Privacy Policy

1. Introduction

Severn Accounting ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our registered offices are located at 1 Shaw Street, Shaw Mews, Worcester, WR1 3QQ and Colmore Row, Birmingham, B3 2BJ. For any data protection queries, please contact us.

2. Information We Collect

As an accounting and professional services firm, we collect and process personal data necessary to provide our services. This includes:

• Identity Data: Full name, date of birth, national insurance number, passport or driving licence details
• Contact Data: Postal address, email address, telephone numbers
• Financial Data: Bank account details, tax records, income and expense information, payroll data
• Business Data: Company registration details, director information, shareholding structures, business accounts
• Technical Data: IP address, browser type, device information, cookies and usage data when you visit our website
• Communication Data: Records of correspondence, meeting notes, phone call records

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfil our accounting and advisory services
• Legal Obligation: Compliance with HMRC, Companies House, FCA regulations, and anti-money laundering requirements
• Legitimate Interests: Business administration, fraud prevention, and improving our services
• Consent: Marketing communications and non-essential cookies (where applicable)

4. How We Use Your Information

Your personal data is used to:

• Prepare and file tax returns, accounts, and regulatory submissions
• Provide bookkeeping, payroll, VAT, and CIS compliance services
• Offer business consulting and financial advisory services
• Communicate with you about your account and services
• Comply with legal and regulatory obligations
• Conduct identity verification and anti-money laundering checks
• Maintain professional indemnity insurance and manage complaints
• Send service updates and relevant industry information (with consent)

5. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• HMRC and Government Bodies: For tax compliance and regulatory submissions
• Companies House: For statutory filings
• Professional Bodies: Regulatory compliance and professional indemnity requirements
• Software Providers: Cloud accounting platforms (e.g., Xero, QuickBooks, Sage) and secure file-sharing services
• Banking Partners: Payment processing and direct debit collection
• Legal and Professional Advisors: When required for legal proceedings or professional advice

We do not sell, rent, or trade your personal data to third parties for marketing purposes. All third-party service providers are carefully selected and bound by data protection agreements.

6. Cookies and Website Analytics

Our website uses cookies to improve your browsing experience and analyze site performance. Essential cookies are necessary for the website to function, while analytics cookies help us understand how visitors interact with our site.

You can manage cookie preferences through your browser settings. For more information, please see our Cookie Policy or contact us directly.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

• Client Records: Minimum 6 years after the end of our professional relationship (in accordance with accounting standards and HMRC requirements)
• Tax Records: As required by HMRC regulations (typically 6 years)
• Company Accounts: 6 years from the end of the financial year
• Payroll Records: Minimum 3 years after the end of the tax year
• Anti-Money Laundering Records: 5 years from the end of the business relationship

After these periods, we will securely delete or anonymize your personal data unless we are required to retain it for legal proceedings or regulatory investigations.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or damage. These measures include:

• Encrypted data transmission (SSL/TLS protocols)
• Secure cloud storage with encryption at rest
• Password-protected systems and multi-factor authentication
• Regular security audits and staff training
• Restricted access to personal data on a need-to-know basis
• Secure disposal of physical and electronic records

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Please note that some of these rights may be limited due to our legal and regulatory obligations as an accounting firm. For example, we cannot delete records that we are legally required to retain for HMRC or Companies House purposes.

To exercise any of these rights, please contact us or write to us at 1 Shaw Street, Shaw Mews, Worcester, WR1 3QQ. We will respond to your request within one month.

10. International Transfers

We primarily process data within the United Kingdom. If we transfer your personal data outside the UK, we will ensure it is protected through appropriate safeguards such as Standard Contractual Clauses or adequacy decisions recognized by the UK Government.

11. Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, please contact us. We are committed to resolving any issues promptly and transparently.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any significant changes will be communicated to you via email or through a prominent notice on our website. We encourage you to review this policy periodically.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: