Privacy Notice

IT & Accounting Solutions Limited Privacy Notice

Last Updated: May 2026

1. Introduction

IT & Accounting Solutions Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Notice explains how we collect, use, store, share and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable data protection legislation.

This notice applies to clients, prospective clients, suppliers, contractors, website visitors and other individuals whose personal data we process.

2. Who We Are

IT & Accounting Solutions Limited
Registered Office: 28 Harrow Way, Maidstone, Kent, ME14 5TU
Telephone: 01622 808577
General Email: info@itaas.co.uk
Privacy Enquiries: privacy@itaas.co.uk
Website: www.itandaccounting.co.uk

Information Commissioner’s Office (ICO) Registration Number: ZA043938

For any questions regarding this Privacy Notice, requests to exercise your data protection rights, or concerns about how we process personal data, please contact us using the details above. We recommend that all privacy-related enquiries are directed to privacy@itaas.co.uk.

3. Personal Data We Collect

Depending upon the services we provide, we may collect and process the following categories of personal data:

Identity Data

  • Name
  • Date of birth
  • National Insurance number
  • Passport details
  • Driving licence details
  • Other identification documents

Contact Data

  • Home address
  • Business address
  • Telephone numbers
  • Email addresses


Financial Data

  • Bank account information
  • Payroll information
  • Income and expenditure records
  • Tax information
  • Pension information
  • Investment information


Business Data

  • Company records
  • Shareholder information
  • Director information
  • VAT information
  • Accounting records

Technical Data

  • IP addresses
  • Device information
  • Browser information
  • Website usage information
  • Login and audit information

Anti-Money Laundering Information

  • Identity verification records
  • Electronic verification checks
  • Beneficial ownership information
  • Politically Exposed Person screening results
  • Sanctions screening results

4. How We Collect Personal Data

We may collect personal data from:

  • You directly
  • Your employer or business
  • HM Revenue & Customs (HMRC)
  • Companies House
  • Banks and financial institutions
  • Professional advisers
  • Credit reference agencies
  • Identity verification providers
  • Software platforms you authorise us to access
  • Publicly available sources
  • Our website and online services

5. Why We Process Personal Data

We process personal data for the following purposes:

To Provide Professional Services

Including:

  • Accounting services
  • Bookkeeping services
  • Payroll services
  • Tax compliance services
  • VAT services
  • Company secretarial services
  • Business advisory services
  • IT support services
  • Cyber security services
  • Cloud and Microsoft 365 administration services

Additional IT Services Processing

In the course of delivering managed IT and technology services, we may also process personal data whilst providing:

  • Managed IT support and helpdesk services;
  • Microsoft 365 administration and support;
  • Google Workspace administration and support;
  • Cybersecurity monitoring, threat detection and incident response services;
  • Backup, disaster recovery and business continuity services;
  • Cloud infrastructure, hosting and systems administration services;
  • VoIP, unified communications and business telephony services;
  • Email security, spam filtering and web security services;
  • User account, device and access management services; and
  • Technical consultancy, implementation and migration services.

Where we provide such services, personal data may be processed for the purposes of system administration, troubleshooting, security monitoring, service delivery, compliance, business continuity and the protection of client systems and data.

We will only access, use or process personal data to the extent reasonably necessary to provide the services requested, comply with our legal obligations or protect the security and integrity of systems and services.

To Meet Legal and Regulatory Obligations

Including:

  • Anti-money laundering obligations
  • Tax legislation requirements
  • Professional body requirements
  • Court orders and lawful requests from authorities

To Manage Our Business

Including:

  • Client relationship management
  • Billing and debt recovery
  • Risk management
  • Quality control
  • Professional indemnity requirements
  • Business continuity arrangements

To Improve Our Services

Including:

  • Internal training
  • Service reviews
  • Security monitoring
  • Website administration

6. Lawful Bases for Processing

We rely upon one or more of the following lawful bases:

Contract

Where processing is necessary to perform a contract with you or to take steps before entering into a contract.

Legal Obligation

Where processing is required to comply with legal or regulatory obligations.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms.

Consent

Where consent is required by law. You may withdraw consent at any time, although this will not affect processing carried out before consent is withdrawn.

7. Special Category Data

In limited circumstances we may process special category personal data where:

  • required by law;
  • necessary for the establishment, exercise or defence of legal claims; or
  • you have provided explicit consent.

8. Anti-Money Laundering Compliance

As a regulated accountancy practice, we are required to verify the identity of clients and, in certain circumstances, beneficial owners, directors and other connected individuals.

We may conduct electronic verification checks and retain evidence of identity and verification results in accordance with applicable anti-money laundering legislation.

We may be required by law to report suspicious activity to the National Crime Agency (NCA) without notifying you.

9. Who We Share Personal Data With

We may share personal data with:

  • HMRC
  • Companies House
  • The Information Commissioner’s Office
  • Professional advisers
  • Legal advisers
  • Banks and financial institutions
  • Identity verification providers
  • Payroll providers
  • Software and cloud service providers
  • Professional body reviewers
  • Regulators and law enforcement agencies
  • Business continuity providers and appointed alternates

We do not sell personal data to third parties.

10. Cloud Services and Third-Party Processors

To deliver our services efficiently and securely, we use carefully selected third-party suppliers and cloud-based platforms.

These may include:

  • Microsoft 365
  • Microsoft Azure
  • OneDrive
  • SharePoint
  • Google Workspace
  • VoIP and telecommunications providers
  • Accounting software providers
  • Payroll software providers
  • Secure document management systems
  • Secure backup and disaster recovery providers
  • Cybersecurity and monitoring platforms
  • All providers are subject to appropriate due diligence and contractual safeguards.

11. International Transfers

Some of our service providers may process or store personal data outside the United Kingdom.

Where personal data is transferred internationally, we ensure that appropriate safeguards are implemented in accordance with UK GDPR requirements, including adequacy regulations, international data transfer agreements or other approved safeguards.

12. Security

We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, disclosure, alteration or destruction.

These measures may include:

  • Multi-factor authentication
  • Encryption
  • Access controls
  • Endpoint security
  • Security monitoring
  • Backup and recovery procedures
  • Staff training
  • Cyber Essentials-aligned security controls

While we take reasonable steps to protect personal data, no method of transmission or storage can be guaranteed to be completely secure.

13. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to satisfy legal, regulatory and professional obligations.

Unless a longer period is required, client records are generally retained for at least six years following the end of the relevant accounting period or the termination of our engagement.

Retention periods may vary depending upon the nature of the information and applicable legal requirements.

14. Your Rights

Under UK GDPR, individuals may have the right to:

  • Access their personal data
  • Correct inaccurate personal data
  • Request erasure of personal data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Commissioner’s Office

Not all rights apply in every circumstance.

Requests should be submitted using the contact details provided in this Privacy Notice.

15. Cookies and Website Analytics

Our website may use cookies and similar technologies to improve functionality, analyse usage and enhance user experience.

Further information can be found in our Cookie Policy.

16. Changes to This Privacy Notice

We may update this Privacy Notice from time to time.

The latest version will always be available on our website and the date of the most recent revision will be displayed at the top of the notice.

17. Complaints

If you have concerns regarding how we process your personal data, please contact us in the first instance at:

privacy@itaas.co.uk
Telephone: 01622 808577

We will investigate your concerns and endeavour to respond promptly and fairly.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

The accuracy of your information is important to me – please help us keep our records updated by informing us of any changes to your email address and other contact details.

IT & Accounting Solutions Privacy Notice PDF