1. Introduction
Verdant Tax Advisors ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, services, or interact with us.
We are registered in England and Wales and our registered office is at 45 Queen Street, Manchester M2 4LN, United Kingdom.
2. Data Controller
Verdant Tax Advisors is the data controller for the personal information we collect about you. This means we are responsible for deciding how and why your personal data is processed.
3. Information We Collect
We collect and process different types of personal information depending on how you interact with us:
3.1 Information You Provide Directly
- Contact Information: Name, email address, phone number, postal address
- Professional Information: Job title, company name, business type
- Financial Information: Tax details, income information, financial circumstances (for tax advice services)
- Communication Records: Correspondence, consultation notes, service records
- Marketing Preferences: Newsletter subscriptions, communication preferences
3.2 Information We Collect Automatically
- Website Usage: Pages visited, time spent, referring websites
- Technical Information: IP address, browser type, device information
- Cookies and Tracking: As described in our Cookie Policy
3.3 Information from Third Parties
- Professional References: Information from accountants, solicitors, or other professionals
- HMRC Information: Tax records and correspondence (with your consent)
- Credit Reference Agencies: For identity verification purposes
4. How We Use Your Information
We process your personal data for the following purposes:
4.1 Service Delivery
- Providing tax advice and accounting services
- Preparing tax returns and submissions
- Representing you before HMRC
- Managing your client account and records
4.2 Communication
- Responding to your enquiries and requests
- Sending service updates and important notices
- Providing tax deadline reminders
- Newsletter and marketing communications (with consent)
4.3 Legal and Regulatory Compliance
- Meeting professional and regulatory obligations
- Complying with tax and financial regulations
- Maintaining client records as required by law
- Responding to legal requests and investigations
4.4 Business Operations
- Website functionality and security
- Service improvement and development
- Quality assurance and training
- Risk management and fraud prevention
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
5.1 Contract Performance
Processing necessary for performing our tax advice and accounting services contract with you.
5.2 Legal Obligation
Processing required to comply with legal and regulatory obligations, including tax laws and professional standards.
5.3 Legitimate Interests
Processing for our legitimate business interests, such as:
- Providing effective customer service
- Protecting against fraud and security threats
- Improving our services and website
- Direct marketing to existing clients
5.4 Consent
Processing based on your explicit consent for activities such as:
- Marketing communications to prospects
- Non-essential cookies
- Special category data processing
6. Data Sharing and Disclosure
We may share your personal information with the following parties:
6.1 Service Providers
- IT Services: Cloud hosting, data backup, software providers
- Professional Services: Legal advisers, auditors, consultants
- Administrative Support: Outsourced administrative functions
6.2 Regulatory Bodies
- HMRC: Tax submissions and correspondence
- Professional Bodies: Regulatory compliance and investigation
- Law Enforcement: When legally required
6.3 Business Transfers
In the event of a merger, acquisition, or business sale, your information may be transferred to the new owner, subject to appropriate protections.
6.4 Data Protection Measures
All third parties are required to:
- Maintain appropriate data protection standards
- Process data only as instructed by us
- Implement appropriate security measures
- Notify us of any data breaches
7. Data Security
We implement comprehensive security measures to protect your personal information:
7.1 Technical Safeguards
- Encrypted data transmission and storage
- Secure access controls and authentication
- Regular security updates and patches
- Intrusion detection and monitoring systems
7.2 Organizational Measures
- Staff training on data protection
- Access restrictions on a need-to-know basis
- Regular security audits and assessments
- Incident response procedures
7.3 Physical Security
- Secure office premises with access controls
- Locked filing systems for physical documents
- Secure disposal of confidential information
- Clean desk and clear screen policies
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:
8.1 Client Records
- Active Clients: Throughout the duration of our professional relationship
- Former Clients: Minimum 7 years after the end of our relationship (regulatory requirement)
- Tax Records: As required by HMRC and tax legislation
8.2 Marketing Information
- Newsletter Subscribers: Until you unsubscribe
- Prospects: 3 years from last meaningful contact
- Website Analytics: 26 months maximum
8.3 Legal Obligations
Some information may be retained longer if required by law, regulation, or for the establishment, exercise, or defense of legal claims.
9. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
9.1 Right of Access
Request a copy of the personal data we hold about you.
9.2 Right to Rectification
Request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure
Request deletion of your personal data in certain circumstances.
9.4 Right to Restrict Processing
Request limitation of how we use your personal data.
9.5 Right to Data Portability
Request transfer of your personal data to another organization.
9.6 Right to Object
Object to processing based on legitimate interests or for marketing purposes.
9.7 Rights Related to Automated Decision Making
Protection against decisions based solely on automated processing.
9.8 Exercising Your Rights
To exercise any of these rights, please contact us using the details provided in Section 2. We will respond within one month of receiving your request.
10. Cookies and Website Technologies
Our website uses cookies and similar technologies. For detailed information about our use of cookies, please see our Cookie Policy.
11. International Transfers
Your personal data may be transferred to and processed in countries outside the UK. When this occurs, we ensure appropriate safeguards are in place:
- Adequacy decisions by the UK government
- Standard contractual clauses
- Binding corporate rules
- Certification schemes and codes of conduct
12. Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will:
- Post the updated policy on our website
- Update the "Last Updated" date
- Notify you of significant changes via email or website notice
- Obtain your consent for material changes where required
14. Contact Us and Complaints
If you have any questions about this Privacy Policy or our data practices, please contact us:
14.1 Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately:
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF