Cookie Policy

Office address

Highview House, 1st Floor
Tattenham Crescent
KT18 5QJ

01737 357 283

Newsletter Sign up

With our newsletter, you automatically receive our latest news by e-mail and get access to the archive including advanced search options!

» Sign up for the newsletter
» Login

Brooks Carling Accountants Limited Privacy Policy

Brooks Carling Accountants Limited is committed to protecting and respecting the personal data that we hold.

The Privacy Policy describes your rights and how we collect personal data from you. This applies to data either provided directly to us, via a third party or from publically available sources.

The Privacy Policy is also designed to provide you with a clear understanding of why and how the data is processed.

Personal data
We are performing the role of a data controller, for which we decide on the personal data that is required and how it is stored. The firm will also undertake the role of the data processor, in certain circumstances.

Personal data is obtained from you in many formats, such as:

  1. When we are engaged to provide you with a service
  2. When we are contacted by via post, email or telephone
  3. When information is acquired from publicly available data sources, eg Companies House
  4. When information is acquired from sources that you have authorised to provide us with information eg HMRC

Many forms of personal data may be collected which include:

  1. Your full name, address, email address and telephone numbers
  2. Date of birth
  3. Unique Tax Reference (UTR)
  4. National Insurance number
  5. Copy of passport/driving licence and home utility bill
  6. Business activity
  7. Previous accountants details
  8. Income details

Your personal data will be used to:

  1. Perform the services that we have been engaged to carry out
  2. Identify any matters that we feel are relevant to you
  3. Contact you regarding any changes to our firm and services offered

We may need to collect personal information by law or under the terms of our engagement with you. If you choose not to provide us with this information, we may be unable to provide the services we were engaged to provide. We will notify you if your choice to not provide us with the necessary information would result in a delay or prevent us from meeting our obligations.

Personal information is kept for a statutory length of time. The information held is regularly reviewed and unnecessary information is destroyed securely. Data may be kept for a longer length in time, if we feel there is call to exercise or defend your legal rights or ours.

Your personal data will not be used for automated decision-making.

Lawful basis for processing personal data
The personal data held by us, is used to perform the services that the firm has been engaged to provide whilst complying with any necessary legal obligations.
Our role will include the provision of services to you where you are an individual, a supplier, employee, or subcontractor. Personal data will be processed for statistical purposes, but this will not breach any of your rights or interests.

We will use engagement letters to request consent to process your personal data, detailing the services to be provided.
In addition to the letters, specific consent may also be requested via email.

Reporting data breaches
Suspected or actual data breaches, to be reported to the Data Protection Officer (Sanjay Patel), upon discovery. This would then be reported to ICO within 72 hours of us becoming aware of it, if considered necessary.

Data security
Data is held onsite in our manual files, on the onsite server or in the Cloud. Data held on the server is backed up to portable hard drives, which is taken off site, on a daily basis. Access to the server is password protected, as is the access to all smart phones, laptops and work stations. The various accounting packages, which are used to process the data, are all password protected. Email accounts are operated via Google Gmail and password protected. The manual records are locked in the office, which is also alarmed.

As part of ensuring data is handled securely, software is updated upon notice of a new version, thereby incorporating any fixes/upgrades relating to the software.
Also, staff are kept up to date with any changes in legislation, including GDPR, that may affect the data that they are using. This training may be via external courses or internal communication.
Any new process engaged by the firm, eg new software, will be reviewed to identify the data to be stored on it and the security measures required for of it.

Data on staff and prospective employees
Personal data is held relating to staff, for administrative purposes only. When employing a new member of staff, money laundering checks are carried out and any information obtained, is held securely.
Data is destroyed after 6 years of staff leaving the firm, unless advised otherwise by the staff member.
Personal data received from prospective staff, usually via a CV, is destroyed within 6 months if the applicant is not successful, or retained if they agree for us to do so.

Location of data
The majority of our data is stored locally within the UK territory. Where data is stored in the Cloud, by our suppliers, we will take all reasonable steps to ensure that the data is treated securely. We have obtained confirmation of GDPR compliance from our software suppliers. If data is to be sent outside of the EEA, authorisation for this will be sought before transmission.

Your rights
You have the following rights regarding your personal data and as data controllers or processors, we are responsible for fulfilling these as follows:

  1. You have the right to access the information held relating to you
  2. You may request us to amend the data held by us
  3. You may request for us to delete the personal data held by us
  4. You have the right to withdraw your consent, at any time, to process your data
  5. You have the right to restrict or object to us processing your personal data, such as receiving marketing communications
  6. You have the right for your personal data to be transferred to a third party
  7. You have the right to be informed of any automated processes carried out on your personal data
  8. You have the right to make a complaint to the ICO (Information Commissioner’s Office), if you feel that your personal data has been mishandled

If you would like to exercise your data protection rights, please contact Sanjay Patel, via email at This email address is being protected from spambots. You need JavaScript enabled to view it. or in writing.

You have the right to contact the ICO directly. Further information can be found on their website

Data protection officer and contact information
As the firm is not a public authority or body and does not engage in large scale data processing, we are not required to have a Data Protection Officer. However, we have taken the decision to appoint a Data Protection Officer.

Our Data Protection Officer is Sanjay Patel, a director of Brooks Carling Accountants Limited, and can be contacted at:

Brooks Carling Accountants Limited
Highview House
1st Floor
Tattenham Crescent
KT18 5QJ
Phone: 01737 357 283
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Changes to the Privacy Policy
This Privacy Policy was last updated on 25th May 2018.
Any updates to the Privacy Policy, will be published on our website.