AAA Service at an Affordable Price

This privacy notice provides information on how Agent Armour Accounts Limited collects and processes your personal data through your use of our services, including any data you may provide through our website or when you engage us to deliver professional accountancy services.

1. Important Information and Who We Are

Purpose of this Privacy Notice

This privacy notice aims to give you information on how Agent Armour Accounts Limited collects and processes your personal data. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Data Controller

Agent Armour Accounts Limited is the data controller and is responsible for your personal data (referred to as "we", "us" or "our" in this privacy notice).

We are registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Our ICO registration number is ZA344400.

We are also regulated by the Association of Accounting Technicians (AAT) and strictly adhere to their professional code of conduct and regulations regarding client confidentiality.

Contact Details

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below:

· Full name of legal entity: Agent Armour Accounts Limited

· Email address: info@agentarmour.co.uk

· Postal address: Hampton House, Deepdale Enterprise Park, Nettleham, LN2 2LL

You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

2. The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

· Identity Data: Includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, National Insurance number, Unique Taxpayer Reference (UTR), and copies of identification documents (such as your passport or driving licence) required under UK anti-money laundering regulations.

· Contact Data: Includes billing address, residential address, business address, email address, and telephone numbers.

· Financial Data: Includes bank account details, credit/debit card numbers, payroll records, salary scales, dividend declarations, loan agreements, tax history, and corporate financial records.

· Transaction Data: Includes details about payments to and from you and other details of accounting and tax services you have purchased from us.

· Technical and Usage Data: Includes information about how you use our website, products, and services, as well as internet protocol (IP) addresses if you interact with our digital systems.

· Special Category Data: While delivering payroll, bookkeeping, or specialized tax services, we may occasionally process sensitive personal data on your behalf. This includes information about trade union check-off deductions, health data (to process Statutory Sick Pay), or statutory maternity/paternity details. We process this data strictly under Article 9(2)(b) of the UK GDPR to meet statutory employment and social security obligations.

3. How Your Personal Data is Collected

We use different methods to collect data from and about you, including through:

· Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms, uploading documents to our client portals, or by corresponding with us by post, phone, email, or in person. This includes personal data you provide when you enter into a contract for our professional accounting services.

· Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources based within the UK, including:

o Publicly available registries such as Companies House.

o HM Revenue & Customs (HMRC) when you authorize us as your tax agent.

o Financial institutions or cloud accounting software providers that you link to our services (such as Xero, QuickBooks, Sage, or Dext).

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

· Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you.

· Legal Obligation: Where we need to comply with a legal or regulatory obligation (such as UK tax law or Anti-Money Laundering legislation).

· Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Purposes for Which We Will Use Your Personal Data

The table below outlines a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

5. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes detailed in the table above:

· Government and Regulatory Authorities: HM Revenue & Customs (HMRC), Companies House, the Department for Work and Pensions (DWP), and law enforcement bodies operating in the United Kingdom as required by law.

· Professional Bodies: The Association of Accounting Technicians (AAT) for the purpose of regulatory compliance audits and professional practice reviews.

· Third-Party Service Providers: Secure cloud accounting, data ingestion, and document management platforms that we use to process financial information (including platforms like Xero, QuickBooks, Sage, and Dext).

· Professional Advisers: Bankers, lawyers, auditors, and insurers based in the UK who provide consultancy, banking, legal, insurance, and accounting services to us.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our strict instructions.

6. International Data Transfers

Some of our external third-party software vendors and cloud storage providers operate or host backup data outside the United Kingdom or the European Economic Area (EEA).

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented. This includes verifying that the recipient country has been granted an adequacy regulation by the UK government, or using specific UK-approved Standard Contractual Clauses (SCCs) and the International Data Transfer Agreement (IDTA) which give personal data the same protection it has in the UK.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a strict duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

How Long Will We Use Your Personal Data For?

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.

By law, we must adhere to specific statutory retention windows:

· Tax and Financial Records: For HMRC compliance purposes, we must retain corporate financial records, tax returns, payroll records, and supporting transaction data for a minimum of 6 years from the end of the relevant financial or tax year.

· Anti-Money Laundering (AML) Records: Identity verification data and records of transactions collected to fulfill our AML duties will be securely retained for 5 years following the formal termination of our professional business relationship.

9. Your Legal Rights

Under certain circumstances, you have comprehensive rights under UK data protection laws in relation to your personal data. You have the right to:

· Request Access: Commonly known as a "Data Subject Access Request". This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

· Request Correction: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

· Request Erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (such as our statutory duties to preserve tax records for HMRC), which will be notified to you at the time of your request.

· Object to Processing: You can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

· Request Restriction of Processing: This enables you to ask us to suspend the processing of your personal data in specific scenarios, such as if you want us to establish the data's accuracy.

· Request Data Portability: We will provide to you, or a third party you have chosen (such as a successor accountancy firm), your personal data in a structured, commonly used, machine-readable format.

· Withdraw Consent: This applies only where we are relying on consent to process your personal data. If you withdraw your consent, it will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us directly at info@agentarmour.co.uk.

10. Changes to This Notice and Your Duty to Inform Us

We keep our privacy notice under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data (such as a change of residential address, email, or legal company name) changes during your relationship with us.