Privacy Policy
This policy explains how JD Accountancy collects, uses, and protects your personal data when you use this website or engage our accountancy services. It is written in plain English and has been prepared to comply with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations. We recommend reading it before submitting any personal information to us.
About this policy and who we are
JD Accountancy is a sole trader accounting practice founded by Joey Davies and based at Dalton House, 35 Chester Street, Wrexham, LL13 8AH. For the purposes of UK data protection law, JD Accountancy is the data controller for the personal data described in this policy. This policy applies to personal data collected from clients, prospective clients, and visitors to jdaccountancy.com. It tells you what data we collect, why we collect it, who we may share it with, how long we keep it, and what rights you have. It became effective on 12 May 2026.
What personal data we collect
We collect different types of personal data depending on whether you are a client, a prospective client, or simply browsing the website.
Information you give us
When you make an enquiry, book a call, or become a client, you typically give us your name, email address, phone number, business name, and trading or company details. Once we are engaged as your accountant, we will also hold financial records including income and expenditure figures, bank statements, payroll data, tax reference numbers, and any other information needed to carry out the work you have asked us to do.
Information collected automatically
When you visit jdaccountancy.com, our website collects certain technical data automatically. This includes your IP address, browser type, device information, pages visited, and the source of your visit. This data is collected via cookies and analytics tools. It helps us understand how the site is used and improve it over time. For full details of what cookies we use and how to control them, please see our Cookies Policy at /cookies-policy/.
Information from third parties
In providing accountancy services, we may receive personal data about you from third parties. This includes information from HMRC when we act as your agent, from Companies House in relation to directors and registered company details, and from cloud accounting software such as Xero where records are maintained. Where relevant, we may also receive information from a previous accountant as part of the onboarding handover process.
Why we process your data
UK GDPR requires us to have a lawful basis for every type of processing we carry out, and the table below sets out the basis we rely on for each purpose.
To provide our services (contract)
When you engage JD Accountancy, we process your personal and financial data because it is necessary to perform the contract between us. This covers preparing accounts, filing Self-Assessment tax returns, handling VAT returns, running payroll, and all other services agreed in your engagement letter. Without this data, we cannot carry out the work.
To meet our legal obligations (legal obligation)
As a UK accountancy practice, we are subject to legal obligations that require us to process and retain certain data regardless of your preferences. This includes Anti-Money Laundering and Money Laundering Regulations 2017 record-keeping, HMRC reporting and agent authorisation requirements, statutory filing obligations, and cooperation with any formal tax enquiry or investigation.
To run and improve our business (legitimate interests)
We rely on legitimate interests for purposes such as sending service-related communications to existing clients, carrying out website analytics, maintaining the security of our systems, and general internal administration. We have assessed that these interests do not override the rights and freedoms of the individuals whose data we hold, and we apply appropriate safeguards throughout.
Where you have agreed (consent)
Where we send marketing emails to prospective clients who have not yet engaged us, or where we use non-essential cookies, we rely on your consent. You may withdraw consent at any time by emailing accounts@jdaccountancy.com or using the unsubscribe link in any marketing email. Withdrawing consent does not affect any processing already carried out.
Who we share your data with
We do not sell personal data and we only share it where there is a clear, lawful reason to do so.
Your data may be shared with the following categories of recipients where necessary to provide our services, meet legal obligations, or run the practice securely. All third parties we work with are required to handle your data in accordance with applicable data protection law.
HMRC and Companies House
We share personal and financial data with HMRC when submitting tax returns, VAT returns, payroll filings, and CIS returns on your behalf, and with Companies House when filing confirmation statements or annual accounts for limited companies. This sharing is a legal requirement.
Software and cloud service providers
We use cloud-based accountancy software, including Xero, to prepare and store client records, as well as email, scheduling, and website hosting services. These providers process data on our behalf as data processors and are contractually required to protect it.
Professional advisers
On occasion we may need to share relevant information with professional advisers such as solicitors or insurance providers — for example, in connection with a professional indemnity claim or legal query. Any such sharing is limited to what is strictly necessary.
Regulatory and legal authorities
We may be required to disclose information to regulatory supervisory bodies or law enforcement agencies where compelled to do so by law, court order, or a formal legal process. We will not share data beyond what is legally required in such circumstances.
International data transfers
Some of the cloud software and hosting services we use may store or process data outside the United Kingdom, including in countries within the European Economic Area and in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place — typically the UK’s International Data Transfer Agreements or Standard Contractual Clauses approved by the ICO. The UK has granted adequacy decisions for transfers to EEA countries, meaning those transfers are treated as equivalent to transfers within the UK. If you would like more detail about the safeguards applied to any specific transfer, please contact us.
How long we keep your data
We retain personal data only for as long as is necessary for the purpose it was collected, subject to any legal minimum retention periods that apply to accountancy practices.
Client records
Records relating to client engagements are retained for a minimum of six years from the end of the engagement, in line with AML/MLR 2017 obligations. Records connected to tax matters may be held for up to seven years or longer where required by HMRC or under investigation.
Prospect and enquiry data
If you make an enquiry but do not become a client, we will retain your contact information for up to 24 months from the date of last contact. After that period, the data will be securely deleted or anonymised unless you have consented to ongoing marketing communications.
Website analytics data
Technical data collected through website analytics tools is typically retained for up to 26 months before being aggregated or deleted, in line with standard analytics platform defaults. Anonymised, aggregated data may be retained indefinitely for statistical purposes.
Marketing consent records
Where we hold your consent for marketing purposes, we keep a record of that consent for as long as it remains active, plus two years after it is withdrawn or expires. This audit trail allows us to demonstrate compliance with our consent obligations under UK GDPR and PECR.
Your rights under UK GDPR
Under UK GDPR and the Data Protection Act 2018, you have eight statutory rights in relation to your personal data. These rights apply in all cases, though some are subject to exceptions depending on the lawful basis for processing.
Right to be informed
You have the right to be told clearly how your personal data is collected, used, and stored. This privacy policy is part of how we fulfil that obligation. We will update it whenever our practices change in a material way.
Right of access
You have the right to request a copy of the personal data we hold about you, along with information about how it is used. This is known as a Subject Access Request. Submit yours in writing to accounts@jdaccountancy.com and we will respond within one month.
Right to rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. We will action reasonable correction requests without delay and update records held across connected systems where applicable.
Right to erasure
You may ask us to delete your personal data where we no longer have a lawful reason to hold it. Please note that we cannot erase data we are legally required to retain — for example, client records subject to AML or tax retention obligations.
Right to restrict processing
You can ask us to pause or restrict how we use your data — for example, while you contest its accuracy or object to a particular use. Where processing is restricted, we will continue to store the data but will not actively use it without your agreement.
Right to data portability
Where we process your data on the basis of consent or contract, and processing is carried out by automated means, you have the right to receive that data in a structured, commonly used, machine-readable format so you can transfer it to another provider.
Right to object
You have the right to object to processing based on legitimate interests or carried out for direct marketing purposes. If you object to direct marketing, we will stop immediately. For other legitimate-interests processing, we will stop unless we can demonstrate compelling grounds.
Rights related to automated decision-making
You have the right not to be subject to decisions made solely by automated processing that produce significant legal or similar effects. JD Accountancy does not currently use any automated decision-making or profiling in the delivery of its services.
How to exercise your rights
To exercise any of the rights above, please contact us in writing at accounts@jdaccountancy.com. We will respond within one calendar month of receiving your request. In some cases we may need to verify your identity before proceeding, to ensure we protect your data from unauthorised access. There is no charge for exercising your rights in most circumstances. If a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or decline to act, and we will explain our reasons in writing.
How we protect your data
We apply a range of technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Data transmitted between your browser and our website is encrypted via HTTPS. Cloud-based systems used to process client data operate with encryption at rest, and access is restricted to authorised users with strong password controls and, where available, two-factor authentication. We keep the number of people with access to personal data to a minimum — in practice, Joey Davies as the sole practitioner. We carry out regular reviews of the platforms and tools we use and apply any available security updates promptly. In the event of a data breach that is likely to pose a risk to individuals, we will notify the ICO within 72 hours and affected individuals without undue delay.
Cookies
This website uses cookies — small text files placed on your device — for purposes including keeping the site functioning correctly and understanding how visitors use it. Some cookies are strictly necessary; others are used for analytics. You can manage your cookie preferences at any time. For a full breakdown of the cookies we use and how to control them, please see our Cookies Policy at /cookies-policy/.
Children’s data
JD Accountancy’s services are directed entirely at businesses and adults acting in a professional or self-employed capacity. We do not knowingly collect or process personal data relating to anyone under the age of 18. If you believe we have inadvertently received data relating to a child, please contact us at accounts@jdaccountancy.com and we will delete it promptly.
Changes to this policy
We may update this policy from time to time to reflect changes in our data processing activities, legal requirements, or regulatory guidance. The date at the top of the page will always show when it was last reviewed. Where changes are material, we will notify existing clients directly by email before they take effect.
How to contact us
All data-related queries, Subject Access Requests, and objections should be directed to Joey Davies, the data controller.
If you have any questions about how we handle your data, wish to exercise a right, or want to raise a concern, please get in touch by email. We aim to acknowledge all data-related queries promptly and will provide a full response within one calendar month of receiving a written request.
- Data queries
- accounts@jdaccountancy.com — Response within one calendar month under UK GDPR
- Data controller
- JD Accountancy
- Registered address
- Dalton House, 35 Chester Street, Wrexham, LL13 8AH
- Companies House
- N/A — sole trader
- ICO registration
- [ICO registration number — to be added]
Complaints to the ICO
If you are not satisfied with how we have handled your personal data or responded to a rights request, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK’s independent data protection regulator. You can contact the ICO at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. Website: https://ico.org.uk/make-a-complaint/. We would always welcome the opportunity to resolve a concern directly before you contact the ICO, so please do reach out to us first.