We are an accounting firm dedicating services to charities and non-profit organisations

We are an accounting firm dedicating services to charities and non-profit organisations

Privacy Notice

Purpose of this Notice

This privacy notice describes how we collect and use personal data about you, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws.

We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

 

About Us

Charity Accounting Services Ltd is a UK-registered company (Number 06949939) with Companies House in England & Wales. Our registered office is at Spaces – Sutton Point, 6 Sutton Plaza, Sutton, London, United Kingdom, SM1 4FS.

For the purposes of data protection legislation, we are usually the data controller. This means that we are responsible for deciding how we hold and use personal data about you. In some cases, we act as a data processor on behalf of our charity and not-for-profit clients, who remain the data controllers. In such cases, we process personal data strictly under their instructions and in line with our contractual obligations.

You can contact our Data Protection Officer/Head of Privacy at [email protected].

 

How We Collect Your Data

We collect personal data about you when you:

  • Visit our website
  • Submit a service request
  • Register for certain areas of the website
  • Contact us for information
  • Submit a CV or work history
  • Register for events, courses, or conferences
  • Take part in surveys or marketing activities (if you choose to)

The information collected may include:

  • Your name, title, address, email address, and telephone number
  • Your IP address
  • Details of contact we have had with you in relation to our services
  • Details of services you have received from us
  • Correspondence and communications with you
  • Information about complaints, inquiries, or feedback you have provided

We only collect the minimum level of information required to fulfil your request.

 

How We Use Your Data

We may use your personal data for the following purposes:

  • Provide professional services to you
  • Comply with our legal and regulatory obligations
  • Communicate with you about services, events, or updates
  • Maintain our business records and administration
  • Respond to inquiries, feedback, or complaints
  • Recruitment purposes (if you submit a CV or application)

The lawful bases for processing your data include:

  • Performance of a contract with you
  • Compliance with a legal obligation
  • Our legitimate interests (e.g. managing our business, communicating with clients)
  • Your consent (where required, e.g. for marketing communications)

 

Data Sharing

We will only share your personal data with third parties where it is necessary for the performance of our services, or where you have given prior consent.

Examples include:

  • Our agents, suppliers, and contractors (e.g. IT and administration services)
  • Cloud service providers such as Google Workspace and QuickBooks (Intuit Ltd), which operate under GDPR-compliant agreements and safeguards
  • regulators, law enforcement, or government authorities where legally required

We also engage external contractors who may access or process client data to support our services. In such cases:

  • Data is primarily processed securely through cloud platforms (Google Workspace and QuickBooks)
  • Where local storage is required, strict access and encryption controls are enforced
  • Contracts include GDPR Article 28 processor obligations, requiring appropriate security and confidentiality
  • International transfers (see below) are covered by legally recognised safeguards

 

International Transfers

Your personal data may be transferred to, and processed in, countries outside the UK and the European Economic Area (EEA). These jurisdictions may not provide the same level of data protection as in the UK or EEA.

Where this occurs, we ensure that appropriate safeguards are in place, including:

  • The use of the UK International Data Transfer Agreement (IDTA), or
  • The EU Standard Contractual Clauses with UK Addendum, or other mechanisms approved by the UK Information Commissioner’s Office (ICO).

We also carry out Transfer Risk Assessments to confirm that your data is protected to an equivalent standard.

You may request further details of these safeguards by contacting us at [email protected].

 

Data Security

We take the security of your personal data seriously. Access is limited to authorised personnel who are bound by confidentiality obligations.

We implement technical and organisational measures to protect data, including encryption, secure storage, access restrictions, and regular monitoring. Contractors and suppliers outside the UK/EEA are required to follow equivalent standards and contractual obligations.

 

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

Generally, this will be 6 years from the end of our client relationship, unless a longer period is required by law. Marketing data will be retained until you opt out.

 

Cookies

We use cookies to improve your experience on our website, including:

  • Enabling faster page loading
  • monitoring site usage and performance statistics
  • Improving the quality and usability of the site

You can manage cookies through your browser settings. Please note that disabling cookies may affect functionality.

For more information about cookies, visit the Information Commissioner’s Office (ICO) website.

 

Your Rights

Under the UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of your data
  • Request erasure of your data
  • Object to processing
  • Request restriction of processing
  • Request data portability
  • Withdraw your consent (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

You also have the right to be informed about international transfers of your personal data and to request details of the safeguards we rely on.

If you wish to exercise any of your rights, please contact us at [email protected].

 

Third-Party Links

Our website may link to external websites that operate under different privacy practices. We are not responsible for the content or privacy policies of such websites.

 

Modifications

We may update this privacy notice from time to time. Any changes will be published on our website, with the date of the latest revision shown at the top of the notice.

 

Consent

By using our website or services and providing personal data, you consent to the use of your information in accordance with this privacy notice.

 

Contact

If you have any questions about this notice or how we handle your personal data, please contact our Head of Privacy at [email protected].

 

Effective Date: 26 August 2025