PRIVACY POLICY

Last Updated: December 2024

1. Introduction

Aqua Accounting is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Aqua Accounting
Location: Newcastle upon Tyne, United Kingdom
ICO Registration: [Your ICO registration number – if applicable]

2. Information We Collect

2.1 Personal Information

We collect and process the following types of personal data:

For Individual Clients:

Full name, date of birth, and contact details
National Insurance number
Tax reference numbers (UTR, PAYE reference)
Bank account details
Employment and income information
Identification documents (passport, driving license, utility bills)
Financial records and tax-related documentation

For Business Clients:

Company name, registration number, and registered address
Director and shareholder information
Company financial records and accounts
VAT registration details
Employee payroll information
Business bank account details

2.2 Website Information

When you visit our website, we may automatically collect:

IP address and browser type
Pages visited and time spent on site
Referring website addresses
Device information and operating system
Cookies and similar tracking technologies (see Cookie Policy)

2.3 Communication Records

We maintain records of:

Email correspondence
Phone call notes and recordings (where applicable and with consent)
Meeting notes and consultation records
Documents and files you provide to us

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR Article 6:

Contract Performance: Processing necessary to fulfill our engagement with you Legal Obligation: Compliance with HMRC, Companies House, and regulatory requirements Legitimate Interests: Business administration, fraud prevention, and service improvement Consent: Where we have obtained your explicit consent for specific processing activities

3.2 Purposes of Processing

We use your information to:

Prepare and file your tax returns with HMRC
Prepare and submit annual accounts to Companies House
Process payroll and make RTI submissions
Prepare and submit VAT returns
Provide accounting, bookkeeping, and advisory services
Comply with anti-money laundering regulations
Communicate with you about your accounts and services
Send service updates and important notices
Improve our services and website functionality
Comply with legal and regulatory obligations

4. Information Sharing and Disclosure

4.1 Government and Regulatory Bodies

We share your information with:

HMRC: For tax returns, PAYE, VAT, and other tax matters
Companies House: For company accounts and statutory filings
The Pensions Regulator: For auto-enrollment and pension compliance
Other regulatory authorities: As required by law

4.2 Third-Party Service Providers

We may share your data with trusted service providers who assist us:

Cloud storage and backup providers
Accounting software providers (e.g., Xero, QuickBooks, Sage)
Making Tax Digital (MTD) compatible software
Payroll software providers
IT support and cybersecurity services
Professional indemnity insurers

All third-party providers are contractually bound to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if:

Required by law or court order
Requested by law enforcement agencies
Necessary to protect our rights or property
Required under anti-money laundering obligations
Part of legal proceedings or dispute resolution

4.4 Business Transfers

In the event of a merger, acquisition, or sale of our business, your data may be transferred to the new owner, subject to the same privacy protections.

5. Data Security

5.1 Security Measures

We implement robust security measures to protect your data:

Encrypted data transmission (SSL/TLS)
Secure password-protected systems
Regular security audits and updates
Restricted access to personal data (need-to-know basis)
Secure backup systems
Firewall and anti-malware protection
Employee training on data protection

5.2 Data Breach Protocol

In the event of a data breach, we will:

Assess the risk and impact
Notify the Information Commissioner’s Office (ICO) within 72 hours if required
Inform affected individuals without undue delay
Take immediate action to contain and remedy the breach

6. Data Retention

6.1 Retention Periods

We retain your data for as long as necessary to fulfill our legal and professional obligations:

Tax records: Minimum 6 years after the end of the accounting period (as required by HMRC)
Company records: As required by the Companies Act 2006
Payroll records: Minimum 3 years from the end of the tax year
Anti-money laundering records: 5 years from the end of the business relationship
Professional indemnity requirements: As required by our insurers (typically 6-15 years)

6.2 Secure Disposal

When retention periods expire, we securely delete or destroy your data using industry-standard methods.

7. Your Rights Under UK GDPR

7.1 Individual Rights

Under the UK GDPR, you have the following rights:

Right to Access: Request a copy of the personal data we hold about you Right to Rectification: Request correction of inaccurate or incomplete data Right to Erasure: Request deletion of your data (subject to legal retention requirements) Right to Restrict Processing: Request limitation on how we use your data Right to Data Portability: Receive your data in a structured, machine-readable format Right to Object: Object to processing based on legitimate interests Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

7.2 Exercising Your Rights

To exercise any of these rights, please contact us in writing. We will respond within one month. Please note that some rights may be limited due to our legal obligations to retain certain records.

7.3 Right to Complain

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ICO Contact Details:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: www.ico.org.uk

8. Cookies and Website Tracking

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. For detailed information about cookies, visit aboutcookies.org.

8.2 Types of Cookies We Use

Essential Cookies: Necessary for website functionality (cannot be disabled) Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics) Functional Cookies: Remember your preferences and settings Marketing Cookies: Track visitors across websites to display relevant ads (if used)

8.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. Learn more about cookie management at www.allaboutcookies.org.

8.4 Google Analytics

We use Google Analytics to analyze website traffic. Data collected is anonymized and used to improve our website. Learn more about Google’s Privacy Policy.

9. International Data Transfers

9.1 Data Location

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure:

The country has adequate data protection laws as recognized by the UK government
We use Standard Contractual Clauses (SCCs) approved by the ICO
Other appropriate safeguards are in place

9.2 Cloud Services

Some of our cloud service providers may process data outside the UK. We ensure all providers comply with UK GDPR requirements.

10. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Marketing Communications

11.1 Opt-In

We will only send marketing communications if you have explicitly consented or if permitted under UK marketing regulations (PECR).

11.2 Opt-Out

You can unsubscribe from marketing emails at any time by:

Clicking the “unsubscribe” link in any marketing email
Contacting us directly
Updating your preferences in your client portal (if applicable)

11.3 Service Communications

We will continue to send essential service-related communications (e.g., deadline reminders, invoice notifications) even if you opt out of marketing.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies before providing personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the updated policy on our website with a new “Last Updated” date
Sending an email notification to active clients
Displaying a notice on our website

Continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

14. Data Protection Officer

While we are not required to appoint a Data Protection Officer, we have designated a privacy contact for data protection matters. For any privacy-related questions or concerns, please contact us.

15. Automated Processing

We do not use automated decision-making or profiling that would significantly affect you. All significant decisions are made by qualified professionals.

16. Transparency and Accountability

We maintain detailed records of our data processing activities as required by UK GDPR Article 30. We regularly review and update our data protection practices.

17. Contact Us

For questions about this Privacy Policy or how we handle your personal data:

Aqua Accounting
Newcastle upon Tyne
United Kingdom

Email: info@aquaaccounting.com
Website: aquaaccounting.com

For Data Protection Enquiries:
Email: info@aquaaccounting.com

For ICO Complaints:
Visit: https://ico.org.uk/make-a-complaint/

18. Additional Resources

For more information about data protection and your rights:

By engaging our services or using our website, you acknowledge that you have read and understood this Privacy Policy.