Privacy Notice

Effective: February 2026

1. Introduction

Wyatt & Co Chartered Accountants is the trading name of Nigel Wyatt & Co Limited, a company registered in England and Wales (Company Number 3292417).

We are committed to protecting and respecting your privacy and handling personal data responsibly and transparently.

This Privacy Notice explains how we collect, use, store and protect personal data in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of data protection legislation, we are generally the Data Controller. This means we are responsible for deciding how personal data is held and used.

In certain limited circumstances (for example when providing payroll services on behalf of a client), we act as a Data Processor.

2. Contact Details

Wyatt & Co Chartered Accountants
125 Main Street
Garforth
Leeds
LS25 1AF

Email: office@wyattandco.net
Telephone: 0113 287 1155

If you have any questions about this Privacy Notice or how we handle your personal data, please contact us using the details above.

3. The Personal Data We Collect

Depending on the services we provide, we may collect and process the following categories of personal data:

Identity Information

Name
Date of birth
Residential address
Email address
Telephone number
National Insurance number
Passport or driving licence details
Proof of address documentation

Financial and Tax Information

Bank account details
Accounting records
Tax returns and computations
PAYE and payroll records
VAT records
Dividend and salary information
Pension contribution details
Investment income information

Company and Charity Governance Data

Directors’ and trustees’ details
Persons of Significant Control (PSC) information
Company secretarial records

We do not routinely process special category personal data unless required by law (for example certain statutory payroll information).

4. How We Collect Personal Data

We may collect personal data:

Directly from you
From HM Revenue & Customs (HMRC)
From Companies House
From the Charity Commission
From pension providers
From third parties authorised by you
Through identity verification procedures required under Anti-Money Laundering legislation

5. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract

To provide services under our engagement letter.

Legal Obligation

To comply with UK legislation and regulatory obligations, including:

Proceeds of Crime Act 2002
Terrorism Act 2000
Money Laundering Regulations 2017
Companies Act
Taxes Acts
Professional regulatory requirements

Legitimate Interests

To operate and manage our practice effectively, maintain professional standards, manage risk, and defend potential legal claims, provided such interests do not override your rights.

Consent

Where required (for example, certain marketing communications). You may withdraw consent at any time.

6. How We Use Personal Data

We use personal data to:

Provide accountancy, tax and payroll services
Comply with legal and regulatory obligations
Communicate with clients and relevant authorities
Manage our internal systems and records
Improve and develop our services
Protect against fraud and financial crime

If you do not provide certain information when requested, we may be unable to perform our services or comply with our legal obligations.

7. Sharing Personal Data

We may share personal data with:

HM Revenue & Customs
Companies House
Charity Commission
Pension providers (for payroll services)
Regulators
Professional indemnity insurers
Professional advisers

We use secure, cloud-based accountancy, payroll and practice management software providers and IT service providers who process data on our behalf under written data processing agreements.

We use Bright Manager (formerly AccountancyManager Limited) as our practice management software provider.

All third-party providers are required to process personal data in accordance with applicable data protection law and appropriate confidentiality and security standards.

We do not sell personal data.

8. International Transfers

We do not routinely transfer personal data outside the United Kingdom.

Where cloud-based providers store data outside the UK, we ensure appropriate safeguards are in place in accordance with UK data protection law.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements.

Typical retention periods include:

Accounting and tax records: minimum 6 years
AML identity documentation: 5 years after the end of the business relationship
Working papers: generally 6–7 years
Payroll records: in line with HMRC requirements

After applicable retention periods expire, data is securely deleted or destroyed.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

Secure cloud-based systems
Password-protected access
Role-based access controls
Secure email systems
Physical file security where applicable

We regularly review our data protection and security procedures.

11. Your Rights

Under UK data protection law, you have rights including:

The right to access your personal data
The right to request correction
The right to request erasure (in certain circumstances)
The right to restrict processing
The right to object to processing
The right to data portability (where applicable)

To exercise your rights, please contact office@wyattandco.net.

We may need to verify your identity before responding to certain requests.

12. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance.

You also have the right to complain to the:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.org.uk

13. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website.