Home |
Privacy Policy
Data Protection Policy
Last updated: 21 August 2025
Introductory note
Onside Accounting Limited (“the Company”, “we”, “our”, “us”) is committed to protecting the privacy and security of your personal data. We collect, process, and use personal data responsibly and in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and any other applicable privacy laws.
This Privacy Policy explains what personal data we collect about you, how we use it, who we share it with, and the rights you have in relation to that data. It applies to visitors to our website (www.onsideaccounting.com), clients, prospective clients, suppliers, and other third parties who interact with us.
This policy does not form part of any contract for services. We may update this Privacy Policy at any time to reflect changes in law or our practices.
For questions regarding this Privacy Policy or how we handle your data, please contact our Data Protection Lead at: hello@onsideaccounting.com.
This Privacy Policy explains what personal data we collect about you, how we use it, who we share it with, and the rights you have in relation to that data. It applies to visitors to our website (www.onsideaccounting.com), clients, prospective clients, suppliers, and other third parties who interact with us.
This policy does not form part of any contract for services. We may update this Privacy Policy at any time to reflect changes in law or our practices.
For questions regarding this Privacy Policy or how we handle your data, please contact our Data Protection Lead at: hello@onsideaccounting.com.
Definitions
Controller: The organisation responsible for deciding how and why personal data is processed. Onside Accounting Limited acts as the Controller for all personal data we collect.
Personal Data: Any information relating to a living individual who can be directly or indirectly identified (for example, name, contact details, or an IP address).
Special Category Data: Sensitive information such as health data, racial or ethnic origin, political opinions, or trade union membership.
Processing: Any activity relating to personal data, such as collecting, storing, using, or sharing it.
Data Subject: The individual whose personal data is processed (e.g., a client, website visitor, or supplier contact).
Personal Data Breach: A security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Personal Data: Any information relating to a living individual who can be directly or indirectly identified (for example, name, contact details, or an IP address).
Special Category Data: Sensitive information such as health data, racial or ethnic origin, political opinions, or trade union membership.
Processing: Any activity relating to personal data, such as collecting, storing, using, or sharing it.
Data Subject: The individual whose personal data is processed (e.g., a client, website visitor, or supplier contact).
Personal Data Breach: A security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Scope
This Privacy Policy covers:
Personal data we collect when you visit our website, contact us, or use our services.
Personal data we process in the course of providing professional accountancy and tax services.
Personal data relating to suppliers, contractors, and other business contacts.
This Privacy Policy applies to all individuals outside the Company whose personal data we process. Our internal data handling practices are set out separately in our Staff Data Protection Policy.
The data we collect
We may collect and process the following types of personal data:
Identity Data – name, title, job role, employer.
Contact Data – email address, telephone number, postal address.
Financial Data – bank details, payment records, invoices, tax identifiers.
Client Service Data – information relevant to delivering accountancy and tax services, such as company records, tax returns, R&D tax credit details, or payroll information.
Technical Data – IP address, browser type, operating system, cookies and analytics information.
Marketing Data – your preferences for receiving updates, newsletters, or event invitations.
Special Category Data – only where strictly necessary, for example health data provided for payroll or HR-related services.
How we collect your data
We collect personal data in the following ways:
Directly from you when you contact us by phone, email, post, or through our website forms.
During the course of delivering professional services to you.
From third parties such as HMRC, Companies House, business partners, and other professional advisers.
Automatically through cookies and analytics tools when you browse our website.
How we use your data
We use your personal data for the following purposes:
To deliver our accountancy, tax, and advisory services.
To manage our client relationships and respond to enquiries.
To comply with our legal and regulatory obligations (e.g., HMRC requirements).
To process payments and maintain financial records.
To send relevant updates, newsletters, or invitations (where you have opted in).
To improve our website and services.
To protect against fraud or misuse of our services.
Lawful basis for processing
We process personal data only where there is a lawful basis under UK GDPR:
Contract – where processing is necessary to deliver services you request.
Legal obligation – to comply with laws and regulations (e.g., tax law).
Legitimate interests – to improve services, manage our business, and communicate relevant updates.
Consent – where you have given explicit consent (e.g., marketing subscriptions).
Sharing your data
We may share your personal data with:
HMRC, regulators, or other authorities (as legally required)
Our professional advisers, insurers, or auditors.
Third-party service providers such as IT, cloud hosting, email and CRM platforms.
Subcontractors or consultants engaged in providing our services.
We require all third parties to respect your data privacy and process your data only for specified purposes.
International transfers
Where data is transferred outside the UK/EEA (for example, where cloud service providers host data abroad), we ensure adequate safeguards are in place, such as standard contractual clauses approved under UK GDPR.
Data retention
We retain personal data only as long as necessary to fulfil the purposes we collected it for, including to satisfy legal and regulatory requirements:
Client records: 7 years after engagement ends (minimum statutory period).
Marketing data: until you withdraw consent.
Website analytics: up to 2 years.
Your rights
You have the following rights under UK GDPR:
Right of access – request a copy of your data.
Right to rectification – correct inaccuracies.
Right to erasure – request deletion (where lawful).
Right to restrict processing – limit how we use your data.
Right to object – object to certain processing (e.g., marketing).
Right to portability – request data in a machine-readable format.
Right to withdraw consent – where processing is based on consent.
Requests can be made by emailing hello@onsideaccounting.com.
Cookies
We use cookies to track website performance and improve user experience. Please see our Cookie Policy for details on the types of cookies we use and how to manage your preferences.
Security
We take appropriate technical and organisational measures to protect your data, including encryption, secure servers, and restricted access.
Contact us
If you have questions about this Privacy Policy or your data rights, please contact:
Data Protection Lead
Onside Accounting Limited
Email: hello@onsideaccounting.com
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk
Data Protection Lead
Onside Accounting Limited
Email: hello@onsideaccounting.com
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk