Skip to main content
KP AccountantsKP Accountants

KP Accountants

Privacy policy

How KP Accountants collects, uses and protects your personal data.

Data controller: K.P. Accountants Ltd  · ICO registration: ZA159541  · Last reviewed: June 2026

1. Who we are

K.P. Accountants Ltd is a limited company registered in England and Wales (Companies House number 11222827). We are registered with the Information Commissioner's Office as a data controller (ICO registration ZA159541), and supervised by the IAB for anti-money laundering purposes.

Our office is at: Office 28, Victoria Commercial Centre, Station Approach, Victoria, Roche, Saint Austell, Cornwall, PL26 8LG.

For any data protection matter, contact us at info@kpaccounts.co.uk.

2. What personal data we collect

In providing accountancy, bookkeeping, tax and related services, we collect and process the following categories of personal data:

  • Contact and identity: name, address, date of birth, email address and telephone number.
  • Tax identifiers: National Insurance number, Unique Taxpayer Reference (UTR) and VAT registration number.
  • Company information: Companies House registration number and Companies House Personal Code (where applicable).
  • Financial data: bank account details, sort code and payment information — both in connection with your own accounting records and, where you pay us by Direct Debit, to collect our fees. Also: accounting records, bookkeeping data and financial statements.
  • Tax and compliance records: tax returns, HMRC correspondence, payroll records, CIS records, VAT records and Making Tax Digital (MTD) records.
  • Pension information: where relevant to your tax affairs.
  • Identity documents: a copy of your passport or driving licence, plus one additional document, collected and retained to meet our legal obligations under the Money Laundering Regulations 2017.

3. Lawful basis for processing

We process your personal data on the following lawful bases under the UK General Data Protection Regulation (UK GDPR):

  • Contractual necessity (Article 6(1)(b)): most of our processing is necessary to provide the services you have engaged us to carry out, including preparing accounts, completing tax returns, bookkeeping, payroll, Companies House filings and related advisory work. Without this data we cannot act for you.
  • Legal obligation (Article 6(1)(c)): some processing is required by law, including anti-money laundering checks under the Money Laundering Regulations 2017, statutory reporting to HMRC, and obligations under the Taxes Management Act 1970.
  • Legitimate interests (Article 6(1)(f)): we retain records after the end of our engagement to respond to any later HMRC enquiry or legal claim, and for the general administration of our practice. We have balanced this interest against your data protection rights and are satisfied the processing is proportionate.

4. Who we share your data with

Software and services

We use the following software and services to carry out our work. Each acts as a data processor on our behalf:

  • Practice management: BrightManager (practice management and client document portal).
  • Accounts and tax preparation: TaxCalc (accounts and tax return preparation and filing); Microsoft Excel and Microsoft Word (accounts preparation and client documentation).
  • Specialist compliance: CIS Manager (CIS monthly return processing); Inform Direct (Ltd company filings and Companies House compliance).
  • Cloud accounting: where your business uses a cloud accounting platform, we may access it to carry out our work. Platforms used include Xero, FreeAgent, QuickBooks, Coconut and Zoho.
  • Document storage: Dropbox and Google Drive.
  • Direct Debit collection: GoCardless Ltd (collecting our fees by Direct Debit from clients who have authorised a mandate). GoCardless processes bank account and sort code details on our behalf solely for payment collection.
  • Website analytics: Google Analytics 4 (provided by Google), used only where you consent via our website cookie banner, to understand how visitors use kpaccounts.co.uk. Google may process this data outside the UK under appropriate safeguards (UK International Data Transfer Agreement / EU-US Data Privacy Framework).

Some clients choose to communicate with us via Facebook Messenger, WhatsApp or iMessage. Where you make contact through these channels, data you share is also subject to those platforms' own privacy policies. On occasion, clients have used iCloud to share documents temporarily; any data received this way is transferred to our own systems and the shared file deleted promptly.

Statutory and regulatory recipients

In the course of carrying out your work, we may share your personal data with the following organisations in their own right (not as processors on our behalf):

  • HMRC: for the submission of tax returns, VAT returns, CIS returns, payroll and other statutory filings.
  • Companies House: for the filing of annual accounts, confirmation statements and other company compliance documents (limited company clients).
  • Third parties you authorise: any person or organisation with whom you ask or permit us to correspond on your behalf.
  • Subcontractors: where we engage another qualified professional to assist with your work, under appropriate confidentiality obligations.
  • An alternate practitioner: in the event of our incapacity or death, a nominated alternate may be appointed to take over your affairs.
  • Tax investigation insurers: where you hold fee protection insurance, relevant details may be shared with the insurer to support a claim.
  • Professional indemnity insurers: in the event of a claim or potential claim against us.
  • Our professional bodies and OPBAS: including the IAB, in connection with practice assurance reviews and our obligations under the Money Laundering Regulations 2017.
  • Other professional advisers: such as solicitors or specialist consultants, where this is necessary to carry out your work.

Legal disclosures

Where the law permits or requires it, we may also share your personal data with:

  • Police and law enforcement agencies.
  • Courts and tribunals.
  • The Information Commissioner's Office (ICO), see also section 8 on complaints.

We do not sell your personal data to any third party. We keep your data within the United Kingdom wherever possible; where a service provider (such as our website analytics provider, Google) processes limited data outside the UK, this is done under appropriate safeguards such as the UK International Data Transfer Agreement or the EU-US Data Privacy Framework.

5. How we store your data

Client files are held primarily on a secure network-attached storage (NAS) drive at our office in Roche, Cornwall. We take regular manual backups and maintain multiple external backup copies. Cloud-based software holds data on secure servers in line with each provider's terms of service.

6. How long we keep your data

We retain personal data in line with recognised good practice in the tax and accountancy sector:

  • Tax return work: six years from the end of the tax year to which the information relates.
  • Ad hoc advisory work: six years from the date our business relationship ended.
  • Ongoing relationships, multi-year data: information that spans more than one tax year (such as capital gains base costs, and claims and elections submitted to HMRC) is retained throughout our relationship with you and for four years after it ends, unless you ask us to keep it for longer.
  • Anti-money laundering records: identity documents and AML verification records are kept for five years after the end of our business relationship, as required by the Money Laundering Regulations 2017.
  • When acting as a data processor: where we process personal data on behalf of a client business that is itself a data controller, we will delete or return that data at the end of our engagement as agreed.

7. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access: you can request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can ask us to delete your data. Where we have a legal obligation to retain records (for example, under HMRC rules or the Money Laundering Regulations), we may not be able to comply in full.
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: where processing is based on a contract, you can request your data in a structured, commonly used format.
  • Right to object: where processing is based on our legitimate interests, you can object to it.

To exercise any of these rights, write to us at info@kpaccounts.co.uk. We will respond within one month.

8. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at info@kpaccounts.co.uk. You also have the right to raise a complaint directly with the Information Commissioner's Office:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

9. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The current version will always be available on this page.