Effective Date: 1 March 2026
Last Updated: 1 March 2026

UK Digital Accountant Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, process and protect your personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

This policy applies to:

• Visitors to our website
• Prospective clients
• Clients
• Individuals submitting enquiries or booking consultations
• Individuals providing data through forms or payment platforms

1. Who we are (Data Controller)

UK Digital Accountant Ltd
34-38 Guildhall Road

Northampton

NN1 1EW

United Kingdom

Email: info@digital-accountant.co.uk

Phone: 01604 289 777

UK Digital Accountant Ltd is the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in relation to personal data collected through our website and in connection with our services.

1.1 Controller and Processor roles

In most circumstances, UK Digital Accountant Ltd acts as a data controller in relation to personal data collected directly from website visitors, prospective clients and clients.

However, where we process personal data strictly on behalf of our clients in the provision of accounting, bookkeeping, payroll or tax services (for example, processing employee payroll information), we act as a data processor.

In such cases, the client remains the data controller, and we process personal data only:

• In accordance with the client’s documented instructions and
• In compliance with applicable data protection legislation, including the UK GDPR and Data Protection Act 2018.

Where we act as a data processor, appropriate contractual arrangements are in place in accordance with Article 28 UK GDPR.

2. The personal data we collect

We may collect, use and process the following categories of personal data, depending on your relationship with us and the services provided.

2.1 Identity and contact data

This may include:

• Full name
• Email address
• Telephone number
• Postal address
• Business name
• Company registration number
• VAT registration number

Collected via:

• Website quote forms
• Contact forms
• Calendly bookings
• Email correspondence
• Telephone communications
• Payment platforms
• Client onboarding forms

2.2 Financial and tax data (clients only)

Where you engage us as a client, we may collect and process:

• Accounting and transactional records
• VAT information and returns
• Payroll data
• Self-assessment information
• Company accounts data
• Unique Taxpayer Reference (UTR) numbers
• National Insurance numbers
• Banking information
• Payment and invoicing records

2.3 Compliance and verification data

Where required by law, including under anti-money laundering (AML) and know your customer (KYC) regulations, we may collect:

• Proof of identity
• Proof of address
• Corporate ownership information
• Beneficial ownership details
• Sanctions and watchlist screening information

2.4 Technical and usage data

When you use our website, we may automatically collect:

• IP address
• Browser type and version
• Device information
• Website usage data
• Cookie identifiers

2.5 Data collected from third parties

In certain circumstances, we may receive personal data from third parties, including:

• HMRC
• Companies House
• Professional advisers
• Payroll software providers
• Accounting platforms
• Identity verification providers
• Credit reference or AML screening agencies
• We will only process such data where permitted by law and necessary for the provision of our services.

3. How we collect data

We collect personal data in the following ways:

3.1 Information you provide directly

We collect personal data when you:

• Complete a form on our website
• Request a quote
• Book a call or consultation (including via Calendly or similar platforms)
• Contact us by email, telephone or other electronic communication
• Make a payment for our services
• Provide information during client onboarding
• Engage us to provide accounting, tax, bookkeeping or payroll services

3.2 Information collected automatically

When you visit or interact with our website, we may automatically collect certain technical and usage data through cookies and similar technologies. This may include IP address, browser type, device information and website interaction data.

Further details are set out in our Cookies section.

3.3 Information received from third parties

In certain circumstances, we may receive personal data from third parties, including:

• HMRC
• Companies House
• Identity verification and AML screening providers
• Professional advisers (e.g., previous accountants for professional clearance)
• Accounting and payroll software providers
• Payment processing providers

We only collect such information where it is necessary for the provision of our services and permitted by applicable data protection legislation.

4. Lawful bases for processing

We process personal data only where we have a lawful basis to do so under Article 6 of the UK GDPR. The lawful basis relied upon will depend on the nature of the data and the circumstances in which it is collected.

4.1 Contractual necessity

We process personal data where it is necessary to:

• Enter into a contract with you; or
• Perform our contractual obligations in providing accounting, tax, bookkeeping, payroll or related services.

Without this information, we may be unable to provide our services.

4.2 Legal obligation

We process personal data where necessary to comply with our legal and regulatory obligations, including but not limited to:

• HMRC requirements
• Companies House obligations
• Anti-Money Laundering Regulations
• Proceeds of Crime legislation
• Accounting and professional regulatory standards

4.3 Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided that such interests do not override your fundamental rights and freedoms.

These interests may include:

• Business development and service improvement
• Internal administration and record-keeping
• Security and fraud prevention
• IT system management and data security
• Responding to enquiries and communications

We ensure that appropriate balancing assessments are carried out where required.

4.4 Consent

Where required by law, we rely on consent as our lawful basis, including for:

• Marketing communications
• Non-essential cookies

You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn.

5. Contact and communications

When you submit your details through:

• Quote forms
• Contact forms
• Calendly booking forms
• Payment processing platforms
• Client onboarding systems
• Email or telephone

You are voluntarily providing your contact information to us.

We may contact you via email, telephone, SMS or other electronic communication channels (including, where appropriate, messaging platforms such as WhatsApp, Microsoft Teams, Messenger or similar services) for purposes including:

• Responding to your enquiry
• Confirming bookings or consultations
• Providing information about requested services
• Processing payments
• Fulfilling compliance and regulatory requirements
• Providing service updates

These communications are necessary for the provision of our services and are not considered marketing communications.

Where communication takes place via third-party messaging platforms, those platforms may process your data in accordance with their own privacy policies. We recommend reviewing the relevant platform’s privacy notice for further information.

5.1 Marketing communications

Where required under the Privacy and Electronic Communications Regulations (PECR), we will only send marketing communications where:

• You have provided your consent, or
• The “soft opt-in” rules apply (where you are an existing client and have been given the opportunity to opt out at the time your details were collected).

You may opt out of receiving marketing communications at any time by:

• Using the unsubscribe link in our emails; or
• Contacting us directly.

Opting out of marketing communications will not affect service-related communications that are necessary for the provision of our services.

6. International data transfers

6.1 Use of third-party service providers

In order to operate our business and maintain our digital infrastructure, we engage carefully selected third-party service providers, contractors and technical support partners who may access or process personal data on our behalf.

Such providers may support functions including:

• Website development and maintenance
• Technical infrastructure management
• Automation systems
• Pricing and quotation tools
• Online forms and client onboarding systems
• IT and system support services
• Email hosting and secure business communication platforms
• Cloud-based collaboration and document sharing systems
• Video conferencing and virtual meeting platforms
• Customer relationship management (CRM) systems
• Marketing communication and email distribution platforms
• Secure file transfer and encrypted document exchange services
• Accounting software and bookkeeping platforms
• Payroll processing systems
• Tax compliance and filing software
• Practice management and client record systems
• Payment processing and invoicing platforms
• Financial reporting and analytics tools

All such third parties are required to process personal data only in accordance with our documented instructions and are subject to appropriate contractual, confidentiality and data protection obligations in line with UK data protection legislation.

6.2 Transfers outside the United Kingdom

In certain circumstances, personal data may be accessed, transferred to, or processed outside the United Kingdom. In particular, certain data processing activities are carried out by our authorised support team based in Pakistan. This team operates under our direct control and instruction and is subject to strict contractual confidentiality and data protection obligations.

Where this occurs, we ensure that appropriate safeguards are implemented in accordance with Chapter V of the UK GDPR and the Data Protection Act 2018.

Such safeguards may include, where applicable:

• The UK International Data Transfer Agreement (IDTA)
• The UK Addendum to the EU Standard Contractual Clauses (SCCs)
• Transfers to countries subject to a UK adequacy decision
• Other legally recognised transfer mechanisms

In addition, we implement appropriate technical and organisational security measures designed to protect personal data against unauthorised access, loss or misuse.

As a professional accountancy practice, we are committed to maintaining strict standards of confidentiality, integrity and data security consistent with our professional and ethical obligations.

We take reasonable steps to ensure that any third party processing personal data on our behalf provides sufficient guarantees to implement appropriate technical and organisational measures to protect such data.

7. Data sharing

We may share personal data where necessary and lawful to do so.

7.1 Service Providers and Processors

We may share personal data with carefully selected third-party service providers who process data on our behalf in connection with the operation of our business and delivery of our services. These may include:

• IT service providers
• Cloud storage providers
• Payment processors
• Software providers (including accounting, payroll and tax platforms)
• Customer relationship management (CRM) providers
• Secure file transfer and communication platforms
• Anti-Money Laundering and identity verification providers
• Professional advisers (including legal and compliance advisers)

All such third parties are required to process personal data only in accordance with our documented instructions and are subject to contractual data protection and confidentiality obligations in line with UK data protection legislation.

7.2 Regulatory and legal disclosures

We may disclose personal data where required to do so by law or regulatory obligation, including to:

• HM Revenue & Customs (HMRC)
• Companies House
• Law enforcement agencies
• Courts or regulatory bodies

We may also disclose personal data where necessary to establish, exercise or defend legal claims.

7.3 Business transfers

In the event of a merger, acquisition, restructuring or sale of all or part of our business, personal data may be disclosed to prospective purchasers or advisers, subject to appropriate confidentiality safeguards.

7.4 No sale of personal data

We do not sell personal data to third parties.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting or reporting requirements.

8.1 Client Accounting and Tax Records

For accounting and tax records, we typically retain data for a minimum of six years plus the current financial year, in line with HMRC requirements and professional regulatory obligations.

8.2 Anti-Money Laundering Records

In accordance with the Money Laundering Regulations 2017, identity verification and AML documentation are generally retained for five years after the end of the business relationship, unless a longer retention period is required by law.

8.3 Other Categories of Data

Retention periods may vary depending on the nature of the data and the purpose of processing. We may retain data for longer where necessary for:

• Compliance with legal obligations
• Dispute resolution
• Regulatory investigations
• Establishing, exercising or defending legal claims

When personal data is no longer required, we ensure it is securely deleted or destroyed in accordance with our internal data retention and information security policies.

9. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, in accordance with Article 32 of the UK GDPR.

These measures include, where appropriate:

• Secure cloud-based systems
• Encrypted connections (SSL/TLS)
• Access controls
• Role-based permissions
• Confidentiality agreements
• Secure password protocols
• Regular system monitoring and updates

Access to personal data is limited to authorised personnel who require access for legitimate business purposes and who are subject to confidentiality obligations.

However, no method of electronic transmission or storage is entirely secure, and while we take reasonable steps to protect personal data, we cannot guarantee absolute security.

Where required under applicable data protection legislation, we conduct Data Protection Impact Assessments (DPIAs) in relation to higher-risk processing activities to assess and mitigate potential risks to individuals’ rights and freedoms.

10. Your rights under UK GDPR

10.1 Your rights

Under the UK GDPR, you have the right to:

• Be informed about how your personal data is used
• Access your personal data
• Rectify inaccurate or incomplete personal data
• Request erasure of your personal data (where legally permitted)
• Restrict processing of your personal data
• Object to processing
• Data portability (in relation to data processed by automated means)
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the Information Commissioner’s Office (ICO)

You may exercise these rights by contacting us using the contact details provided in this Privacy Policy.

10.2 Response timeframe

We will respond to any valid data subject request without undue delay and, in any event, within one month of receipt.

Where a request is complex or numerous, we may extend the response period by up to a further two months where permitted by law. If an extension is required, we will inform you within one month of receiving your request and explain the reasons for the delay.

To protect personal data, we may request proof of identity before processing a request to ensure that personal data is not disclosed to unauthorised individuals.

10.3 ICO complaint information

We encourage you to contact us first so that we can attempt to resolve your concern directly.

If you are unhappy with how we have handled your personal data or believe we have not complied with data protection legislation, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk

11. Automated decision-making

We do not carry out decision-making based solely on automated processing, including profiling, that produces legal effects or similarly significant effects for individuals.

Where automated tools or systems are used as part of our internal processes, any decisions that may affect individuals are subject to appropriate human oversight.

12. Children

Our services are not directed to individuals under the age of 16, and we do not knowingly collect or process personal data relating to children.

If we become aware that personal data relating to a child under the age of 16 has been collected without appropriate consent, we will take reasonable steps to delete such information as soon as practicable.

Our services are intended for business owners, company directors and individuals seeking professional accounting and tax services.

13. Updates to this Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in applicable laws or regulations
• Regulatory guidance or industry standards
• Changes to our services, systems or data processing activities

Any updates will be published on our website, and the “Last Updated” date at the top of this policy will be revised accordingly.

We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use and protect personal data.

Your continued use of our website or services after any updates to this Policy will constitute your acknowledgement of those changes.

14. Contact us

If you have any questions about this Privacy Policy, our data protection practices, or wish to exercise any of your rights relating to your personal data, please contact us:

UK Digital Accountant Ltd
34-38 Guildhall Rd, Northampton, NN1 1EW, United Kingdom

Email: info@digital-accountant.co.uk

Telephone: 01604 289 777