Purpose

To explain how personal data is collected, used, stored, and protected.

​

Data collected

• Client contact details

• Company and project information

• Identification data where required for AML purposes

• Communications and working papers

• Personal data collected through the company website may include name, email address, company details, and enquiry content submitted through contact forms. This privacy notice applies to visitors to our website and individuals who contact us via our website or other channels. When you contact us through our website, we use this information solely to respond to your enquiry and manage potential business relationships

 

Data retention

We retain personal data only for as long as necessary:

• Prospect/contact data: typically 12–24 months, after which it is periodically reviewed and deleted where no longer required

• Client data: in line with legal, regulatory, and insurance requirements (typically 6–7 years)

 

Business development and marketing

We may collect and use your personal data where you are a professional contact or representative of an organisation that may benefit from our services.

​

This may include personal data obtained from:

• Publicly available sources (e.g. company websites)

• Professional networking platforms (e.g. LinkedIn)

• Direct interactions such as events, meetings, or introductions

​

We use this data to contact individuals in a targeted and proportionate manner regarding services that may be relevant to their organisation.

​

This processing is carried out under the lawful basis of legitimate interests. We ensure that such processing is limited in scope, appropriate to the context, and respects your rights.

​

You have the right to object to such processing at any time.

 

Lawful bases

​We rely on the following lawful bases depending on the activity:

• Performance of a contract – where we provide services to clients

• Legal obligation – for compliance with HMRC and anti-money laundering requirements

• Legitimate interests – for business development, managing professional relationships, and operating our website

​

Data sharing and processors

We may share personal data with:

• HMRC and other authorities where legally required

• Professional advisers (such as our accountant or insurer)

• Technology providers used to operate the business and website, including Microsoft 365 (including Outlook, OneDrive and SharePoint) and Wix.com Ltd as website host and form processor

• Physical correspondence may be received via a UK-based registered office and mail handling provider. Mail received at the registered address is securely stored for collection and is not routinely opened or processed unless specific services are requested

 

Cookies and analytics

• Our website uses cookies that are necessary for functionality and may use analytics cookies to understand how the site is used and improve performance

• Non-essential cookies (such as analytics) are only used where you have given consent via our cookies banner

• You can withdraw or change your cookies preferences at any time using the cookies settings controls available on the website

 

Data storage

• Personal data is stored electronically within Microsoft 365 (including Outlook, OneDrive and SharePoint) and may also be processed temporarily through website infrastructure and email systems in the course of enquiry handling

• Local devices used to access business data are encrypted

 

International transfers

• Some of our technology providers may process or store personal data outside the UK

• Where this occurs, we rely on appropriate safeguards in line with applicable data protection legislation, such as adequacy regulations or contractual protections

 

Rights

Individuals have the right to:

• Request access to their personal data

• Request correction of inaccurate personal data

• Request deletion of personal data, subject to legal and regulatory retention requirements

• Data portability

• Not be subject to automated decision-making (where applicable)

• Object to processing

• Restrict processing

• Lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk)