Legal Notice
& Privacy Policy

This Legal Notice and Privacy Policy is issued by Finexis Accountants Ltd, a company registered in England and Wales.

Finexis Accountants Ltd operates as a fully remote practice with no public-facing office, serving clients across the United Kingdom by phone, email, video call and in-person meetings as required.

Finexis Accountants Ltd is a practice registered with the Association of Accounting Technicians (AAT). Our principal adviser holds the ACCA (Association of Chartered Certified Accountants) qualification.

We carry professional indemnity insurance as required by our professional body. Details are available on request.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Finexis Accountants Ltd is the data controller in respect of personal data held about clients, prospective clients, and website visitors.

As data controller, we are responsible for deciding how and why personal data is processed. We are committed to processing personal data lawfully, fairly, and transparently.

We collect and process personal data necessary to provide our accountancy services. The categories of data we may hold include:

• Identity data — full name, date of birth, National Insurance number, UTR number, and copies of identity documents where required
• Contact data — home or business address, email address, telephone number
• Financial data — income details, bank account information, payroll records, invoices, expenses, and tax records
• Business data — company registration details, director information, VAT registration number, Companies House filings
• Correspondence data — emails, notes from meetings or calls, and other communications relating to the engagement
• Technical data — IP address, browser type, and pages visited on our website, collected via cookies where consent is given

We collect this data directly from you when you engage our services, through forms on our website, or in the course of carrying out work on your behalf.

We rely on the following lawful bases under UK GDPR Article 6 to process your personal data:

• Contract — processing is necessary to perform the services set out in our engagement letter with you
• Legal obligation — we are required by law to retain certain records, including those required by HMRC, Companies House, and anti-money laundering legislation
• Legitimate interests — for purposes such as improving our services, communicating relevant updates, and maintaining business records, where these interests do not override your rights
• Consent — for marketing communications and certain uses of cookies, where you have given explicit consent

Your personal and financial data is used solely to deliver the services you have engaged us to provide. Specifically, we use your data to:

• Prepare and file tax returns, VAT returns, and statutory accounts on your behalf
• Manage your payroll and pension auto-enrolment obligations
• Correspond with HMRC, Companies House, and other statutory bodies on your behalf
• Provide bookkeeping, management accounts, and financial reporting
• Meet our anti-money laundering (AML) and know-your-client (KYC) obligations
• Send you relevant service updates, regulatory reminders, and deadline notifications
• Respond to your queries and maintain records of our communications

We will never sell your data to any third party. We do not use your data for profiling or automated decision-making that produces legal or significant effects.

Your data is treated as strictly confidential. We will only share it in the following circumstances:

• HMRC — when submitting tax returns, VAT returns, PAYE filings, or other statutory submissions on your behalf
• Companies House — when filing confirmation statements, annual accounts, or other company filings
• Professional software providers — accounting and practice management platforms used to deliver our services, all of which are UK GDPR compliant and bound by data processing agreements
• Professional advisers — such as solicitors, where necessary and with your prior agreement
• Legal obligation — where required by law, a court order, or a regulatory authority with jurisdiction

All third parties with whom we share data are required to handle it securely and in accordance with data protection law. We do not transfer personal data outside the United Kingdom without appropriate safeguards in place.

We retain personal and financial data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with our legal and regulatory obligations.

Certain records may be kept for longer where required by law. For example:

• Anti-money laundering records are retained for five years from the end of the business relationship
• Company secretarial and statutory records may be retained for the life of the company
• Payroll records must be kept for at least three years after the relevant tax year

On expiry of the applicable retention period, data is securely and permanently deleted or destroyed. Physical documents are shredded; electronic files are overwritten or securely erased in accordance with recognised standards.

Under UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.

Please note that some rights are subject to exemptions. For example, we cannot erase data that we are legally required to retain. We will always explain the reasons if we are unable to fulfil a request.

Our website uses a small number of cookies to ensure it functions correctly and to understand how visitors use the site. Cookies are small text files stored on your device.

• Strictly necessary cookies — required for the website to operate. These cannot be disabled.
• Analytics cookies — help us understand visitor behaviour in aggregate, so we can improve the site. These are only set with your consent.

We do not use advertising or tracking cookies. You can manage your cookie preferences through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of the site.

We take the security of your data seriously and maintain appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure.

Our security measures include:

• Encrypted file transfer and storage for all client financial documents
• Password-protected, access-controlled practice management systems
• Multi-factor authentication on all systems handling client data
• Regular software updates and security patching
• Secure deletion of data at the end of the retention period

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR, and will inform affected individuals without undue delay.

If you have a concern about how we have handled your personal data, we encourage you to contact us in the first instance so we can try to resolve the matter directly.

If you remain dissatisfied after raising a concern with us, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters.

We review this policy at least annually and whenever there are material changes to how we process data or to applicable law. When we make significant changes, we will notify existing clients by email and update the "Last Reviewed" date at the top of this document.

We encourage you to check this page periodically. Continued use of our services following any update constitutes acceptance of the revised policy.

This policy was last reviewed in January 2026.