity, contact, service, tax, financial, file, approval, upload and workflow information | Performance of a contract; legitimate interests; legal obligation where relevant |
| Website operation, analytics, security and enquiry handling | Contact, technical, website, enquiry and communication information | Legitimate interests; consent where required for non-essential cookies |
6. Legitimate interests
Where we rely on legitimate interests, our legitimate interests may include:
- Providing, managing and improving our services;
- Managing our client relationships and internal administration;
- Operating a structured compliance service;
- Maintaining accurate records and evidence of instructions, approvals and communications;
- Managing workflow, deadlines, reminders and client communications;
- Protecting our business, clients, staff, systems and records;
- Preventing fraud, managing risk and maintaining professional standards;
- Recovering fees and enforcing contractual rights;
- Defending complaints, disputes, professional claims or legal proceedings;
- Carrying out quality control, file reviews, supervision and training;
- Complying with professional standards and maintaining appropriate business records;
- Informing clients about service updates, regulatory changes and relevant services.
We will not rely on legitimate interests where our interests are overridden by your rights, freedoms or interests.
7. Special category data
Special category data includes information about health, disability, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, sex life or sexual orientation.
We will only process special category data where it is necessary and where we have a lawful basis and an additional condition under data protection law.
This may include processing information:
- For payroll, statutory sick pay, statutory maternity pay, statutory paternity pay, statutory adoption pay, shared parental pay, parental bereavement pay, pension or employer compliance purposes;
- To establish, exercise or defend legal claims;
- To comply with legal, regulatory or professional obligations;
- For substantial public interest reasons where permitted by law;
- With your explicit consent where consent is appropriate and required.
You should not send us unnecessary special category data, medical information or sensitive information unless it is reasonably required for the service we have agreed to provide.
8. Criminal offence, sanctions and regulatory information
We may process criminal offence, sanctions, fraud, regulatory, tax investigation or similar information where this is necessary for anti-money laundering checks, risk assessment, professional obligations, legal claims, regulatory compliance or services we have agreed to provide.
We will only process this type of information where we have a lawful basis and where processing is permitted by applicable data protection law.
9. Personal data about other people
You must ensure that you have authority to provide personal data to us about other people, including directors, shareholders, partners, LLP members, employees, workers, subcontractors, spouses, civil partners, family members, clients, suppliers, tenants, landlords, bookkeepers and authorised contacts.
Where required, you must ensure that those individuals are provided with appropriate privacy information explaining that their personal data may be provided to us and processed by us for the purposes set out in this notice.
You must ensure that personal data provided to us is accurate, complete and up to date.
10. Who we may share personal data with
We may share personal data with the following categories of recipients where necessary for the services, legal obligations, professional obligations, business administration, risk management or other purposes set out in this notice:
- HMRC;
- Companies House;
- The Pensions Regulator;
- Pension providers;
- Banks, payment providers, merchant service providers and Direct Debit providers;
- Bookkeeping, payroll, tax, VAT, CIS, MTD, CRM, job management, cloud storage, email, document management and other software providers;
- IT support providers, cloud service providers, hosting providers, cyber security providers and data backup providers;
- Anti-money laundering, identity verification, sanctions screening and fraud prevention providers;
- Professional indemnity insurers, tax fee protection providers, legal expenses insurers and insurance brokers;
- Professional bodies, AML supervisors, regulatory bodies, quality reviewers, practice assurance reviewers and external compliance reviewers;
- Subcontractors, consultants, outsourced service providers and specialist advisers engaged by us;
- Solicitors, barristers, tax specialists, payroll specialists, HR advisers, pension advisers, insolvency practitioners, financial advisers or other professional advisers where agreed or required;
- Previous accountants, new accountants or other advisers where authorised or required;
- Courts, tribunals, law enforcement agencies, the National Crime Agency, the Information Commissioner’s Office and other public authorities;
- Debt recovery agents, tracing agents, credit control providers, legal advisers and enforcement agents where fees remain unpaid;
- Any third party with whom you ask or permit us to correspond;
- An alternate or continuity of practice provider appointed by us where required to protect continuity of service in the event of incapacity, death, long-term absence or cessation of practice.
We do not sell personal data.
11. Subcontractors, consultants and service providers
We may use staff, consultants, subcontractors, outsourced service providers, software providers, cloud service providers, IT support providers and specialist advisers to support the services we provide.
Where third parties process personal data on our behalf, we will take reasonable steps to ensure that appropriate confidentiality, security and data protection arrangements are in place.
12. International transfers
Some software providers, cloud service providers, subcontractors, consultants or outsourced service providers may process, store or access personal data outside the United Kingdom.
Where personal data is transferred outside the United Kingdom, we will take reasonable steps to ensure that appropriate safeguards are in place as required by applicable data protection law.
This may include:
- Transfers to countries covered by UK adequacy regulations;
- International data transfer agreements;
- The UK Addendum to the EU Standard Contractual Clauses;
- Contractual, organisational and technical safeguards;
- Other transfer mechanisms or exceptions permitted by applicable data protection law.
You may contact us if you would like further information about the safeguards used for international transfers.
13. How long we keep personal data
We will retain personal data for as long as reasonably necessary for the purposes for which it is processed, including for service delivery, legal, tax, regulatory, professional, insurance, quality control, complaint, limitation, business administration and record-keeping purposes.
Our normal retention period for client files, working papers, correspondence, approvals, service records, tax records, accounts records, payroll records, VAT records, CIS records, bookkeeping records and related engagement records is seven years, unless a longer period is required or considered appropriate.
Examples of retention periods include:
Client files and compliance records
Normally seven years from the end of the relevant tax year, accounting period, filing period, service period, or from the end of our engagement, depending on the type of record.
Anti-money laundering records
Normally at least five years from the end of the business relationship or relevant transaction, and longer where we are required or permitted to retain records for legal, regulatory, professional, insurance, limitation or legal claims purposes.
Payroll, CIS, P11D and employer compliance records
Normally seven years, unless a longer period is required or appropriate.
Permanent tax information
Information that may be relevant to future tax compliance, such as capital gains base costs, historic claims, elections, losses, asset acquisition information, property information and similar records, may be retained for as long as we continue to act and for a reasonable period afterwards.
Complaint, dispute, insurance and legal claim records
Normally seven years from the conclusion of the matter, and longer where required or appropriate.
Prospective client information
Where you enquire about our services but do not become a client, we may retain enquiry records for up to two years, unless we have a lawful reason to retain them for longer.
Marketing information
Marketing preferences may be retained until you unsubscribe, withdraw consent or ask us to stop contacting you, and for a reasonable period afterwards to maintain suppression records.
Website and technical records
Website, analytics, security and technical records may be retained for shorter periods depending on the system used and the reason for collection.
We may retain records for longer where necessary to comply with legal or regulatory obligations, professional obligations, insurance requirements, quality review requirements, court orders, HMRC requirements, ongoing disputes, complaints, investigations, tax enquiries, debt recovery or legal claims.
14. Security
We take reasonable technical and organisational steps to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction.
These steps may include access controls, password protection, user permissions, secure systems, staff training, internal procedures, backups, antivirus protection, email security measures, confidentiality obligations, supplier due diligence and restricted access to client files.
No method of electronic communication, email, internet transfer, cloud storage or online submission is completely risk-free. You should take care when sending information to us and should follow any secure upload or submission process we request.
15. Email, online forms, shared folders and digital systems
We may ask you to provide records or information using email, online forms, Google forms, shared folders, cloud storage, client portals, upload links, electronic approval forms, spreadsheets, record-keeping tools or other electronic systems.
You are responsible for ensuring that information submitted to us is complete, accurate, relevant, clearly labelled and uploaded to the correct location.
You should not send us unnecessary personal data, special category data or sensitive information unless it is reasonably required for the service we have agreed to provide.
16. Automated decision-making
We do not normally make decisions about you based solely on automated processing that produce legal or similarly significant effects.
We may use software tools, automated reminders, workflow systems, risk checks, identity verification tools, AML screening tools and tax or bookkeeping software to assist our work. These tools support our processes but do not usually replace human review where a decision has legal or significant effects.
17. Marketing and service communications
We may contact you about service updates, deadline reminders, regulatory changes, fee changes, process changes, terms updates, engagement matters and services connected with our engagement with you.
We may also contact you about other services that may be relevant to you where permitted by law. Where consent is required for marketing, we will seek consent.
You may ask us to stop sending marketing communications at any time. We may still need to send service, contractual, regulatory, fee, deadline or compliance communications even where you opt out of marketing.
18. Your rights
Depending on the circumstances and the lawful basis for processing, you may have the following rights:
- The right to be informed about how your personal data is used;
- The right to access personal data we hold about you;
- The right to have inaccurate personal data corrected;
- The right to have incomplete personal data completed;
- The right to have personal data erased in certain circumstances;
- The right to restrict processing in certain circumstances;
- The right to object to processing in certain circumstances;
- The right to data portability in certain circumstances;
- The right not to be subject to certain decisions based solely on automated processing;
- The right to withdraw consent where we rely on consent.
These rights are not absolute. We may need to retain or continue processing personal data where required or permitted by law, regulation, professional obligations, tax obligations, anti-money laundering obligations, insurance requirements, legal claims, contractual obligations or other legitimate reasons.
19. Right to object
You have the right to object to processing where we rely on legitimate interests as our lawful basis, unless we have compelling legitimate grounds to continue processing or the processing is required for the establishment, exercise or defence of legal claims.
You also have the right to object to direct marketing at any time.
20. Subject access requests
You have the right to request access to personal data that we hold about you.
You may make a subject access request verbally or in writing. To help us identify and deal with your request efficiently, we ask that requests are made in writing where possible and sent to: The Data Protection Contact, Accountants Direct, Chalice House, Bromley Road, Elmstead, Colchester, Essex, CO7 7BY.
Email: info@accountantsdirect.com
Subject line: Subject Access Request
To help us deal with your request, please provide enough information to allow us to verify your identity and locate the relevant data. We may ask for additional identity information before responding.
We will normally respond within one month of receiving a valid request. In complex cases, or where you make multiple requests, the response period may be extended where permitted by law.
21. Requests relating to employee, payroll or third-party data
Where we process payroll or employer compliance data on behalf of a client, the client may be the data controller and we may be acting as processor. In that case, requests from employees, workers, directors or subcontractors may need to be referred to the employer client.
Where we receive a request relating to personal data processed on behalf of a client, we will deal with the request in accordance with applicable data protection law and our agreement with the client.
22. Accuracy of information
You must ensure that personal data provided to us is accurate, complete and up to date.
You should tell us promptly if your name, address, email address, telephone number, bank details, authorised contacts, tax details, payroll details, business details or other relevant information changes.
23. If you do not provide personal data
Where we need personal data to provide services, manage our engagement, comply with legal obligations, complete anti-money laundering checks, submit filings, communicate with HMRC, process payroll, prepare tax returns, manage fees or comply with professional obligations, failure to provide the required information may mean that we cannot act, cannot continue acting, cannot submit filings, or may need to restrict or terminate services.
24. Anti-money laundering and legal reporting obligations
We are required to comply with anti-money laundering legislation, proceeds of crime legislation and related professional obligations.
We may need to process and retain personal data for anti-money laundering checks, source of funds checks, source of wealth checks, risk assessments, sanctions checks and related compliance purposes.
In some circumstances, we may be required by law to make a report to the National Crime Agency, HMRC, a regulator, law enforcement agency or another authority. We may not be permitted to tell you that a report has been made or that certain steps have been taken.
25. Professional obligations, quality reviews and insurance
We may process and share personal data where necessary to comply with professional obligations, quality control requirements, practice assurance, file reviews, regulatory reviews, insurance requirements, professional indemnity requirements, tax fee protection arrangements, complaints, disciplinary matters, legal claims or other professional or regulatory requirements.
Reviewers may include our staff, consultants, subcontractors, professional advisers, insurers, professional bodies, AML supervisors, quality reviewers or external reviewers. Any reviewer will be subject to confidentiality obligations.
26. Tax Fee Protection Service and insurance
Where you take up or are offered Tax Fee Protection Service, Tax Enquiry Fee Protection Service, HMRC enquiry fee protection, tax investigation fee protection or similar services, we may process and share personal data with insurers, insurance brokers, tax fee protection providers, claims handlers, legal advisers, tax advisers, HMRC and other relevant parties.
This may include identity information, service information, fee information, tax records, HMRC correspondence, claim information, enquiry information, risk information and supporting documents.
27. Cookies and website use
Our website may use cookies or similar technologies to operate the website, improve user experience, understand website usage, maintain security and support enquiries.
Where required, non-essential cookies will only be used with your consent. Further information may be provided through our website cookie notice or cookie settings.
28. Complaints
Please contact us first if you have any concerns about how we handle your personal data. We will try to resolve your concern.
You also have the right to complain to the Information Commissioner’s Office, which is the UK supervisory authority for data protection matters.
29. Changes to this privacy notice
We may update this privacy notice from time to time to reflect changes in our services, systems, law, regulation, professional requirements, software, suppliers, working practices or data protection requirements.
The latest version will be made available on our website or provided to you on request.
30. Contact us
If you have any questions about this privacy notice, please contact:
Accountants Direct
Chalice House
Bromley Road
Elmstead
Colchester
Essex
CO7 7BY
Telephone: 01206 863 500
Email: info@accountantsdirect.com
Please mark data protection queries for the attention of the Data Protection Contact.
