1. About us and the purpose of this notice

Compass Accounting provides accounting, bookkeeping and tax compliance services to individuals, sole traders and limited companies.

We are a sole trader registered in England and Wales.

Our business address is:

3 Gwarak Trystan,

Newquay,

TR8 4SQ

This privacy notice explains how we collect, use and protect personal data in accordance with applicable data protection legislation, including:

• the UK General Data Protection Regulation (UK GDPR)

• the Data Protection Act 2018

• the Privacy and Electronic Communications Regulations (PECR).

For the purposes of data protection law, we are the data controller of the personal data we process.

We are registered with the Information Commissioner’s Office as a data controller under the Data Protection Act 2018.

If you have questions about this notice or how we handle personal data, please contact us using the details in section 11.

2. The information we hold about you

We may collect and process personal data including:

• name and contact details (address, email, phone number)

• date of birth

• National Insurance number

• tax reference numbers

• employment and income information

• bank details and financial records

• accounting and transaction data

• payroll information

• identification documents for anti-money laundering checks

• correspondence and communications with you

• company registration details and statutory records

• director, shareholder and officer information

• employee data where we provide payroll services

• company financial statements and accounting record

We only collect personal data that is relevant to providing our services or meeting legal obligations.

________________________________________

3. How we collect personal data

We may collect personal data directly from you when:

• you request information about our services

• you engage us to provide accounting or tax services

• you communicate with us by email, telephone or post

• you provide information for bookkeeping, payroll or tax returns.

• You submit an enquiry or contact us through forms available on our website.

We may also obtain personal data indirectly from:

• your accounting software

• your bank or financial institutions (with your consent)

• your previous accountant or adviser

• publicly available sources such as Companies House

• HM Revenue and Customs where authorised

• identity verification providers used for anti-money laundering checks.

For limited company clients, we may also receive personal data from company directors, employees or authorised representatives.

________________________________________

4. How we use your personal data

We use personal data to provide accountancy and tax services and to operate our business.

This includes:

• preparing accounts and tax returns

• bookkeeping services

• payroll services

• VAT compliance services

• Making Tax Digital submissions

• communicating with you about your affairs

• responding to enquiries

• managing billing and payments

• complying with legal and regulatory obligations.

• preparing statutory accounts

• corporation tax compliance

• supporting directors with company related queries

Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

Contractual necessity

Processing necessary to provide the services agreed with you.

Legal obligation

Processing required to comply with legal duties, including tax law and anti-money laundering legislation.

Legitimate interests

Processing necessary for the administration and operation of our business, provided those interests do not override your rights.

Consent

Where consent is required for specific purposes such as certain marketing communications.

________________________________________

5. Data sharing

We may share personal data where necessary with:

• HM Revenue and Customs

• regulators or government authorities where required by law

• software providers used to deliver our services

• subcontractors or professional advisers assisting with your work

• identity verification providers for anti-money laundering checks.

We may use secure cloud-based software and service providers to store and process data in connection with the services we provide. These may include providers of accounting software, document storage, email and practice management systems (for example, Microsoft OneDrive, Xero or Hubdoc).

These providers act as data processors on our behalf and will only process personal data in accordance with our instructions and applicable data protection laws.

For limited company clients, we may also share information with Companies House where required, and with pension providers where we administer payroll.

6. International transfers

Some cloud software providers we use may store data outside the United Kingdom.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place to comply with UK data protection legislation. These safeguards may include:

• transfers to countries recognised as providing adequate protection

• standard contractual clauses or other approved transfer mechanisms.

Further information about international transfers can be obtained from us on request.

________________________________________

7. Data security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

Access to personal data is restricted to individuals who require it for legitimate business purposes.

We also maintain procedures for responding to suspected data breaches and will notify affected individuals and regulators where required by law.

________________________________________

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory and accounting requirements.

Typically we retain client records for at least six years after the end of the relevant engagement or accounting period.

Where longer retention is required by law or regulation, we will comply with those requirements.

For limited companies, certain statutory records may need to be retained for longer periods in accordance with company law.

________________________________________

9. Your data protection rights

Under UK data protection law you have the following rights:

• the right to access your personal data

• the right to request correction of inaccurate data

• the right to request erasure of personal data in certain circumstances

• the right to restrict processing

• the right to object to processing where we rely on legitimate interests

• the right to data portability where applicable.

To exercise any of these rights, please contact us using the details below.

We may request information to verify your identity before responding to such requests.

________________________________________

10. Withdrawal of consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time.

Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn.

________________________________________

11. Contact us

If you have questions about this privacy notice or how we process personal data, please contact:

Compass Accounting

Email: emma@compassaccounting.uk

Telephone: 01637 856679

You also have the right to lodge a complaint with the Information Commissioner's Office, the UK supervisory authority for data protection issues.

Website: https://ico.org.uk

Telephone: 0303 123 1113

________________________________________

12. Changes to this privacy notice

We may update this privacy notice from time to time to reflect changes in our services or legal requirements.

The latest version will always be available on our website or upon request.

Last updated: 30/03/2026