Contact Us

Privacy Policy

TAXSOLVERS LIMITED

PRIVACY POLICY

Version: January 2025   |   UK GDPR & Data Protection Act 2018

 

Who this policy applies to: This Privacy Policy applies to all individuals whose personal data is processed by Taxsolvers Limited, including clients of every type (Sole Traders, Limited Companies, LLPs, Partnerships, Landlords, Self Assessment clients, Trusts, Charities, and Non-Profit Organisations), directors, shareholders, partners, trustees, beneficial owners, and visitors to our website.

 

1.  Who We Are — The Data Controller

Taxsolvers Limited is the data controller in respect of the personal data we process about you. We are responsible for ensuring all processing is carried out lawfully, fairly, and transparently.

 

Organisation:   Taxsolvers Limited

Address:   108 Belgrave Gate, Leicester, LE1 3GR

Telephone:   0330 174 4222

Email:   mail@taxsolvers.co.uk

Website:   www.taxsolvers.co.uk

Company Number:   05567303 — Registered in England and Wales

ICO Registration Number:   Z1368826

Regulated by:   Institute of Certified Practising Accountants (ICPA)

Data Protection Contact:   Practice Manager — mail@taxsolvers.co.uk

 

2.  What Personal Data We Collect and Why

We collect personal data necessary for the provision of our professional accountancy, tax, payroll, and advisory services, and to comply with our legal and regulatory obligations.

 

Identity Data

Examples: Full name, date of birth, nationality, National Insurance number, passport or driving licence details, Companies House director records.

Lawful basis: Contract; Legal obligation (MLR 2017); Legitimate interests.

Retention: 6 years from end of engagement. AML records: minimum 5 years from end of business relationship.

 

Contact Data

Examples: Current and previous addresses, email address, telephone number.

Lawful basis: Contract; Legitimate interests.

Retention: 6 years from end of engagement.

 

Financial and Tax Data

Examples: Income, expenditure, bank statements, tax returns, accounts, payroll records, VAT records, PAYE references, UTRs, CT references, Companies House data.

Lawful basis: Contract; Legal obligation (HMRC, Companies Act 2006, MLR 2017).

Retention: 7 years from preparation of the relevant document.

 

Source of Funds / Wealth

Examples: Details of assets, investments, loans, and source of funds evidence required under AML regulations.

Lawful basis: Legal obligation (MLR 2017 Enhanced Due Diligence); Legitimate interests.

Retention: Minimum 5 years from end of business relationship (MLR 2017, Regulation 40).

 

Business Information

Examples: Business name, SIC code, Companies House number, registered address, shareholding structure, PSC details, directors and officers.

Lawful basis: Contract; Legal obligation; Legitimate interests.

Retention: 6 years from end of engagement.

 

AML / CDD Records

Examples: Identity verification documents, electronic AML check results, PEP and sanctions check results, risk assessment records, SAR references.

Lawful basis: Legal obligation (MLR 2017, POCA 2002).

Retention: Minimum 5 years from end of business relationship (MLR 2017, Regulation 40).

 

Communications Data

Examples: Emails, letters, portal messages, telephone call notes, meeting notes.

Lawful basis: Contract; Legitimate interests.

Retention: 6 to 7 years from end of engagement.

 

Website and Usage Data

Examples: IP address, browser type, pages visited, device details. Collected via cookies with your consent.

Lawful basis: Consent; Legitimate interests.

Retention: Up to 26 months (analytics data).

 

Marketing and Preference Data

Examples: Communication preferences, service interests, website enquiry details.

Lawful basis: Consent; Legitimate interests (existing clients only, subject to right to object).

Retention: Until consent is withdrawn or objection is upheld, or end of engagement.

 

Important: We do not sell personal data to any third party, nor do we use it for any purpose unconnected with delivering our services to you or operating our website.

 

3.  How We Collect Your Personal Data

We collect personal data from the following sources:

  • Directly from you — when instructing us, completing onboarding forms, signing engagement letters, or submitting a website enquiry.
  • From your authorised representatives — fellow directors, partners, trustees, or professional advisers acting on your behalf.
  • From publicly available sources — including Companies House, the Land Registry, the Charity Commission, and HMRC’s public-facing systems.
  • From AML screening services — electronic identity verification providers and PEP and sanctions screening databases, as required under MLR 2017.
  • From HMRC and other public bodies — in the course of carrying out our services on your behalf.
  • From your previous accountants or advisers — in the course of obtaining professional clearance and handover of records.
  • From our website — via cookies, contact forms, and enquiry submissions (see Section 12).

 

4.  The Lawful Bases Upon Which We Process Your Data

Under UK GDPR we are required to identify a lawful basis for each type of processing we carry out:

 

Contract (Article 6(1)(b)): Where processing is necessary for the performance of our engagement — preparation of accounts, tax returns, payroll, VAT returns, and all other agreed services.

Legal Obligation (Article 6(1)(c)): Where processing is required to comply with a legal or regulatory obligation, including the Companies Act 2006, Taxes Management Act 1970, MLR 2017, POCA 2002, the UK GDPR, and HMRC requirements.

Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests — maintaining client records, quality control, communicating about our services, and defending legal claims — provided those interests are not overridden by your rights.

Consent (Article 6(1)(a)): Where you have given us explicit consent — such as for marketing communications or non-essential cookies. You may withdraw consent at any time by contacting mail@taxsolvers.co.uk.

Special Category Data (Article 9(2)): Where we process special category data (such as health information), we rely upon explicit consent or a legal obligation. This data is processed only where strictly necessary.

 

5.  Who We Share Your Personal Data With

We do not sell, rent, or trade personal data. We share it only where necessary to perform our services, comply with legal obligations, or for other legitimate purposes.

 

HM Revenue and Customs (HMRC): Filing tax returns, accounts, VAT returns, PAYE submissions, and responding to HMRC enquiries on your behalf. Basis: Legal obligation; Contract.

Companies House: Filing annual accounts, confirmation statements, and other statutory filings on your behalf. Basis: Legal obligation; Contract.

National Crime Agency (NCA): Submission of Suspicious Activity Reports (SARs) where required under POCA 2002. We may be prohibited by law from notifying you that a report has been made. Basis: Legal obligation (POCA 2002; MLR 2017).

Information Commissioner’s Office (ICO): Reporting of data breaches as required under UK GDPR; responding to ICO investigations. Basis: Legal obligation (UK GDPR Article 33).

Moneypex: Storage and processing of client records, documents, and financial data via our practice management platform. A data processing agreement is in place. Basis: Contract.

Professional Indemnity Insurers: Notification of claims; information for insurance renewal. Basis: Legitimate interests; insurance contract.

ICPA: Quality control reviews, practice monitoring, regulatory inspections, and complaints investigation. Basis: Regulatory obligation; membership obligations.

Sub-contracted Professionals: Specialist work sub-contracted on your behalf. All are bound by equivalent confidentiality obligations. Basis: Legitimate interests; Contract.

Legal Advisers: Where legal advice is required in connection with your engagement or a dispute. Disclosure is limited to what is strictly necessary. Basis: Legitimate interests; Legal obligation where applicable.

 

6.  International Transfers of Personal Data

We do not routinely transfer personal data outside the United Kingdom. Where any transfer does occur — for example, if a cloud service provider processes data on servers located abroad — we ensure that appropriate safeguards are in place in accordance with UK GDPR, including adequacy regulations, the UK International Data Transfer Agreement (IDTA), or other permitted safeguards under UK GDPR Article 46.

For further information, please contact our Practice Manager at mail@taxsolvers.co.uk.

 

7.  How Long We Keep Your Personal Data

We retain personal data only for as long as is necessary, having regard to our legal, regulatory, and professional obligations:

  • Client files and records — generally 7 years from completion of the relevant engagement.
  • AML and CDD records — minimum 5 years from the end of the business relationship (MLR 2017, Regulation 40).
  • Limited company accounting records — 6 years from the end of the accounting period (Companies Act 2006, s.388).
  • Sole trader and partnership records — 5 years from the relevant Self Assessment filing deadline.
  • Payroll records — 3 years from the end of the relevant tax year.
  • VAT records — 6 years from the date of the relevant transaction or return.
  • Marketing and enquiry data — until consent is withdrawn or an objection is upheld.

 

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

 

8.  How We Protect Your Personal Data

We maintain appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our measures include:

  • Secure, password-protected access to all client data systems, including Moneypex.
  • Encryption of personal data in transit and, where applicable, at rest.
  • Role-based access controls — staff access only the data necessary for their role.
  • Secure office premises with restricted physical access to paper records.
  • Use of reputable cloud service providers with appropriate data security standards.
  • Regular review of our data protection and security policies.
  • Staff training on data protection obligations and secure handling of personal data.

 

Data breach notification: In the event of a personal data breach likely to result in a risk to your rights and freedoms, we shall notify the ICO within 72 hours (UK GDPR Article 33). Where the breach is likely to result in a high risk to you personally, we shall also notify you directly without undue delay (UK GDPR Article 34).

 

9.  Automated Decision-Making and Profiling

We do not carry out any processing that involves solely automated decision-making — including profiling — that produces legal or similarly significant effects concerning you (UK GDPR Article 22). All outputs from automated tools are reviewed by a qualified member of staff before any decision is made or action is taken.

 

10.  Your Rights Under UK GDPR

You have the following rights in respect of the personal data we hold about you. To exercise any right, please contact our Practice Manager at mail@taxsolvers.co.uk. We will respond within one calendar month and do not ordinarily charge for exercising your rights.

 

Right of Access: Request a copy of the personal data we hold about you and information about how we process it (Subject Access Request).

Right to Rectification: Ask us to correct inaccurate personal data or complete incomplete information we hold about you.

Right to Erasure: Ask us to delete your personal data in certain circumstances. This right is subject to our legal and regulatory retention obligations.

Right to Restriction of Processing: Ask us to restrict our processing of your data in certain circumstances, for example whilst a query about accuracy is resolved.

Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on our legitimate interests. We must cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent: Where processing is based on your consent, withdraw it at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.

Right to Complain: Lodge a complaint with the ICO if you believe our processing infringes UK data protection law. See Section 11 for ICO contact details.

 

Please note: Some rights are qualified and may be subject to exemptions — for example, the right to erasure does not apply where we are legally required to retain your data (such as under MLR 2017 or the Companies Act 2006). We will explain any applicable exemption when responding to your request.

 

11.  How to Raise a Concern or Complaint

If you have any concerns about how we handle your personal data, please contact us in the first instance:

 

Email:   mail@taxsolvers.co.uk

Telephone:   0330 174 4222

Post:   Practice Manager, Taxsolvers Limited, 108 Belgrave Gate, Leicester, LE1 3GR

 

If you remain dissatisfied following our response, you have the right to lodge a complaint directly with the ICO:

 

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline:   0303 123 1113

Website:   www.ico.org.uk

Email:   casework@ico.org.uk

 

12.  Cookies and Our Website

Our website at www.taxsolvers.co.uk may use cookies and similar tracking technologies. Where we use non-essential cookies, we will seek your consent before placing them. Personal data collected via our website — for example through a contact or enquiry form — is processed in accordance with this Privacy Policy. A full Cookie Policy is available separately on our website.

 

13.  Changes to This Privacy Policy

We review this Privacy Policy regularly to ensure it remains accurate and up to date. Where changes are material, we will notify existing clients by email and update the version date on this page. We encourage you to review this Policy periodically.

 

14.  Contact Us

For any questions about this Privacy Policy, how we process your personal data, or to exercise any of your rights, please contact our Data Protection Point of Contact:

 

Contact:   Practice Manager

Address:   Taxsolvers Limited, 108 Belgrave Gate, Leicester, LE1 3GR

Email:   mail@taxsolvers.co.uk

Telephone:   0330 174 4222

Website:   taxsolvers.co.uk/privacy-policy

 

This Privacy Policy was prepared in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR), in accordance with ICO guidance. Taxsolvers Limited is registered as a data controller with the ICO under registration number Z1368826. Company No. 05567303. Version: January 2025.