Privacy Notice

Introduction

The Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”) impose legal obligations in relation to the processing of personal data.

Maeflower Accounting CIC is the data controller responsible for your personal data.
The Data Protection Officer is Liza Sitch, who can be contacted at:
info@maefloweraccounting.co.uk

We may update this privacy notice from time to time. The latest version will always be made available to you.

Where we act as a data processor on your behalf (for example, payroll processing), a separate data processing agreement will apply in addition to this notice.

Types of personal data we process

We may process the following categories of personal data:

  • Identity data (e.g. name, date of birth)

  • Contact data (e.g. address, email address, telephone number)

  • Financial data (e.g. bank details, income, transactions)

  • Tax data (e.g. National Insurance number, UTR, HMRC information)

  • Business data (e.g. company records, accounting information)

How we collect your data

We usually collect personal data directly from you.

We may also receive data from:

  • HMRC

  • Your employer or pension provider

  • Other professional advisers (e.g. solicitors, accountants)

  • Third parties you authorise us to deal with

Purpose and legal basis for processing

We process your personal data as follows:

Purpose: Providing accountancy and tax services (e.g. preparing accounts and tax returns, submitting information to HMRC)

Legal basis: Contract

Purpose: Carrying out anti‑money laundering checks

Legal basis: Legal obligation

Purpose: Communicating with you and managing our engagement

Legal basis: Contract / Legitimate interests

Purpose: Billing, invoicing and managing fee disputes

Legal basis: Contract

Purpose: Managing complaints or legal claims

Legal basis: Legitimate interests

Purpose: Sending marketing communications (where applicable)

Legal basis: Consent

If you do not provide the requested personal data, we may be unable to provide services.

Sharing your data

We may share your personal data with:

  • HMRC

  • Third parties you authorise

  • Subcontractors and service providers

  • Professional advisers and insurers

  • Our professional body and supervisory authorities

  • Law enforcement agencies, courts, tribunals and the ICO where required

We use cloud-based systems including:

These providers process personal data on our behalf under appropriate contractual safeguards.

International transfers

Personal data is primarily processed within the UK/EEA.

Where data is transferred outside the UK/EEA (including via service providers such as Google Analytics), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses

  • Transfers to countries with adequacy regulations

Data retention

We retain personal data as follows:

  • Tax return data: 7 years from the end of the relevant tax year

  • Advisory work: 7 years from the end of the engagement

  • Ongoing client data: duration of relationship plus 7 years

Data is securely deleted after this period unless retention is required by law.

You remain responsible for retaining your own statutory records.

Your rights

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request erasure (in certain circumstances)

  • Restrict or object to processing

  • Data portability (where applicable)

  • Withdraw consent at any time (where applicable)

Requests should be made in writing to:
info@maefloweraccounting.co.uk

We will respond within one month, subject to legal exceptions.

Identity verification

We may require proof of identity (such as a passport, driving licence or utility bill) before responding to requests.

Automated decision-making

We do not carry out automated decision-making or profiling.

Cookies and Website Data

Our website uses cookies and similar technologies to ensure it functions correctly, improve your experience, and help us understand how it is used.

What are cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device and store certain information about your preferences.

How we use cookies

We use cookies to:

  • Ensure the website operates as expected

  • Improve website performance and usability

  • Understand how visitors use our website

  • Support security and fraud prevention

Squarespace platform

Our website is built using Squarespace, which places cookies to:

  • Enable core functionality (e.g. page navigation and security)

  • Monitor performance

  • Provide built‑in analytics

Squarespace may process anonymised visitor data as part of its hosting services.

Google Analytics

We use Google Analytics to collect anonymised information such as:

  • Pages visited

  • Time spent on the site

  • How users arrive at the website

This data is aggregated and does not identify you personally.

Google may store data outside the UK. Where this occurs, appropriate safeguards are in place.

Analytics cookies are used only with your consent.

Types of cookies we use

  • Strictly necessary cookies – essential for website operation

  • Analytics cookies – help us understand usage

  • Functionality cookies – remember preferences

We do not use cookies to collect personally identifiable information without your consent.

Managing cookies

You can control cookies through your browser settings, including:

  • Blocking cookies

  • Deleting cookies

Disabling cookies may affect website functionality.

Further information

For more information about cookies, visit:
www.ico.org.uk

Contact and complaints

If you have any questions or concerns, please contact:
info@maefloweraccounting.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office:
www.ico.org.uk