PRIVACY POLICY

The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.

Robinson & Reilly Accountancy Services is a data controller within the meaning of the GDPR and we process personal data

The type of personal information we collect

This will vary, depending on the type of service we are providing to you:

  • Personal details (Name, date of birth, address, email address, phone number etc.)

  • Anti-Money Laundering and Due Diligence records (government-issued documents like a passport, along with utility bills/bank statements etc.)

  • Bank details

  • Unique Taxpayer Reference number

  • National Insurance number

  • Details of our contact with you.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you in the following ways

  • During our initial consultation

  • When you engage us to act as your accountant/tax practitioner and during the provision of the related services.

  • When you contact us by email, phone, post etc.

We may use this information for the following purposes:

  • To enable us to supply professional services to you as our client.

  • To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended (“MLR 2017”)).

  • To comply with professional obligations to which we are subject as a member of The Association of Accounting Technicians (AAT)

  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings, and legal proceedings.

  • To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.

  • To contact you about other services we provide which may be of interest to you if you have consented to us doing so.

We may also receive personal information indirectly, from publicly available resources (for example, Companies House)

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. - At the time you instruct us to act, you give consent to our processing your personal data for the purposes listed above

  • We have a contractual obligation - The processing is necessary for the performance of our contract with you.

  • We have a legal obligation. - The processing is necessary for compliance with legal obligations to which we are subject (e.g., MLR 2017).

  • We have a legitimate interest. - The processing is necessary for the purposes of the legitimate interests which we pursue (investigating/defending legal claims)

Persons/organisations to whom we may give personal data

We can confirm we do not share, sell or rent any information with third parties for marketing purposes.

We may need to share your personal data with the third parties identified below in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.

We may share your personal data with:

  • HMRC

  • Companies House

  • any third parties with whom you require or permit us to correspond

  • an alternate appointed by us in the event of incapacity or death

  • professional indemnity insurers

  • our professional body (The Association of Accounting Technicians) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)

  • Online verification providers

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies

  • courts and tribunals

  • the Information Commissioner’s Office (ICO)

How we store your personal information

Your data is securely stored on computer equipment and storage devices.

All computers, computer programs and client data files are password protected and backup/storage devices are kept securely locked away when not being used.

Passwords are reviewed and changed regularly. Computers are protected by current and up to date anti-virus and firewall software.

We also use secure cloud-based software that is also subject to the provisions of the GDPR.

Data will be retained by us so long as it is still valid and necessary for us to use it but will not be retained for longer than is necessary for its lawful purpose.

Obsolete data will be deleted after six years.

Your data protection rights

Under data protection law, you have the following rights:

  • Your right of access - You have the right to ask us for copies of your personal information.

  • Putting things right (the right to rectification) - You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed (We request you inform us as soon as possible should you become aware that any personal data that we hold about you is inaccurate and/or incomplete).

  • Deleting your records (the right to erasure) - You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

  • Withdrawal of consent - Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at if you wish to make a request.

How to complain

If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us.

Please send any complaints to:

Robinson & Reilly Accountancy Services

15 Coach Road

Brotton

Saltburn by the Sea

Redcar and Cleveland

TS12 2RA

Email: info@robinsonandreilly.co.uk

If you are not happy with our response, you have a right to lodge a complaint with the ICO

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This privacy policy was last reviewed April 2005

Coach Road, Brotton, Saltburn-By-The-Sea, TS12 2SE, United Kingdom

Copyright © 2025 Robinson & Reilly Accountancy Services - All Rights Reserved.

Michael Robinson and Gemma Reilly are licensed and regulated by AAT under licence numbers 20270327 and 1005974. AAT is recognised by HM Treasury to supervise compliance with the Money Laundering Regulations and Robinson and Reilly Accountancy Services is supervised by AAT in this respect.