IT & Accounting Solutions Limited Privacy Notice
Last Updated: May 2026
1. Introduction
IT & Accounting Solutions Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy.
This Privacy Notice explains how we collect, use, store, share and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable data protection legislation.
This notice applies to clients, prospective clients, suppliers, contractors, website visitors and other individuals whose personal data we process.
2. Who We Are
IT & Accounting Solutions Limited
Registered Office: 28 Harrow Way, Maidstone, Kent, ME14 5TU
Telephone: 01622 808577
General Email: info@itaas.co.uk
Privacy Enquiries: privacy@itaas.co.uk
Website: www.itandaccounting.co.uk
Information Commissioner’s Office (ICO) Registration Number: ZA043938
For any questions regarding this Privacy Notice, requests to exercise your data protection rights, or concerns about how we process personal data, please contact us using the details above. We recommend that all privacy-related enquiries are directed to privacy@itaas.co.uk.
3. Personal Data We Collect
Depending upon the services we provide, we may collect and process the following categories of personal data:
Identity Data
- Name
- Date of birth
- National Insurance number
- Passport details
- Driving licence details
- Other identification documents
Contact Data
- Home address
- Business address
- Telephone numbers
- Email addresses
Financial Data
- Bank account information
- Payroll information
- Income and expenditure records
- Tax information
- Pension information
- Investment information
Business Data
- Company records
- Shareholder information
- Director information
- VAT information
- Accounting records
Technical Data
- IP addresses
- Device information
- Browser information
- Website usage information
- Login and audit information
Anti-Money Laundering Information
- Identity verification records
- Electronic verification checks
- Beneficial ownership information
- Politically Exposed Person screening results
- Sanctions screening results
4. How We Collect Personal Data
We may collect personal data from:
- You directly
- Your employer or business
- HM Revenue & Customs (HMRC)
- Companies House
- Banks and financial institutions
- Professional advisers
- Credit reference agencies
- Identity verification providers
- Software platforms you authorise us to access
- Publicly available sources
- Our website and online services
5. Why We Process Personal Data
We process personal data for the following purposes:
To Provide Professional Services
Including:
- Accounting services
- Bookkeeping services
- Payroll services
- Tax compliance services
- VAT services
- Company secretarial services
- Business advisory services
- IT support services
- Cyber security services
- Cloud and Microsoft 365 administration services
Additional IT Services Processing
In the course of delivering managed IT and technology services, we may also process personal data whilst providing:
- Managed IT support and helpdesk services;
- Microsoft 365 administration and support;
- Google Workspace administration and support;
- Cybersecurity monitoring, threat detection and incident response services;
- Backup, disaster recovery and business continuity services;
- Cloud infrastructure, hosting and systems administration services;
- VoIP, unified communications and business telephony services;
- Email security, spam filtering and web security services;
- User account, device and access management services; and
- Technical consultancy, implementation and migration services.
Where we provide such services, personal data may be processed for the purposes of system administration, troubleshooting, security monitoring, service delivery, compliance, business continuity and the protection of client systems and data.
We will only access, use or process personal data to the extent reasonably necessary to provide the services requested, comply with our legal obligations or protect the security and integrity of systems and services.
To Meet Legal and Regulatory Obligations
Including:
- Anti-money laundering obligations
- Tax legislation requirements
- Professional body requirements
- Court orders and lawful requests from authorities
To Manage Our Business
Including:
- Client relationship management
- Billing and debt recovery
- Risk management
- Quality control
- Professional indemnity requirements
- Business continuity arrangements
To Improve Our Services
Including:
- Internal training
- Service reviews
- Security monitoring
- Website administration
6. Lawful Bases for Processing
We rely upon one or more of the following lawful bases:
Contract
Where processing is necessary to perform a contract with you or to take steps before entering into a contract.
Legal Obligation
Where processing is required to comply with legal or regulatory obligations.
Legitimate Interests
Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.
Consent
Where consent is required by law. You may withdraw consent at any time, although this will not affect processing carried out before consent is withdrawn.
7. Special Category Data
In limited circumstances we may process special category personal data where:
- required by law;
- necessary for the establishment, exercise or defence of legal claims; or
- you have provided explicit consent.
8. Anti-Money Laundering Compliance
As a regulated accountancy practice, we are required to verify the identity of clients and, in certain circumstances, beneficial owners, directors and other connected individuals.
We may conduct electronic verification checks and retain evidence of identity and verification results in accordance with applicable anti-money laundering legislation.
We may be required by law to report suspicious activity to the National Crime Agency (NCA) without notifying you.
9. Who We Share Personal Data With
We may share personal data with:
- HMRC
- Companies House
- The Information Commissioner’s Office
- Professional advisers
- Legal advisers
- Banks and financial institutions
- Identity verification providers
- Payroll providers
- Software and cloud service providers
- Professional body reviewers
- Regulators and law enforcement agencies
- Business continuity providers and appointed alternates
We do not sell personal data to third parties.
10. Cloud Services and Third-Party Processors
To deliver our services efficiently and securely, we use carefully selected third-party suppliers and cloud-based platforms.
These may include:
- Microsoft 365
- Microsoft Azure
- OneDrive
- SharePoint
- Google Workspace
- VoIP and telecommunications providers
- Accounting software providers
- Payroll software providers
- Secure document management systems
- Secure backup and disaster recovery providers
- Cybersecurity and monitoring platforms
- All providers are subject to appropriate due diligence and contractual safeguards.
11. International Transfers
Some of our service providers may process or store personal data outside the United Kingdom.
Where personal data is transferred internationally, we ensure that appropriate safeguards are implemented in accordance with UK GDPR requirements, including adequacy regulations, international data transfer agreements or other approved safeguards.
12. Security
We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, disclosure, alteration or destruction.
These measures may include:
- Multi-factor authentication
- Encryption
- Access controls
- Endpoint security
- Security monitoring
- Backup and recovery procedures
- Staff training
- Cyber Essentials-aligned security controls
While we take reasonable steps to protect personal data, no method of transmission or storage can be guaranteed to be completely secure.
13. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to satisfy legal, regulatory and professional obligations.
Unless a longer period is required, client records are generally retained for at least six years following the end of the relevant accounting period or the termination of our engagement.
Retention periods may vary depending upon the nature of the information and applicable legal requirements.
14. Your Rights
Under UK GDPR, individuals may have the right to:
- Access their personal data
- Correct inaccurate personal data
- Request erasure of personal data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Information Commissioner’s Office
Not all rights apply in every circumstance.
Requests should be submitted using the contact details provided in this Privacy Notice.
15. Cookies and Website Analytics
Our website may use cookies and similar technologies to improve functionality, analyse usage and enhance user experience.
Further information can be found in our Cookie Policy.
16. Changes to This Privacy Notice
We may update this Privacy Notice from time to time.
The latest version will always be available on our website and the date of the most recent revision will be displayed at the top of the notice.
17. Complaints
If you have concerns regarding how we process your personal data, please contact us in the first instance at:
privacy@itaas.co.uk
Telephone: 01622 808577
We will investigate your concerns and endeavour to respond promptly and fairly.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
The accuracy of your information is important to me – please help us keep our records updated by informing us of any changes to your email address and other contact details.