Stonegate Accountancy & Bookkeeping – Data Protection Policy
Last Updated: June 2025. Policy Owner: Susan Reading, Data Controller
1. Introduction
This Data Protection Policy outlines how Stonegate Accountancy & Bookkeeping complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any relevant data protection legislation.
We are registered as a Data Controller with the Information Commissioner’s Office (ICO) and are committed to protecting the privacy, rights, and freedoms of individuals whose data we process.
2. What Is Personal Data?
Personal data means any information relating to an identified or identifiable individual. This includes names, addresses, email addresses, financial records, and more sensitive data such as health information or ethnicity.
Special category data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, and data concerning sexual orientation.
3. Our Responsibilities
Stonegate Accountancy & Bookkeeping will:
– Process data lawfully, fairly, and transparently
– Collect data only for specific, legitimate purposes
– Keep data accurate and up to date
– Retain data only for as long as necessary
– Protect data using appropriate technical and organisational measures
4. Legal Basis for Processing
We process data under one or more of the following lawful bases:
– The data subject has given consent
– Processing is necessary for a contract
– Compliance with legal obligations (e.g. HMRC requirements)
– Legitimate business interests (provided these do not override individual rights)
5. Data Subjects’ Rights
Under the UK GDPR, individuals have the right to:
– Access their personal data
– Request correction or deletion
– Restrict or object to processing
– Data portability
– Withdraw consent at any time (where applicable)
We aim to respond to all requests within one calendar month.
6. Data Collection
We collect data:
– From clients during onboarding and ongoing service delivery
– From suppliers and partners when initiating or managing business relationships
– From staff during recruitment and employment
Data may be collected via forms, email, phone, in person, or via our website/portal.
7. Consent
Consent must be freely given, specific, informed, and unambiguous. We will:
– Always obtain consent before sharing personal data with third parties (unless legally required)
– Keep records of when and how consent was obtained
– Provide options to withdraw consent
8. Data Security
We use robust security measures to protect personal data, including:
– Password-protected systems and cloud backups
– Secure email practices and file transfer protocols
– Restricted access to sensitive information
All staff receive training on confidentiality and data handling best practices.
9. Sharing Data with Third Parties
We may share data with:
– HMRC, regulatory bodies, pension providers, and legal advisers
– IT or cloud service providers under strict confidentiality agreements
We do not share data outside the UK or EEA unless adequate protections are in place.
10. Data Retention
We retain data in accordance with professional, regulatory, and legal obligations:
– Client financial and tax records: minimum of 6 years
– Employee payroll and HR records: typically 6–12 years depending on the record type
– Recruitment and unsuccessful applicant data: 12 months
All data is securely destroyed when no longer required.
11. Data Breaches
In the event of a personal data breach:
– We will investigate promptly and contain the breach
– Report to the ICO within 72 hours if risk to individuals is likely
– Notify affected individuals where appropriate
12. Contacting Us
If you have any questions about this policy or your personal data, please contact:
Susan Reading – Data Protection Lead / Owner, Stonegate Accountancy & Bookkeeping, info@stonegatebookkeeping.co.uk 01278 433014
This policy is reviewed annually and updated where necessary to reflect changes in regulation or our operations.