BCACIC

Privacy Statement

Last updated: 9 August 2025

Privacy Statement

1. Introduction

Bristol Community Accountants CIC ("we", "us", "our") is committed to protecting and respecting your privacy. This statement explains what personal data we collect from you, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

This Privacy Notice applies to current and previous customers, new business prospects, suppliers, and users of our website. It also applies to our employees and anyone wishing to apply to work with us. By using our website and providing us with your data, you warrant that you are over 13 years of age.

2. Who We Are

We are Bristol Community Accountants, a Community Interest Company (CIC) registered in England and Wales.

  • Company Registration Number: 11836955
  • ICO Registration Number: ZA507256
  • Registered Address: The Park, Daventry Road, Knowle, Bristol, BS4 1DQ

Where we act as a data processor on behalf of a data controller (for example, when processing payroll), we provide an additional letter of engagement setting out specific terms. That letter should be read in conjunction with this privacy notice.

3. Information We Collect

We may collect and process the following categories of personal data:

  • Communication Data: Includes any communication you send to us through the contact form on our website, email, text, or social media messaging. We process this for record-keeping and responding to enquiries.
  • Customer Data: Data relating to the purchase of services, such as your name, title, billing address, contact details, and purchase history.
  • Identification and Tax Data: To engage with authorities like HMRC and Companies House, we collect names, dates of birth, National Insurance numbers, Unique Tax Reference (UTR) numbers, and copies of photo identification for identity verification.
  • Administrative Information: Information provided in correspondence or for the delivery of specific services like payroll (e.g., employee salaries and pension details).
  • Technical Data: Information about your use of our website, including your IP address, browser type, and operating system.

4. How We Use Your Information

We use your information for the following purposes:

  • To supply professional accounting, bookkeeping, and payroll services.
  • To fulfil obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
  • To comply with professional obligations as a member of the Association of Accounting Technicians (AAT).
  • To investigate or defend potential complaints, disciplinary proceedings, or legal claims.
  • To enable invoicing and address any fee disputes.

5. Our Lawful Basis for Processing

The legal bases we rely on are:

  • Contract: Necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: To comply with laws such as tax law, charity law, and anti-money laundering regulations.
  • Legitimate Interests: To manage our relationship with you, reply to communications, and maintain business records.

If you do not provide the information we request, we may not be able to provide professional services to you.

6. Data Sharing and Disclosure

We do not sell your data. We share your information only when necessary with:

  • Regulatory Bodies: HMRC, Companies House, and the Information Commissioner's Office (ICO).
  • Professional Bodies: The Association of Accounting Technicians (AAT) or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS).
  • Service Providers: Software providers for cloud accounting (e.g., Quickbooks, Xero, Brightpay, Taxcalc), cloud storage (e.g., Microsoft, Google, Dropbox), and pension services (e.g., NEST).
  • Subcontractors and Advisors: Professional indemnity insurers, tax insurance providers, and subcontractors who access only necessary data under confidentiality agreements.

7. International Data Transfers

Some of our software providers are located outside the European Economic Area (EEA). In such cases, we ensure safeguards are in place, such as using countries approved as "adequate" under GDPR or using specific contracts and certification mechanisms approved by the UK and EU to protect your data.

8. Data Retention

We retain records in accordance with recognised professional practice:

  • Tax Returns: Information is retained for 7 years from the end of the tax year to which it relates.
  • Advisory Work: Information is retained for 2 years from the date the business relationship ceased.
  • Ongoing Relationships: Data required for long-term compliance is retained throughout the relationship and deleted 2 years after the relationship ends.

9. Your Data Protection Rights

Under data protection law, you have the right to access, rectify, or erase your personal information. You also have the right to object to or restrict processing, and the right to data portability.

Subject Access Requests (SARs)

To request a copy of the information we hold about you, please use our contact form. To help us verify your identity, please include:

  • Your date of birth and any previous names or addresses used in the last five years.
  • Personal reference numbers (e.g., National Insurance or Tax reference).
  • If reference numbers are unavailable, a copy of your photo ID and a recent utility bill.

10. Data Security

We have security measures in place to prevent your personal data from being accidentally lost, used, or accessed without authorisation. Access is limited to employees and partners who have a business need to know, and they are subject to a duty of confidentiality.

11. Cookies and Third-Party Links

Our website uses cookies to enhance your experience. You can set your browser to refuse cookies, though some parts of the site may become inaccessible. Our site may also contain links to third-party websites; we are not responsible for their privacy statements.

12. How to Contact Us

If you have any questions about this privacy statement or our data protection practices, please reach out via our contact form.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk. We would appreciate the chance to deal with your concerns before you approach the ICO.