-
CALL US 0203 883 4777
Last updated: 13 August 2025
Introduction
This Privacy Policy explains in full how Apex Accountants & Tax Advisors LTD (“Apex Accountants”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal information in the course of delivering professional services and operating our website. It also sets out the rights that individuals have under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related UK privacy and electronic communications rules. By using our website, communicating with us, or receiving our services, you acknowledge that you have read this document and agree to the approach described here. If you do not agree, you should not use our website or provide personal information.
Who we are and how to contact us
Apex Accountants & Tax Advisors LTD is a UK-based accountancy and consultancy practice that provides tax planning, corporate finance, business advisory, VAT and payroll services, HMRC compliance and investigation support, and other professional services to businesses and individuals. For the purposes of UK GDPR, we are the Data Controller because we decide how and why personal information is processed in our firm.
Our registered office is at 84a Queen's Rd, Buckhurst Hill, IG9 5BS. Our website is https://apexaccountants.tax/. You can contact us by email at [email protected] or by telephone on 0203 883 4777. We have appointed a Data Protection Lead to oversee privacy matters; queries, requests, and complaints should be directed to the contact details above for the attention of the Data Protection Lead.
Scope of this policy
This policy applies to all personal information we process in connection with our professional services, our website, our marketing activities, and our client intake and due diligence procedures. It applies to clients and their personnel, prospective clients and referrers, suppliers, job applicants, and any visitor to our website. It does not govern third-party websites that we link to; those sites will provide their own privacy information and should be read separately.
Key concepts used in this policy
- “Personal data” means any information that identifies, or can reasonably identify, a living person.
- “Processing” means anything done with personal data, including collection, viewing, storing, sharing, and deletion.
- “Special category data” refers to more sensitive information—such as health data—that receives additional legal protection.
- “Controller” means the organisation that decides how and why data are processed; “processor” means a third party that processes personal data on behalf of the controller.
What information we collect
The information we collect will depend on who you are and how you interact with us. When you engage us for professional services, we commonly collect identity details such as full name, title, date of birth, and government identifiers, including National Insurance number and Unique Taxpayer Reference. We record contact details, including residential or business address, email addresses, and telephone numbers, so we can communicate with you and deliver services. To perform accountancy, tax, and payroll work, we process financial information such as bank details, income and expenditure records, payroll and pension data, tax references, and transaction histories relating to invoices and payments. Where necessary for payroll or pension administration, we may process health-related information, but only to the extent required and with your explicit consent where UK GDPR requires it.
When you visit our website, we collect technical and usage information automatically from your device and browser, including Internet Protocol address, time zone, operating system, device identifiers, pages visited, referral source, and interactions with forms and media. We also record your marketing and communication preferences so we can respect them. Where you provide information about other individuals—for example, directors, partners, employees, or dependants for payroll—you must have the authority to do so and you should share this policy with them, as we will process their information in the same manner.
How we collect information
We collect information directly from you when you make an enquiry, complete onboarding and engagement steps, attend meetings, provide documents to us, respond to requests for information, or otherwise communicate with our team. We collect information automatically through our website using cookies and similar technologies that help us provide functionality, understand how the site is used, and deliver or measure marketing. It is also to be noted that service of any legal document via email will not be accepted unless otherwise stated.
We also obtain information from third parties where permitted and appropriate for professional work, including HMRC, Companies House, credit reference agencies, sanctions and politically exposed person screening providers, prior accountants and advisers where you authorise information transfer, banks and payment services in connection with incoming and outgoing payments, and publicly available sources such as the company register and professional networking platforms.
Why we process personal data and our legal bases
We process personal data only where there is a lawful basis to do so. The primary reasons are to perform a contract with you or to take steps at your request before entering into one. This includes delivering accountancy, tax, payroll, VAT, advisory, and corporate services; preparing and filing accounts and returns; liaising with HMRC and regulators; managing engagements; providing secure client portals; and issuing invoices and statements.
We process personal data to comply with legal obligations that apply to regulated accountancy practices in the UK. These obligations include client due diligence, identity verification, screening for sanctions or politically exposed person status, record-keeping under anti-money laundering regulations, and responding to lawful requests from courts, regulatory bodies, or law enforcement.
We process personal data to pursue our legitimate interests in running and protecting our business, improving our services, managing client relationships, training our staff, preventing fraud and misuse of our website, defending or establishing legal claims, recovering debts, and maintaining effective IT systems and security. Where we rely on legitimate interests, we assess and balance those interests against the rights and freedoms of individuals and use data in a proportionate way.
We process personal data for marketing and business development in accordance with the UK Privacy and Electronic Communications Regulations (PECR). We may send relevant updates to corporate subscribers on the basis of our legitimate interests and to individual subscribers where we have consent or a lawful “soft opt-in”. You can object to or withdraw consent for marketing at any time, and we will honour that choice promptly.
Where processing concerns special category data—for example, limited health information required for payroll or pension purposes—we process it with your explicit consent or under a specific legal condition that permits such processing in the employment and social security context. We do not carry out solely automated decision-making that has legal or similarly significant effects on individuals.
How we use personal data in practice
We use the information we hold to verify identity and suitability at onboarding; plan and deliver accountancy, tax, payroll, VAT and advisory work; prepare filings and reports; maintain accurate records of services provided and fees charged; operate secure client communication channels and portals; allocate tasks within our team and monitor quality; manage credit control, resolve queries and handle complaints; communicate regulatory and service updates; and analyse aggregated website usage so that we can improve content and diagnose technical issues. Where you ask us to coordinate with other professional advisers—such as solicitors, auditors, or finance providers—we will share only what is necessary to fulfil your instructions.
Sharing personal data
We do not sell personal information. We will share information where necessary with HMRC, Companies House, courts and tribunals, professional and supervisory bodies, and other public authorities when the law requires it or when acting on your instructions. We share limited information with professional advisers who support our practice, including solicitors, counsel, auditors, insurers, insurance brokers, consultants, and expert witnesses, under confidentiality obligations. We use reputable IT, cloud, and software suppliers to host our systems and process data on our behalf, including accounting platforms, payroll systems, document management, secure client portals, email and productivity tools, website hosting, analytics, customer relationship management, telephony, and call attribution services. Typical processors include well-known accounting and payroll software providers, cloud infrastructure providers, analytics and advertising platforms operated by Google and Meta, video platforms such as YouTube where we embed content on our site, and call-tracking services that supply dynamic numbers for attribution. We require our processors to act only on our instructions, to keep data secure, and to assist us in meeting our legal obligations.
If we need to engage debt recovery agencies or legal representatives to recover unpaid fees, we will share only the minimum information required for that purpose. If we pursue a merger, acquisition, or corporate restructure, we may share information with relevant counterparties and professional advisers under strict confidentiality. Where you direct us to liaise with your bank, lender, or new accountant, we will disclose information in line with your instructions.
International transfers
Some of our service providers and their data centres may be located outside the United Kingdom or may use global content delivery networks. Whenever personal data is transferred internationally, we assess the risk and put appropriate safeguards in place. These safeguards may include transfers to territories recognised by the UK Government as providing adequate protection, the use of the UK International Data Transfer Addendum or Standard Contractual Clauses, and additional technical and organisational measures such as encryption in transit and at rest. You can contact us for more detail on the safeguards that apply to your data.
Security of your information
We take the security of personal information seriously. We operate layered technical and organisational controls designed to prevent unauthorised access, alteration, disclosure, or loss. These include access controls aligned to job roles, strong authentication and password standards, encryption of data in transit and at rest where appropriate, secure configuration and patching, anti-malware and threat detection, audit logging and monitoring, regular backups and recovery testing, supplier due diligence, and mandatory staff training on confidentiality and data protection. While the Internet is not a perfectly secure medium, we use Transport Layer Security on our website and portals, and we review our security posture regularly. If a data breach occurs that presents a risk to individuals, we will notify the ICO and the affected individuals where the law requires it.
Retention of personal data
We keep personal data only for as long as it is needed for the purposes set out in this policy, including meeting legal, accounting, and regulatory requirements. In practice, this means most client records are retained for up to seven years after the end of the engagement or longer where necessary for legal claims or investigations.
Anti-money laundering due diligence records are retained for at least five years from the end of the business relationship or the date of an occasional transaction and may be kept longer where permitted by law and justified by risk. Prospective client records are kept for a reasonable period to manage enquiries and follow-up; where there is no further contact, we ordinarily keep core enquiry records for up to two years to manage conflicts and audit trails. Website analytics data are held in line with the provider’s retention settings.
Cookie lifetimes are described in the cookies section below. If you exercise your right to erasure, we will assess whether any legal retention duties require us to keep limited information in our records.
Your rights
Under UK GDPR you have rights over your personal data. You may request access to the information we hold about you and receive a copy. You may ask us to correct inaccurate or incomplete data. In certain circumstances you may ask us to delete data or to restrict how it is used. You may object to processing based on our legitimate interests, including direct marketing, and we will stop unless we have compelling legitimate grounds or a legal need to continue. You may ask us to provide your data in a portable format or to transmit it to another controller where technically feasible. Where processing relies on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. To exercise any of these rights, contact us using the details above and describe your request; we may need to verify your identity before acting.
If you are dissatisfied with our response, you can complain to the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113, or via www.ico.org.uk. We would welcome the chance to resolve matters with you first.
Cookies, similar technologies, and online identifiers
Our website uses cookies and similar technologies so that it functions correctly, remembers your preferences, measures performance, and supports marketing that is relevant and useful. When you first visit, a banner explains that non-essential cookies will only run with your consent; you can adjust your choices there and you can also use your browser settings to control cookies at any time. Some technologies there, on our site are provided by third parties who act as independent controllers—most notably Google, Meta, YouTube, and CallTrackingMetrics—and they will process online identifiers in line with their own privacy terms.
We use essential or functional cookies to maintain secure sessions and to deliver features you request. For example, a session identifier issued by our web framework (commonly named ASP.NET_SessionId) allows the site to remember that you are the same visitor as you move from page to page; it expires when you close your browser and does not by itself identify you by name.
We use analytics technologies provided by Google to understand how visitors use the site so that we can improve content and diagnose technical issues. Google Analytics may set cookies such as _ga, ga* and _gid to recognise returning browsers and to assemble aggregated statistics about page views, navigation paths, and device types. In some deployments a short-lived cookie of the form _gat_UA-* may be present to regulate request rates. Google may also set gcl_au where Google Tag Manager is used to coordinate advertising measurement. These identifiers typically persist from one day to just over a year unless you clear them sooner, and they do not allow us to identify you by name. You can opt out of analytics cookies via our banner or by configuring your browser.
We use advertising and remarketing technologies in limited circumstances to help us understand which online campaigns generate enquiries. Meta may set the _fbp cookie to recognise browsers for advertising measurement across Meta technologies. CallTrackingMetrics may set a cookie such as __ctmid to attribute phone calls to the advertising source so that we know which campaigns are effective; this allows our website to display a campaign-specific tracking number and to attribute enquiries correctly. These identifiers are used to measure the effectiveness of our marketing and to allocate spending responsibly rather than to profile individuals for unrelated purposes. Where the law requires consent for these technologies, we will rely on consent and respect your choice.
Where our pages embed videos hosted on YouTube, YouTube and Google may set cookies and local storage items to operate the player and remember preferences such as volume and subtitle settings. Examples include YSC (which expires at the end of the session), VISITOR_INFO1_LIVE and VISITOR_PRIVACY_METADATA (which typically persist for a few months), and items such as PREF, yt-remote-, yt.innertube:: and ytidb::LAST_RESULT_ENTRY_KEY that store player and interface preferences. These are placed by YouTube as an independent controller. If you prefer not to load YouTube cookies, you can refrain from playing embedded videos or adjust your consent settings to block non-essential cookies.
Because third-party providers control lifetimes and behaviour of their identifiers, the precise durations may change. Your browser will show you the current expiry date for any stored cookie. You can delete cookies at any time using your browser controls. If you block essential cookies, some parts of the site may not work.
Marketing choices
We want our communications to be useful. If you receive marketing from us, you can opt out at any time by using the unsubscribe link in our emails or by contacting us. If you are a corporate subscriber, we may send occasional updates that are relevant to your role based on our legitimate interests; if you are an individual subscriber, we will rely on consent or the “soft opt-in” where the law allows it. Opting out of marketing will not affect service emails that we need to send to deliver engagements or meet legal duties.
Where we obtain data and who we receive it from
In many cases you will provide information directly to us. For regulated work we also obtain identity and verification information from trusted third-party providers to comply with anti-money laundering regulations. Where you move your work to us from another adviser, we may receive records from them with your permission. HMRC and Companies House may send us information or require us to confirm details; credit reference agencies may supply information as part of onboarding or in connection with credit control; and banks or payment services may provide limited data about payments so that we can allocate them correctly. Public registers and professional platforms may be consulted to confirm business details and officer appointments.
Payment information, credit control, and refunds
When you pay our fees, the payment service provider processes card or bank details directly; we do not store full card details on our systems. We keep transaction records, invoices, and remittance information for accounting and tax purposes. Where payments are recalled by a bank or card provider after work has been performed, we will retain and process the records necessary to establish the work done and to recover unpaid sums. If you request a refund for a duplicate or cancelled payment relating to ancillary services, we will use the information in our accounting records to validate and process the request and we will keep a record of the outcome for audit and compliance.
Children’s data
Our services are designed for adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe a child has provided us with personal information, please contact us so that we can delete it where appropriate.
Social media, external links, and third-party websites
Our website and communications may include links to external sites or embedded content from third parties. We are not responsible for the privacy practices of those providers. When you follow a link or play embedded media, the third party may collect data in accordance with its own policies. You should review their privacy information before interacting with those services.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, guidance, technology, our services, or our internal practices. The version posted on our website will include the effective date at the top. Substantive changes may be highlighted on our website or notified to clients where appropriate.
Disclaimer:
This website only provides general information and does not provide legal, tax, investment, or other professional advice. You should not rely on any information on this site as a substitute for obtaining formal advice from a qualified professional who can consider your specific circumstances.
We try to keep this site's information accurate and up to date. However, laws, regulations, and tax rates (including VAT) may change over time, and we make no warranties or representations as to the ongoing accuracy, completeness, or suitability of the information provided.
To the fullest extent permitted by law, we accept no liability for any loss or damage incurred as a result of reliance on information contained on this site.
How to contact us and how to complain
Questions, requests to exercise your rights, and concerns about privacy should be sent to the Data Protection Lead at Apex Accountants & Tax Advisors LTD, 84a Queen's Rd, Buckhurst Hill, IG9 5BS, or by email to [email protected], or by telephone on 0203 883 4777. If you remain dissatisfied after raising a concern with us, you can complain to the Information Commissioner’s Office. The ICO can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone 0303 123 1113, or via via www.ico.org.uk.