Privacy Policy
This policy explains how DG Accountancy Ltd collects, uses and protects the personal data of clients, prospective clients and visitors to dgaccountancy.co.uk. It is written in plain English and reflects our obligations under UK GDPR and the Data Protection Act 2018. If you have any questions about how we handle your data, the contact details at the bottom of this page will reach the right person.
Who we are and what this policy covers
DG Accountancy Ltd is a limited company registered in England and Wales (company number 15687123), with its principal place of business at Wolverley, Willoughby Road, Torquay, Devon, TQ1 1JX. For the purposes of UK data protection law, DG Accountancy Ltd is the data controller for the personal data described in this policy. This policy applies to personal data we collect from clients, prospective clients and visitors to our website. It came into effect on 17 June 2026 and should be read alongside our Cookies Policy.
What personal data we collect
We collect different categories of personal data depending on whether you are a client, a prospective client or simply visiting our website.
Information you give us
When you enquire about or engage our services, we collect personal information such as your name, email address, phone number, home or business address, and details about your business structure, turnover and financial position. Once engaged as a client, we also collect financial records, tax information, payroll data and any other documents needed to deliver accountancy services on your behalf.
Information collected automatically
When you visit dgaccountancy.co.uk, our website automatically collects certain technical data including your IP address, browser type, device information, pages visited and time spent on the site. This information is gathered via cookies and analytics tools. We use it to understand how visitors use our website and to keep it functioning correctly. Please see our Cookies Policy at /cookies-policy/ for full details.
Information from third parties
We may receive personal data about you from third-party sources in the course of providing our services. These include Companies House (company filings and officer records), HMRC (tax correspondence and notifications), cloud accounting platforms such as Xero, and, where applicable, credit reference or identity verification agencies used to fulfil our anti-money laundering obligations under the Money Laundering Regulations 2017.
Why we process your data
We process personal data only where we have a clear and lawful reason for doing so under UK GDPR.
To provide our services (Contract)
Where you are a client, we process your personal data because it is necessary to perform the contract between us. This includes preparing accounts, filing tax returns, running payroll, submitting VAT returns and providing any other services set out in your engagement letter. Without this processing, we cannot deliver the services you have engaged us for.
To meet our legal obligations (Legal obligation)
As an accountancy firm supervised by HMRC for anti-money laundering purposes, we are required by law to verify client identity, retain certain records for at least six years and report specific matters to HMRC or law enforcement. We also process data to meet statutory obligations around Companies House filings, PAYE reporting and tax investigations.
To run and improve our business (Legitimate interests)
We process limited personal data on the basis of legitimate interests, for example, to send service updates to existing clients, to monitor website security, to analyse how our site is used, and to manage our internal administration. Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms.
Where you have agreed (Consent)
Where you are a prospective client or website visitor who has opted in to marketing communications, we process your email address on the basis of your consent. We may also use non-essential cookies with your consent. You can withdraw consent at any time by emailing daniel.g@dgaccountancy.co.uk or clicking unsubscribe in any marketing email. Withdrawal does not affect the lawfulness of processing before that point.
Who we share your data with
We do not sell personal data and we share it only where necessary to deliver our services or meet our legal obligations.
Your personal data may be shared with a small number of third parties in the course of providing accountancy services or operating our business. We take reasonable steps to ensure that any party receiving data processes it securely and lawfully.
HMRC and Companies House
We submit tax returns, VAT returns, payroll filings, statutory accounts and other documents to HMRC and Companies House on your behalf as part of our core services. This sharing is required by law and forms an integral part of the engagement.
Software providers
We use cloud-based software platforms, including Xero for bookkeeping and cloud accounting, to store and process client financial data. These providers act as data processors on our behalf and are contractually required to handle your data securely and in accordance with UK GDPR.
Professional advisers
In limited circumstances we may share relevant information with solicitors, insurers or other professional advisers, for example, if a legal matter arises or as part of a professional indemnity claim. Such sharing is limited to what is strictly necessary in each situation.
Regulatory and legal authorities
We may be required to share personal data with regulatory bodies, including ACCA and HMRC in their AML supervisory capacity, or with law enforcement and courts under a lawful order. We will comply with any such obligation and, where legally permissible, will inform you beforehand.
International data transfers
Some of the software providers we use may store or process data on servers located outside the United Kingdom, including within the European Economic Area and other countries. Where data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as the UK’s International Data Transfer Agreement or Standard Contractual Clauses approved by the ICO. The UK has recognised the EEA as providing an adequate level of data protection. If you would like more detail about the safeguards applicable to any specific transfer, please contact us using the details in section 13.
How long we keep your data
We retain personal data only for as long as necessary for the purpose for which it was collected, subject to any minimum legal retention periods.
Client records
Under the Money Laundering Regulations 2017, we are required to retain client due diligence records and transaction documents for a minimum of six years from the end of the client relationship. Tax-related records may be retained for up to seven years to meet HMRC requirements. Records are then securely deleted or anonymised.
Prospect and enquiry data
If you make an enquiry but do not become a client, we will retain your contact details for up to 24 months from the date of last contact. After that period, your data will be securely deleted unless you have actively engaged with us in the interim or consented to ongoing communications.
Website analytics
Anonymised or aggregated data from website analytics tools is typically retained for up to 26 months, after which it is deleted or further aggregated so that no individual can be identified. This is consistent with standard practice for web analytics platforms.
Marketing consent records
Where you have consented to receive marketing communications, we retain a record of that consent for the duration of the relationship plus two years after consent is withdrawn or expires. This audit trail allows us to demonstrate compliance with PECR and UK GDPR in the event of a complaint.
Your rights under UK GDPR
UK GDPR gives you a set of statutory rights in relation to your personal data. These rights apply in most circumstances, although some are subject to limited exceptions, we will always explain if an exception applies when you contact us.
Right to be informed
You have the right to be told how your personal data is being used. This privacy policy fulfils that obligation. If anything is unclear or you would like further detail about a specific processing activity, please get in touch.
Right of access
You have the right to request a copy of the personal data we hold about you, known as a Subject Access Request (SAR). We will provide this free of charge and within one month of receiving your request, subject to verifying your identity.
Right to rectification
If personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. We will action valid rectification requests promptly and, where appropriate, notify third parties who have received the incorrect data.
Right to erasure
You may ask us to delete personal data we hold about you. This right is not absolute, we may be required to retain certain records under AML legislation, tax law or other legal obligations. Where erasure is restricted, we will explain why.
Right to restrict processing
You can ask us to limit how we use your data in certain circumstances, for example, while a dispute about accuracy is being resolved, or where you have objected to processing and we are considering whether our legitimate grounds override your request.
Right to data portability
Where we process your data on the basis of consent or contract using automated means, you have the right to receive that data in a structured, commonly used and machine-readable format, and to have it transferred to another controller where technically feasible.
Right to object
You have the right to object to processing based on our legitimate interests or carried out for direct marketing purposes. If you object to direct marketing, we will stop immediately. Objections to other legitimate-interests processing will be considered and we will respond within one month.
Rights related to automated decision-making
You have the right not to be subject to decisions made solely by automated means that have a legal or similarly significant effect on you. DG Accountancy does not currently use automated decision-making or profiling that produces such effects.
How to exercise your rights
To exercise any of these rights, please email daniel.g@dgaccountancy.co.uk with your name, contact details and a description of your request. We will respond within one month of receipt. We may ask you to verify your identity before actioning a request. There is no charge for exercising these rights in most cases, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
How we protect your data
We use a range of technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or disclosure. All data transmitted between your browser and our website is encrypted in transit using HTTPS. Personal and financial data stored within our cloud platforms is encrypted at rest. Access to client data is restricted to authorised personnel only, protected by strong passwords and, where supported, multi-factor authentication. We review our security practices regularly and apply software updates and patches promptly. In the event of a personal data breach that is likely to affect your rights, we will notify the ICO within 72 hours and inform affected individuals without undue delay.
Cookies
Our website uses cookies, small text files stored on your device, to keep the site functioning correctly, analyse visitor behaviour and, where you have consented, support marketing activity. Essential cookies are placed without consent; analytics and marketing cookies require your agreement. Full details of the cookies we use, their purposes and how to manage them are set out in our Cookies Policy at dgaccountancy.co.uk/cookies-policy/.
Children’s data
Our services are designed for business owners, company directors and self-employed adults. We do not knowingly collect or process personal data relating to anyone under the age of 18. If you believe we have inadvertently received data about a child, please contact us immediately at daniel.g@dgaccountancy.co.uk and we will take steps to delete it promptly.
Changes to this policy
We may update this policy from time to time to reflect changes in the law, our services or the way we handle data. The ‘last reviewed’ date at the top of the page will always show when it was most recently updated. Where changes are material, we will notify existing clients by email before they take effect.
How to contact us
All data protection queries and rights requests should be directed to Daniel Grimmelijkhuizen at DG Accountancy Ltd.
If you have a question about this policy, wish to exercise a data subject right, or have a concern about how we have handled your personal data, please contact us using the details below. We aim to resolve all queries promptly and within the statutory one-month response period.
- Data queries
- daniel.g@dgaccountancy.co.uk, Response within one month under UK GDPR. Please include your name, contact details and a clear description of your request so we can respond efficiently.
- Data controller
- DG Accountancy Ltd
- Registered address
- Wolverley, Willoughby Road, Torquay, Devon, TQ1 1JX
- Companies House
- 15687123
- ICO registration
- [ICO registration number, to be added]
Complaints to the ICO
If you are unhappy with how we have handled your personal data or a rights request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent data protection supervisory authority. You can contact the ICO at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: https://ico.org.uk/make-a-complaint/. We would always appreciate the opportunity to address any concern directly before you escalate to the ICO, but you are entitled to contact the ICO at any time.