We are committed to safeguarding the privacy of our clients. This section lets you know what happens to the personal data that you give us, or any other data that we collect from or about you.
This policy follows the General Data Protection Regulations that are effective from 25 May 2018.
Why we hold data
As chartered certified accountants governed by the ACCA, we need to hold data about our clients (as individuals and of their business):
- because we have a legal obligation under tax legislation & laws
- because we have a legal obligation under anti money laundering regulations
- in order for us to comply with our regulatory body (the ACCA)
- in order for us to provide the services that we’ve been engaged to do
- in order for us to submit information and forms to Companies House and / or HMRC
The data we hold
- Your name
- Your date of birth
- Your contact details (email, address, telephone number)
- Your NI number
- Your tax references & tax codes
- Any of the above data in relation to your employees
- Information relating to your employees in terms of payroll, such as rates of pay, etc
- Information relating to workplace pension schemes that we have either set up for you or have instigated their set up
- Your Companies House authorisation code
- Your driving licence, utility bill & passport, and results of Anti Money Laundering Due Diligence Checks
- Information needed to complete personal tax returns for you
- Information needed to complete any other work for you
- Business registration documents, accounts, business and personal tax returns / certificates filed with Companies House and / or HMRC
- Who your business banks with
- Your bank account number and sort code
- We have access to the data contained in your Xero subscription
- Details about any Xero Add-ons that you use in your business, as well as access to the data contained in this.
- All data is processed lawfully
- Data is collected only for the purposes of providing services to you & to meet your obligatory requirements
- Data is protected under our data security measures
Data is as accurate as it can be within our systems, and is based on what we have been told and / or know, therefore please let us know straight away of any changes by emailing us here
How we obtain data
- By you sending it to us
- By you making it available to us
- From Companies House
- From HMRC
- From third parties, such as previous accountants
- By undertaking Anti Money Laundering Due Diligence Checks
- From your own Xero subscription
Where data is held – we use the following third party services, accessed via Chrome:
How data is shared
- We only share data when we are legally obliged to, or to enable us to complete work for you.
- In order for us to complete some aspects of our services for you, we may need to work alongside our trusted referral partners (for financial planning, business advice, R&D tax credit claims, and, specialist tax advice). Where required & appropriate, we will share your name, your best contact details, and a very brief synopsis of the query, to enable them to contact you. Any other data will only be shared with them as requested by either you or them, once you are working with them. They will hold & store all data that they obtain during their work with you, and we will only hold copies of any of that data if either you or them share it with us, or we request it to enable us to provide services to you. Where appropriate or needed, they will complete their own AML Due Diligence Checks, and they have their own policies surrounding data protection which you should request & review.
- Data will be shared via an Accountant’s Reference Letter
- Personal data may need to be disclosed to law enforcement agencies, Companies House or HMRC – we will always check that any requests are legitimate & wholly necessary
- We are legally obliged to send returns & forms (that contain data) to Companies House (e.g., final accounts)
- We are legally obliged to send returns & forms (that contain data) to HMRC (e.g., tax returns)
- Access to your Xero data is controlled by the subscription holder (this will either be us or you), and the subscription holder can change or remove access to individuals as required and/or requested.
What we do with the data
- Undertake Anti Money Laundering Due Diligence Checks
- Provide services to you
- Submit returns to Companies House and HMRC
- Send client email newsletters about Xero, your business, as well as any other business related opportunities
Subject access requests
- You have the right to request what data we hold about you, and confirmation of how we are currently using this data
- We always confirm & verify the identity of the person making the request before sending anything
- We will reply within 1 month of the request being made
- Please email us here.
Our data security measures
- Taxcalc is held on a third party server, the equipment is password protected, the physical location of the server is protected, there are daily back-ups, the data is encrypted, and the server runs ESET file security to protect against malware or virus incursion. We access this server via remote desktop connection.
- Our devices are password protected
- Our devices are either locked, or taken with us, when we leave our workstation
- Our mobile phone settings mean that pop up notification contents are hidden whilst the device is locked
- Devices are logged with Google Admin, therefore can be accessed remotely
- We use two-step verification to access both Google and Xero
- If we are your Xero subscription holder, then we will only grant access or modify access permissions to users on your request
- When we request data from you, we do this via Xero Ask – and request that you only send data to us by replying & uploading documents as necessary (this is for security reasons, and also for simplicity)
- On occasions where data can only be given to us on paper or by any other portable media (as a pre-agreed arrangement), it will be kept in our lockable unit when we’re not working with it
- Any attachments that we receive via Gmail are saved to Google Apps / Xero / etc, as appropriate
Retention of data
- We keep data during the time that we are providing services to you, and in the time after we provide services, for as long as we are legally obliged to under tax legislation (in line with HMRC guidelines: 5 years after the submission deadline for which tax year that data relates to). For e.g., data relating the 2018 tax year, the submission deadline is 31 January 2019, so data is held until 31 January 2024, etc
- On occasions where data is given to us on paper or by any other portable media, this will be returned to you if agreed / appropriate / large; however if not, then it will be destroyed when we no longer need it or are obliged to keep it.
- In terms of your Xero data and any Xero Add-ons that you use, if you no longer want us to have access to this, then you can revoke our access (or if we can transfer access / ownership, then we will request that you accept that transfer). You can also revoke the access of anyone else who currently has access
The right to be forgotten
- We only keep data for as long as we are legally obliged to under tax legislation (and in line with HMRC guidelines)
- If you are no longer a client, then we will not send you email newsletters.
You have the right to request what data we hold about you, and confirmation of how we are currently using this data.
Your principal rights under data protection law are:
- The right to access data
- The right to rectify data
- The right to erasure
- The right to restrict processing of your data
- The right to object to our processing of your data
- The right to data portability
- The right to complain to a supervisory authority
- The right to withdraw consent.
Please email us, using “data information request” in the subject line.
This website is owned and operated by Progression Accountancy (Derbyshire) Ltd. We are registered in England and Wales, under registration number 09495206, and our registered office is at Tapton Innovation Centre, Chesterfield,
You can contact us:
Our data protection officer’s contact details are:
Hayley Bradshaw, please email here.
Updates to this policy
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.