Privacy Policy

Data Privacy Policy Notice

PPT Accountancy Ltd is responsible for the processing of your personal (not company) data. This
privacy policy explains how we collect and use your personal data in a lawful, fair and transparent
way in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection
Act (DPA) 2018, Data (Use and Access) Act 2025 and other Data Protection Legislation as may be
updated from time to time.

How we may collect your personal data

Data will be obtained from yourself or from a third party such as a previous adviser/accountant,
financial adviser, your company, your employer, your bank, pension provider, HMRC, Companies
House and publicly available resources. We will only conduct reasonable and proportionate
information searches.

The information we hold about you

It is important that the personal information we hold about you is accurate and current. Please keep us
informed if there are any changes particularly to your contact details.

Data we hold may be contact emails, telephone numbers, addresses and other personal details such as
date of birth, HMRC tax, N.I. and other references or notices, gender, marital status, income, bank
account numbers, business activities, employment and pension information.

We will hold and will check proof of ID in order to comply with Money Laundering Regulations.
In order to provide the contracted services as per our engagement letter we may also request other
information which we require as part of our professional services, but this data will be reasonable and
proportionate, and will not be excessive.

How we will use the information about you

Here at PPT Accountancy Ltd we take your privacy seriously and we will only use your personal data
in order to provide ongoing accountancy, CIS, payroll, workplace pension, tax compliance, tax
advisory and other related services.

The main ways in which we will use your personal data are:

  • To manage and administer your affairs as per your contracted services and to notify you of
    any changes to our services.
  • For administration and invoicing purposes.
  • To meet our legal and regulatory requirements.
  • To comply with applicable legislation, including (but not limited to) – anti-money laundering,
    proceeds of crime or to respond to authorised agencies and government departments, the
    Police, the Serious Fraud Office or the Courts.

If you are a payroll client you will be a Data Controller with responsibility for ensuring your
employees have given consent to holding their personal data. We will process payroll data as a Data
Processor for your employees on a legal basis under UK GDPR.

We do not intend to use Artificial Intelligence (AI) or automated decision making in relation to your
personal data.

Data sharing

We will share information as required by law or regulatory notice acting as your agent to HMRC
(including HMRC Courts and Tribunal), Companies House, your pension provider, governing bodies,
regulatory agencies, professional and expert advisory services, subcontracted professionals, IT and
software (including cloud) support, and contracted third party service providers.

All our third-party service providers are required to take commercially reasonable and appropriate
security measures to protect your personal data. We will not share your personal data with any other
ad hoc third parties for processing unless you have authorised this.

We may export personal data outside the EU/EEA/UK for the purposes of storage and data
processing. You consent to such data export and we rely on their security although we may check
their compliance where relevant and easily obtainable. For International Data Transfers, the UK now
uses the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard
Contractual Clauses.

We will not share your information with third parties for marketing purposes.

Data security

We treat the security of your data seriously. We have put in place commercially reasonable and
appropriate security measures to prevent your personal data from being accidentally lost, used or
accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal
data to third parties only if they have a business need to know and they are subject to a duty of
confidentiality.

Data is held electronically and on hard copy files. We store data via third party servers including but
not limited to Dropbox, Microsoft, Amazon and Google products, protected by security features such
as firewalls and anti-virus software. If you provide us with a USB memory stick, transportation may
be required but will be restricted to only what is strictly necessary.

We use reputable tax, payroll and accounting software which are often located ‘in the cloud’, and if
so, we rely on the software provider’s or cloud host’s security features. When software is installed on
our local computers the software is password protected. Our computers and servers are password
protected.

Our website data is hosted on third party servers which are protected by firewalls and encryption. If
the website IT support require access to the data on the full back end of our website, we rely on their
security measures.

If there is a data security breach, we will notify you and the regulator where we are legally required to
do so.

Data retention

We aim to retain your personal information for as long as it is necessary to fulfil the services for
which it is collected and to comply with any statutory or legal obligations. This is generally a
minimum of seven years. However, it is important you retain your own records for HMRC enquiries
as they can go back twenty years.

Your rights

You have a right to request access to your personal information and request correction of the personal
information that we hold about you. You have a right to request erasure or restriction of your personal
information by us and/or our third parties under certain situations providing there is no overriding
statutory obligation for the data to continue to be held. You can object to processing and transfer of
your personal data in certain circumstances. You can contest any automatic decision making, and
express your point of view and request human intervention.

If you have any questions, requests or complaints about data privacy, please email the Data Protection
Officer (DPO), Keren Parker – keren@pptaccountancy.co.uk. You will receive an acknowledgement
within 30 days, and a response within a reasonable time frame. You should wait for our response
before escalating to the Information Commissioner’s Office (ICO).

We are registered with the Information Commissioner’s Office (ICO). You have the right to make a
complaint to the ICO on 0303 123 1113, the UK supervisory authority for data protection issues.

Updated 16/05/2026

PPT Accountancy Ltd. R/O: Suites 12 & 13, Unit 32 Hobbs Industrial Estate, Newchapel, Lingfield, RH7 6HN.
Reg. No. 8033221 England