Who we are
JAC Accountancy Solutions Limited (Company No. 08524280) is a small independent accountancy firm registered in England and Wales, operating from Bollington, Cheshire. We provide accountancy, bookkeeping, payroll, and tax services to individuals and small businesses. The firm is regulated by the Institute of Chartered Accountants in England and Wales (ICAEW), Membership No. 8650147.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, JAC Accountancy Solutions Limited is the data controller responsible for your personal data.
Data Controller details
Company No. 08524280 · Registered in England & Wales
Regulated by ICAEW (Membership No. 8650147)
20 First Floor, Swan Buildings, Swan Street
Manchester, England, M4 5JW
Data we collect
We collect and process personal data that you provide to us directly, as well as data that we receive from third parties in connection with the professional services we provide. The types of data we may hold include:
Personal identification data
- Full name, date of birth, and national insurance number
- Contact details including address, telephone number, and email address
- Proof of identity and address for anti-money laundering (AML) purposes
- Unique Taxpayer Reference (UTR) and VAT registration numbers
Financial and tax data
- Income, employment, and earnings information
- Bank account details (where required for tax refund or payroll purposes)
- Business accounts, invoices, receipts, and financial statements
- Tax returns, PAYE records, and correspondence with HMRC
- Pension contribution details
Business data (for business clients)
- Company registration details and statutory filings
- Director and shareholder information
- Payroll information for employees
- Supplier and customer information relevant to bookkeeping
Website and communication data
- Data submitted through our website contact form (name, email, phone, enquiry details)
- Email correspondence and other communications
- Basic website analytics data (see Section 10 — Cookies)
Special category data: In some circumstances, we may process data that is considered sensitive under UK GDPR — for example, health information relevant to a tax claim or disability-related allowances. We will only process such data where there is a clear legal basis and with your explicit consent.
How we use your data
We use your personal data only for the purposes for which it was collected. These include:
- Providing accountancy, tax, bookkeeping, and payroll services to you
- Preparing and filing tax returns, accounts, and other documents with HMRC and Companies House on your behalf
- Corresponding with HMRC, Companies House, and other regulatory bodies as your agent
- Complying with our legal and regulatory obligations, including anti-money laundering requirements
- Sending you relevant updates, reminders, and information about your account or services we provide
- Responding to enquiries submitted through our website or by other means
- Maintaining accurate business records and meeting our own statutory obligations
We will not use your data for automated decision-making, profiling, or for any purposes unrelated to the services we provide to you.
Legal basis for processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
| Legal basis | When we rely on it |
|---|---|
| Contract performance | To fulfil our obligations under our engagement letter and provide the services you have instructed us to carry out |
| Legal obligation | To comply with obligations under tax law, anti-money laundering regulations, and accounting standards |
| Legitimate interests | To manage our business, communicate with clients, and maintain accurate records — provided this does not override your rights |
| Consent | For any optional communications such as newsletters, or where processing sensitive data not required by law |
Client records
As your accountant, we maintain a client file containing all information relevant to the professional services we provide to you. This file may be held in paper form, electronically, or both.
Secure document portal
We use SmartVault, a secure cloud-based document management portal, to store and share client documents. SmartVault is compliant with industry security standards. Access to your portal is restricted to you and members of our firm involved in your work. You can access your documents securely at any time via your personal portal login.
Software and tools
We use professional accounting software including Xero, QuickBooks, or FreeAgent to prepare your accounts and manage your records. These platforms are subject to their own privacy policies and data security standards. We use only reputable, UK GDPR-compliant providers.
HMRC agent access
Where you have authorised us to act as your agent with HMRC, we will access and submit information on your behalf through HMRC's secure online services. This access is governed by our letter of engagement and can be revoked by you at any time by notifying us.
Your client file belongs to you. You have the right to request a copy of all information held on your file at any time. See Section 9 for your full data rights.
Sharing your data
We will never sell your personal data to third parties. We will only share your information in the following circumstances:
- HMRC and government bodies — when filing tax returns, accounts, and statutory submissions on your behalf
- Companies House — when filing company documents required by law
- Service providers — trusted third parties who process data on our behalf (e.g. SmartVault for document storage, accounting software providers). These are bound by data processing agreements and may not use your data for their own purposes
- Professional advisers — such as specialist tax counsel or legal advisers, where we seek advice in connection with your work, subject to confidentiality obligations
- Regulatory bodies — such as ICAEW or the Information Commissioner's Office, where required by law or professional regulation
- Legal requirement — where we are legally required to disclose information, for example under anti-money laundering legislation
Where we share data with third-party processors, we ensure appropriate contractual safeguards are in place. We do not transfer personal data outside the UK or European Economic Area unless adequate protections apply.
Retention periods
We retain your personal data only for as long as necessary for the purposes for which it was collected and to meet our legal and regulatory obligations. The table below sets out our standard retention periods:
| Type of record | Retention period | Reason |
|---|---|---|
| Tax returns and correspondence with HMRC | 6 years minimum from the end of the relevant tax year | HMRC enquiry window; statutory requirement |
| Company accounts and statutory records | 6 years from filing date | Companies Act 2006 requirements |
| Payroll records | 6 years from the end of the tax year they relate to | HMRC and employer statutory obligations |
| Anti-money laundering (AML) records | 5 years from the end of the business relationship | Money Laundering Regulations 2017 |
| Client correspondence and engagement letters | 6 years after the engagement ends | Professional liability and legal requirements |
| Website enquiry data | 12 months, or until the enquiry is resolved | Legitimate interests — managing enquiries |
After the applicable retention period, data will be securely deleted or anonymised. We review our retention practices periodically to ensure compliance.
Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include:
- Secure, password-protected systems and encrypted email where appropriate
- Use of SmartVault for secure client document storage with restricted access controls
- Reputable, professionally accredited accounting software with strong security standards
- Strict internal access controls — only those involved in your work can access your file
- Secure disposal of paper documents containing personal data
- Regular review of our security practices
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify you directly without undue delay.
Your rights
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us using the details in Section 12.
Right of access
You have the right to request a copy of all personal data we hold about you (a Subject Access Request). We will respond within one month.
Right to rectification
If any information we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.
Right to erasure
You may request deletion of your personal data in certain circumstances, subject to our overriding legal and regulatory obligations to retain records.
Right to restrict processing
You have the right to ask us to restrict how we use your data in certain circumstances, for example while you contest its accuracy.
Right to data portability
Where processing is based on consent or contract, you can request your data in a structured, commonly used, machine-readable format.
Right to object
You have the right to object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent
Where we rely on your consent to process data, you may withdraw it at any time. This will not affect the lawfulness of prior processing.
Right not to be profiled
You have the right not to be subject to automated decision-making or profiling. We do not undertake any such activities.
We will not charge for exercising your rights in most cases and will respond within one calendar month. We may extend this by a further two months for complex or multiple requests, and will notify you if so.
Cookies and website data
Our website may use cookies and similar tracking technologies to improve your browsing experience and to understand how visitors use the site. Cookies are small text files placed on your device.
We may use:
- Essential cookies — necessary for the site to function (e.g. session cookies)
- Analytics cookies — to understand how visitors navigate our site (e.g. via Google Analytics). These do not personally identify you
You can control and delete cookies through your browser settings at any time. Disabling non-essential cookies will not prevent you from using our website. Where required by law, we will seek your consent before placing non-essential cookies.
We do not use cookies for advertising or retargeting purposes.
Changes to this policy
We review and update this Privacy & Client Record Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. The date at the top of this page shows when the policy was last updated.
If we make material changes to how we handle your personal data, we will notify you directly by email or by placing a prominent notice on our website. We encourage you to review this policy from time to time.
Continued use of our services after any update constitutes your acknowledgement of the revised policy.
Contact us & complaints
If you have any questions about this policy, wish to exercise your data rights, or have a concern about how we have handled your personal data, please contact us:
JAC Accountancy Solutions Limited
Making a complaint
We take all data privacy concerns seriously and will do our best to resolve any issue promptly. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
📞 0303 123 1113 (helpline)
🌐 www.ico.org.uk
You may also raise a concern online at ico.org.uk/make-a-complaint. We would always appreciate the opportunity to address your concern directly before you contact the ICO.