Privacy policy.

Who we are

Barton Accountancy Limited ("Barton Accountancy", "we", "us", "our") is an ICAEW Chartered Accountancy firm registered in England & Wales (Company No. 13830167, VAT No. GB 405 3155 33). We are regulated by the Institute of Chartered Accountants in England and Wales (ICAEW) and hold Professional Indemnity Insurance in accordance with ICAEW's PII regulations — details available on request. We are the data controller for the personal data we collect about you.

If you have any questions about this policy or how we handle your data, contact us at hello@bartonaccountancy.co.uk or on 01283 208613.

What personal data we collect

We collect and process different types of personal data depending on how you interact with us:

When you visit our website

• Technical data — IP address, browser type, device type, pages visited, referrer, time spent on the site. This is collected automatically by Netlify hosting logs for operational and security purposes only. We do not run any third-party analytics, tracking pixels or advertising scripts on the site.
• Cookies — we use a small number of essential cookies for site functionality only. We do not use analytics cookies, advertising cookies or tracking cookies of any kind.

When you contact us or request a quote

• Contact details — name, email address, phone number, business name.
• Business information — business type, approximate turnover, the services you are interested in, and any information you share in your message.

When you become a client

• Identification data — required under UK Anti-Money Laundering (AML) regulations: ID documents, proof of address, company information.
• Financial data — bank statements, invoices, receipts, payroll records, tax returns and other accounting records you provide for us to perform our services.
• HMRC and Companies House data — when you authorise us as your agent, we access your records with HMRC and Companies House on your behalf.

Why we use your data

We use your personal data for these specific purposes:

• To respond to enquiries — when you contact us for a quote or with a question, we use your contact details to reply.
• To provide accountancy services — to prepare and file your accounts, tax returns, payroll, VAT returns and other work you have engaged us to do.
• To comply with legal obligations — we are required to keep client records for specific periods under HMRC rules, AML regulations, and the Companies Act. We are also regulated by the ICAEW and must comply with their professional standards.
• To improve our service — we may review anonymised Netlify hosting logs (aggregate page-view counts, referrer patterns) to understand which pages are useful and improve the site over time. No individual visitor is identified.

Our legal basis for processing your data

Under UK GDPR, we rely on the following legal bases:

• Contract — when you engage us as your accountant, we process your data to fulfil our contractual obligations to you.
• Legal obligation — we are legally required to keep certain records and report certain information to HMRC and regulators.
• Legitimate interest — we review aggregate hosting logs to understand how our website performs and to provide a better experience to visitors. No individual visitor is identified or tracked.
• Consent — for any non-essential marketing communications, we ask for your explicit consent first and you can withdraw it at any time.

How long we keep your data

We keep your data only for as long as we need it, and for any additional period required by law:

• Enquiry data (if you never become a client) — up to 2 years from your last contact, then deleted.
• Client accounting records — at least 7 years from the end of the tax year, as required by HMRC for limited companies and sole traders. Some records may be kept longer for specific legal reasons.
• AML identification records — 5 years after the end of our business relationship, as required by anti-money laundering regulations.
• Netlify hosting logs — anonymised, retained by our hosting provider for up to 30 days for operational and security purposes.

Who we share your data with

We only share your data with third parties where necessary to deliver our services or where legally required:

• HMRC and Companies House — we file accounts, tax returns and payroll information on your behalf when authorised.
• Accounting software providers — Xero, QuickBooks or other cloud accounting platforms that you use (and that we use to manage your books).
• Our website form processor — when you submit our contact or quote form, the submission is captured by Netlify Forms and delivered to our inbox. Netlify, Inc. (also our hosting provider) acts as a data processor on our behalf and is bound by their GDPR-compliant data processing terms.
• Professional advisors — solicitors or specialists we engage for your specific matter, only with your knowledge.
• Our regulators — ICAEW, HMRC and the Information Commissioner's Office, if required as part of their oversight.

We never sell, rent or trade your personal data to third parties for marketing purposes.

Your rights

Under UK GDPR, you have the right to:

• Access your personal data — request a copy of what we hold about you.
• Rectification — ask us to correct any inaccurate data.
• Erasure — ask us to delete your data, subject to our legal obligations to retain certain records.
• Restriction — ask us to pause processing in specific circumstances.
• Portability — receive your data in a portable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, email us at hello@bartonaccountancy.co.uk. We respond to all requests within one month.

How we protect your data

We take data security seriously. We use encrypted storage, two-factor authentication on every system that holds your data, secure cloud backups, and access controls that limit staff access to what is strictly needed. Our website uses HTTPS across every page. Our accounting software providers (Xero, HMRC portals) are themselves regulated and certified to high security standards.

Cookies

Our website uses only the cookies strictly necessary for it to function:

• Essential cookies — required for the site to function (e.g., remembering that you've dismissed the preloader for the rest of your session). These are exempt from consent under UK PECR rules.

We do not use analytics cookies, advertising cookies, social-media tracking cookies, or any third-party tracking technologies. If we ever add analytics in the future, we will update this policy and ask for your explicit consent before any non-essential cookie is set.

Complaints

If you have a concern about how we handle your data, please contact us first — we'll do our best to resolve it. If you're not satisfied, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

Changes to this policy

We may update this policy from time to time to reflect changes in law, our services or our practices. The "last updated" date at the top of this page will always show when the most recent change was made. Significant changes will be communicated to existing clients directly.