Privacy Policy

Last updated: March 2026

1. Who we are

Pinnacle Accountancy Partners is a chartered accountancy firm registered in England and Wales, based in Clerkenwell, London EC2. We are a member firm of the Institute of Chartered Accountants in England and Wales (ICAEW).

For the purposes of UK data protection law, Pinnacle Accountancy Partners is the data controller responsible for your personal data. Our ICO registration number is available on the ICO register.

Data Controller contact:
Pinnacle Accountancy Partners
Clerkenwell, London EC2
020 7946 0412
hello@pinnacleaccountancy.co.uk

2. What personal data we collect

Information you give us directly

• Contact enquiries: name, email address, phone number (optional), business name, and the contents of your message when you complete our contact form.
• Lead magnet downloads: your name and email address when you request a free guide or resource.
• Client onboarding: name, address, date of birth, National Insurance number, company registration details, HMRC UTR, bank details, and financial records — all necessary to provide our accountancy services and meet our regulatory obligations.

Information collected automatically

• Website logs: your IP address, browser type, pages visited, and time of visit. This is server-level data stored by our hosting provider (Cloudflare) and is used solely for security and performance purposes.
• No tracking cookies: this website does not use Google Analytics, Meta Pixel, or any third-party advertising or tracking tools. We use only essential functional cookies.

Sensitive personal data

In the course of providing accountancy services, we may process data that is considered sensitive under UK GDPR — for example, information about your financial circumstances. We handle all such data with the highest level of care, and access is restricted to the team members who need it to carry out their work.

3. How we use your data

We use the personal information we collect to:

• Respond to your enquiries and provide the services you've requested
• Prepare and file accounts, returns, and other documents on your behalf
• Communicate with HMRC, Companies House, and other statutory bodies as required
• Send you information you've requested, such as guides or newsletters (you can unsubscribe at any time)
• Comply with our legal and regulatory obligations as an ICAEW member firm
• Maintain the security and performance of our website
• Improve our services based on feedback and enquiry patterns

We will never use your personal data for automated decision-making or profiling.

4. Legal basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. Depending on how we're using your information, the basis will be one of the following:

• Contract performance: processing is necessary to provide the services you've engaged us for.
• Legal obligation: we are required to process certain data to comply with ICAEW regulations, HMRC requirements, AML (Anti-Money Laundering) obligations, and other applicable laws.
• Legitimate interests: for example, responding to a contact form enquiry or maintaining website security, where our interests do not override your rights.
• Consent: where you have given explicit consent — for example, to receive marketing emails. You can withdraw consent at any time by contacting us or clicking the unsubscribe link in any email.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share your information with:

• HMRC and Companies House — as required to file returns and comply with UK tax and company law.
• Cloud accounting software providers — primarily Xero, QuickBooks, or FreeAgent, used to maintain your financial records. These providers are bound by their own data processing agreements and comply with UK GDPR.
• Professional advisers — solicitors, financial advisers, or other professional parties involved in completing your services, only with your knowledge or consent.
• Service providers — our IT infrastructure, email, and document management providers, each operating under appropriate data processing agreements.
• Regulatory bodies — ICAEW or relevant authorities if required by law, regulation, or court order.

All third parties we work with are required to handle your data securely and in accordance with UK GDPR.

6. How long we keep your data

• Contact and enquiry data: up to 24 months from the date of enquiry, unless you become a client.
• Client financial and accounting records: 7 years from the end of the relevant financial year, in line with HMRC requirements and ICAEW professional standards.
• AML identity verification records: 5 years from the end of the client relationship, as required by the Money Laundering Regulations 2017.
• Marketing consent records: until consent is withdrawn, plus 12 months thereafter.

When data is no longer needed, we delete or securely destroy it in line with our data retention policy.

7. Cookies and website tracking

This website uses only essential functional cookies — specifically a single session cookie that stores your preference after dismissing the cookie notice. It contains no personal data and expires at the end of your browser session.

We do not use:

• Google Analytics or any other analytics platform
• Advertising or retargeting cookies
• Social media tracking pixels
• Any third-party tracking scripts

Because we only use strictly necessary cookies, your consent is not required under the Privacy and Electronic Communications Regulations (PECR). However, we notify you of this as a matter of transparency.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: you can request a copy of the personal data we hold about you.
• Right to rectification: you can ask us to correct inaccurate or incomplete data.
• Right to erasure: in certain circumstances, you can ask us to delete your data.
• Right to restriction: you can ask us to restrict how we use your data while a dispute is resolved.
• Right to data portability: you can ask for your data in a machine-readable format.
• Right to object: you can object to processing based on legitimate interests, including direct marketing.
• Rights related to automated decision-making: we do not use automated decision-making, but you have the right not to be subject to it.

To exercise any of these rights, please contact us at hello@pinnacleaccountancy.co.uk. We will respond within one calendar month.

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Security

We take the security of your personal data seriously. Our measures include:

• All data in transit is encrypted via TLS/HTTPS
• Access to client data is restricted to authorised staff on a need-to-know basis
• We use reputable, UK GDPR-compliant cloud providers for data storage
• Regular reviews of our data security practices
• Staff training on data protection obligations

No method of transmission over the internet is 100% secure. If you have concerns about a specific data transfer, please contact us directly.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, the law, or best practice. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our website or services following any update constitutes acceptance of the revised policy.

11. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

This policy was prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.