Privacy Policy

Privacy Policy

  1. Introduction

This Privacy Policy explains how we collect, use, store, and protect personal data. We are committed to safeguarding the privacy of our clients, prospective clients, suppliers, and website users, and to complying with applicable UK data protection legislation.

We act as a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR).

  1. Who We Are

We are a UK-based accounting firm providing professional accountancy, tax, and advisory services.
For any questions regarding this policy or your personal data, you can contact us at:
Email: hello@accrio.co.uk

  1. The Personal Data We Collect

We may collect and process the following categories of personal data:

Identity data (name, date of birth, NI number, UTR, company details)

Contact data (email address, telephone number, postal address)

Financial data (bank details, income records, expense records, tax information)

Technical data (IP address, browser type, device information)

Communications data (emails, messages, call notes)

Compliance data (AML checks, ID verification documents)

This data may relate to you personally or, where relevant, to your business.

  1. How We Collect Your Data

We collect personal data through:

Direct contact with you (email, phone, forms, onboarding questionnaires)

Documents you provide as part of our services

Third parties (HMRC, Companies House, banks, AML providers)

Our website and IT systems

  1. How We Use Your Data

We use personal data to:

Provide accountancy, tax, payroll, and advisory services

Meet legal and regulatory obligations (including AML and tax compliance)

Communicate with you regarding your affairs

Manage billing, payments, and client records

Improve our services and internal processes

We do not sell personal data. Full stop.

  1. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contractual necessity – to deliver agreed services

Legal obligation – to comply with UK law and regulatory requirements

Legitimate interests – to operate and manage our business effectively

Consent – where explicitly required (e.g. marketing communications)

  1. Data Sharing

We may share personal data with:

HMRC, Companies House, and other regulatory bodies

Software providers (accounting, document management, cloud storage)

Professional advisers (insurers, legal advisers)

AML and identity verification providers

All third parties are required to process data securely and lawfully.

  1. International Transfers

Where data is processed outside the UK, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses.

  1. Data Security

We use appropriate technical and organisational measures to protect personal data, including:

Secure cloud-based systems

Access controls and authentication

Encryption where appropriate

Staff confidentiality obligations

Risk is managed, not ignored.

  1. Data Retention

We retain personal data only for as long as necessary. In most cases, client records are retained for at least six years to meet legal, tax, and professional obligations.

  1. Your Rights

Under UK GDPR, you have the right to:

Access your personal data

Request correction of inaccurate data

Request erasure (where legally permissible)

Restrict or object to processing

Data portability

Withdraw consent at any time

Requests should be made in writing. We respond within statutory timeframes.

  1. Complaints

If you are unhappy with how your data is handled, you may raise a complaint with us directly. You also have the right to complain to the Information Commissioner’s Office (ICO).

  1. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on request or via our website.