Privacy Policy

This policy explains how KAZ Accountancy Services Limited collects, uses, and protects your personal data, and the rights you have in relation to it.

1. Who We Are

KAZ Accountancy Services Limited ("KAZ Accountancy", "we", "us", "our") is a UK based accountancy practice providing bookkeeping, tax, payroll and related accountancy services to businesses and individuals. We are a qualified accountancy practice registered with the Association of Accounting Technicians (AAT).

We are committed to protecting the privacy and security of your personal information. This policy explains how we collect, use, share and protect personal data, and what rights you have in relation to it, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: KAZ Accountancy Services Limited
Company Registration No: 10732675 (England & Wales)
VAT No: 383886538
ICO Registration No: ZB599363
Registered Office: 167-169 Great Portland Street, Fifth Floor, London W1W 5PF
Email: info@kaz-financials.co.uk
Phone: 0333 335 6022

If you have any questions about this policy or how we handle your personal data, please contact us using the details above.

2. What Personal Data We Collect

The personal data we collect depends on your relationship with us. This may include:

  • Identity data: full name, date of birth, National Insurance number, Unique Taxpayer Reference (UTR), copies of photographic ID and proof of address
  • Contact data: address, email address, telephone numbers
  • Financial data: bank account details, income, expenditure, tax and payroll records, invoices, receipts and other accounting records
  • Employment data: for payroll clients, the personal and salary data of your employees necessary to run payroll on your behalf
  • Technical data: IP address, browser type, and pages visited if you use our website
  • Communications data: records of correspondence, enquiries and meeting notes

We only collect the personal data that is necessary and relevant to the services we provide.

3. How We Collect Your Data

  • Directly from you, when you engage us as a client, complete our contact form, or correspond with us by phone, email or in person
  • From third parties acting on your behalf, such as a previous accountant (with your authorisation), your bank, or HMRC
  • From publicly available sources, such as Companies House, where relevant to verifying company information
  • Automatically through our website, via standard web server logs and any analytics tools in use

4. How We Use Your Data and Our Legal Basis

We only use your personal data where we have a lawful basis to do so. Depending on the circumstances, we rely on one or more of the following legal bases under UK GDPR:

  • Performance of a contract — to provide the accountancy, bookkeeping, payroll, tax and advisory services you have engaged us to carry out
  • Legal obligation — to comply with our obligations to HMRC, Companies House, and under the Money Laundering Regulations 2017 (as amended)
  • Legitimate interests — for general business administration, improving our services, and protecting against fraud, provided this does not override your own rights and interests
  • Consent — where you have given specific consent, for example to receive marketing communications, which you may withdraw at any time

We do not sell your personal data to third parties, and we do not use your data for any automated decision making that produces legal or similarly significant effects concerning you.

5. Anti Money Laundering and Client Due Diligence

As an accountancy practice, we are a "relevant person" under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), and are supervised for anti money laundering (AML) purposes by the AAT.

Before we can act for you, and periodically throughout our relationship, we are legally required to carry out Customer Due Diligence (CDD) checks. This includes:

  • Verifying your identity and, where applicable, the identity of your company's directors and Persons with Significant Control (PSCs)
  • Collecting and retaining copies of identification documents (such as a passport or driving licence) and proof of address
  • Screening against sanctions and politically exposed persons (PEP) lists where required
  • Assessing and monitoring the risk associated with the professional relationship on an ongoing basis

We are legally obliged to retain the personal data collected for these purposes for a minimum of five years after the end of our business relationship with you, even if you ask us to delete it sooner. Where we identify activity that we are required to report under the Proceeds of Crime Act 2002 or related legislation, we may be legally prevented from informing you that a report has been made.

6. Who We Share Your Data With

We only share your personal data where necessary, and always with appropriate safeguards in place. This may include:

  • HMRC and Companies House, where submissions are made on your behalf as part of our services
  • Cloud accounting and software providers we use to deliver our services, including Xero, QuickBooks (Intuit), Sage, Dext and Hubdoc, who act as data processors under contract with us
  • Our professional indemnity insurers and regulatory body (AAT), where required for compliance or in the event of a claim
  • Other professional advisers such as solicitors or financial advisers, only with your knowledge and, where appropriate, your consent
  • Regulatory or law enforcement bodies, where we are legally required to disclose information, including under AML legislation

Any third party service provider who processes personal data on our behalf is required to enter into a data processing agreement and to maintain appropriate technical and organisational security measures.

7. International Data Transfers

Some of the cloud accounting platforms we use to deliver our services (for example, QuickBooks, provided by Intuit Inc.) may store or process data outside the UK, including in the United States. Where this occurs, we ensure appropriate safeguards are in place, such as the provider's participation in a recognised data protection framework, UK International Data Transfer Agreements (IDTAs), or the UK Addendum to the EU Standard Contractual Clauses, as required under UK GDPR.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes it was collected, including to satisfy legal, accounting, or reporting requirements. As a general guide:

  • Client due diligence and identification records: a minimum of 5 years after the end of our business relationship, in line with Money Laundering Regulations
  • Accounting records and tax working papers: a minimum of 6 years, in line with HMRC and Companies House requirements
  • Payroll records: a minimum of 3 years, in line with HMRC requirements (though we typically retain these alongside other accounting records)
  • General correspondence and enquiry data: retained only for as long as relevant to the purpose for which it was collected

Where data is no longer required, we securely delete or anonymise it.

9. How We Protect Your Data

We take the security of your personal data seriously and have appropriate technical and organisational measures in place, including access controls, secure cloud based storage with reputable providers, and staff awareness of data protection obligations. While we take all reasonable steps to protect your data, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to have inaccurate or incomplete data corrected
  • Right to erasure — to request deletion of your data, though this may not apply where we have a legal obligation to retain it (see Section 8)
  • Right to restrict processing — to ask us to limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, commonly used format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, at any time

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month, as required by law. Some rights may be limited where we have an overriding legal or regulatory obligation, such as our AML record keeping duties.

11. Cookies and Website Usage

Our website uses only the cookies or similar technologies necessary for it to function correctly, and to load web fonts. We do not currently use advertising or third party tracking cookies. If this changes, this policy will be updated and, where required, we will ask for your consent through a cookie banner.

12. Marketing Communications

We will only send you marketing communications where you have given consent, or where permitted under the "soft opt in" rules for existing clients regarding similar services. You can opt out of marketing communications at any time by contacting us or using the unsubscribe link provided.

13. Children's Privacy

Our services are provided to businesses and adults, and our website is not directed at children. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The date of the most recent update is shown at the bottom of this page. We encourage you to review this policy periodically.

15. How to Complain

If you have any concerns about how we handle your personal data, please contact us in the first instance using the details in Section 1, and we will do our best to resolve the issue.

KAZ Accountancy Services Limited is registered with the Information Commissioner's Office under registration number ZB599363. You also have the right to lodge a complaint directly with the ICO, the UK's independent supervisory authority for data protection:

Information Commissioner's Office (ICO)
Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

This policy was last updated on 5 July 2026.

Questions about your data?

If anything in this policy isn't clear, or you'd like to exercise any of your rights, get in touch and we'll help.

Contact us