This Privacy Policy explains how Rothstone Accountants collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to safeguarding personal information and ensuring that all data is processed lawfully, fairly, and transparently.
Rothstone Accountants is a UK-based professional services firm providing accountancy, tax, payroll, and advisory services.
Contact details:
Email: info@rothstone.uk
Complaints or data protection queries: data.protection@rothstone.uk
Personal data means any information that relates to an identified or identifiable individual. This includes, but is not limited to:
Names and contact details
Identification numbers
Financial and tax information
Online identifiers
This definition is consistent with Article 4 of the UK GDPR.
We only process personal data where a lawful basis applies. In most cases, the primary lawful basis is contractual necessity, as processing is required to provide accountancy and related professional services.
Other lawful bases we may rely upon include:
Consent
Legal obligation
Legitimate interests
Vital interests
Public task
Personal data will only be processed for the purposes for which it was collected, unless a compatible lawful basis applies.
Where consent is used as the lawful basis:
It is freely given, specific, informed, and unambiguous
You may withdraw consent at any time
Withdrawal of consent may limit our ability to continue providing services where processing is necessary.
Depending on the services provided, we may collect and process:
Name, address, and contact details
Bank and payment details
Government-issued identification
Tax records, accounts, payroll data, and financial statements
National Insurance numbers, P45s and P60s
Right-to-work documentation
Criminal offence data (where legally required and appropriately safeguarded)
Where criminal offence data is processed, this is done in accordance with Articles 9 and 10 UK GDPR and Schedule 1 of the Data Protection Act 2018.
Personal data is usually obtained directly from clients, employees, or authorised third parties and is processed to:
Deliver accountancy, tax, payroll, and advisory services
Meet regulatory and legal obligations
Administer payments and billing
Maintain client and employee records
Comply with anti-money laundering and economic crime regulations
Data may be collected via email, telephone, secure portals, forms, or in person and is stored in secure systems.
We process personal data in line with the UK GDPR principles of:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or disclosure.
Access to data is restricted to authorised personnel on a need-to-know basis. Where data is shared with third parties, contractual confidentiality and data protection obligations apply.
In the event of a data breach, we follow guidance issued by the Information Commissioner’s Office and will notify affected individuals and the ICO where legally required.
We may share personal data with trusted third parties where necessary, including:
HM Revenue & Customs (HMRC)
Banking and financial institutions
Payroll, accounting, and tax software providers
Credit and identity verification providers
All third parties are required to process data securely and in accordance with our instructions.
We may process limited personal data relating to:
Visitors to our premises (for security and safety purposes)
Emergency contact details of staff and contractors
This data is processed under legitimate interests and retained only for as long as necessary.
Where personal data is transferred outside the UK or EEA, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent protections, to ensure data security and compliance.
Personal data is retained in accordance with legal and regulatory requirements.
In most cases, records are retained for six years from the end of the relevant accounting period, unless longer retention is required by law (e.g. anti-money laundering regulations).
Under UK GDPR, you have rights including:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to object
The right to data portability
Rights relating to automated decision-making
Some rights are subject to legal limitations, which will be explained where applicable.
You may request access to your personal data by contacting us verbally or in writing.
We may need to verify your identity and will respond within one month. Requests are normally free of charge unless manifestly unfounded or excessive.
When you visit our website, limited information may be collected via cookies and analytics tools to monitor performance and improve user experience.
Further details are available in our Cookie Statement.
If you are unhappy with how we handle your personal data, you may contact us at data.protection@rothstone.uk.
You also have the right to complain to the Information Commissioner’s Office (ICO):
ICO Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://www.ico.org.uk
This Privacy Policy is reviewed regularly and updated as required to reflect changes in legislation or business practices.
