NEW: Start Your Tax-Smart Limited Company for just £99Get Ready to Rent →

Privacy Notice

This Privacy Notice applies to clients of Provestor Accounts Ltd and should be read alongside our Terms and Conditions. It explains how we collect, use, and protect your personal data in the course of delivering our accountancy and tax services, as well as your rights under UK data protection law. By engaging our services, you agree to the handling of your personal data as outlined in this notice and our Terms and Conditions of Service.

Introduction

The Data Protection Act 2018 (“DPA 2018”) and the UK General Data Protection Regulation (“UK GDPR”) impose certain legal obligations in connection with the processing of personal data.

Provestor Ltd is a data controller within the meaning of the GDPR and we process personal data. The firm’s contact details are as follows:

Provestor Ltd 1, Derwent Business Centre, Clarke Street, Derby. DE1 2BU
Email: dpo@provestor.co.uk
Phone: 01332 460275

We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available a copy of the amended privacy notice.

Where we act as a data processor on behalf of a data controller, we provide an additional schedule setting out required information as part of that agreement. That schedule should be read alongside this notice.

The purposes for which we intend to process personal data

We intend to process personal data for the following purposes:

  • To enable us to supply professional accountancy and tax advisory services to you as our client.

  • To provide software tools and digital platforms for bookkeeping and company compliance.

  • To fulfil our obligations under relevant laws (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended – “MLR 2017”).

  • To comply with professional obligations to which we are subject.

  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.

  • To enable us to invoice you and resolve any related fee disputes.To contact you about services we provide that may be of interest to you, where consent has been given.

  • To improve the functionality, support and delivery of our digital services.

  • To analyse aggregated client satisfaction data for service improvement and performance monitoring.

The legal bases for our intended processing of personal data

Our intended processing of personal data has the following legal bases:

  • The processing is necessary for the performance of our contract with you.

  • The processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2017).

  • The processing is necessary for the purposes of the following legitimate interests which we pursue:

    • Delivering and improving our professional and digital services.

    • Investigating or defending actual or potential legal claims.

    • Monitoring and improving client experience, product features and performance.

By agreeing to our Terms and Conditions, you also agree to receive occasional marketing communications from us about services we consider relevant and potentially beneficial to your needs. You may opt out of receiving these communications at any time by following the instructions included in the communication or by contacting us directly.

It is a condition of our contract with you that you provide the personal data we request. If you do not provide this, we may not be able to act for you.

Categories of personal data collected

We collect and process the following categories of personal data:

  • Identity data (e.g. name, date of birth, NI number, UTR)

  • Contact data (e.g. email address, phone number, address)

  • Financial and transactional data (e.g. bank details, income, expenses)

  • Company and business details (e.g. incorporation data, accounting records)

  • Platform usage data (e.g. access logs, support tickets, submitted records)

  • IP addresses and cookies (for security, analytics and support)

Source of personal data

Where we obtain personal data from sources other than you, they may include:

  • Publicly available sources (e.g. Companies House, HMRC)

  • Your authorised agents (e.g. mortgage brokers, accountants)

  • Our digital platforms and integrations

  • Other third parties you instruct us to liaise with (e.g. software providers, letting agents)

Persons/organisations to whom we may give personal data

We may share your personal data with:

  • HMRC and other government bodies

  • Any third parties with whom you instruct us to correspond

  • Our subcontractors and software providers

  • Tax investigation or fee protection insurance providers (if applicable)Our professional indemnity insurers

  • Our professional bodies and/or OPBAS in relation to MLR 2017 compliance

  • Inni Ltd, the parent company of Provestor Accounts Ltd, as it owns and operates the Provestor Platform

  • Our platform development and support team

  • Stripe or payment providers

If required by law, we may share your data with:

  • The police or law enforcement agencies

  • Courts and tribunals

  • The Information Commissioner’s Office (ICO)

If you ask us not to share your data with certain third parties, we may need to cease acting for you.

Transfers of personal data outside the UK or EEA

Your personal data is stored and processed in the UK and the EEA.

Where we engage third parties outside the UK/EEA (e.g. cloud service providers), we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

Retention of personal data

In line with best practice and our regulatory requirements, we retain records as follows:

  • Tax returns: kept for 7 years from the end of the tax year to which the information relates.

  • Advisory work: retained for 7 years from the date the business relationship ceased.

  • Ongoing relationships: data needed for ongoing compliance is retained during the relationship and deleted 7 years after it ends, unless you request extended retention.

Our terms include a 7-year document destruction clause and your agreement to these terms confirms agreement to this retention period.

You must retain records relevant to your own tax affairs:

  • Individuals

    • With rental or trading income: 5 years and 10 months after tax year end

    • Otherwise: 22 months after tax year end

  • Companies: 6 years from the end of the accounting period

Where we act as a data processor, we will delete or return personal data to the controller on the agreed basis.

Requesting personal data we hold about you (Subject Access Requests)

You have the right to access personal data we hold about you.

Please submit SARs in writing to dpo@provestor.co.uk

To process your request, please provide details to confirm your identity and help us locate the data (e.g. full name, previous addresses, date of birth, NI number, or tax ref).

We aim to respond within one month. We do not charge for this service.

Your other rights under the UK GDPR

You also have the right to:

  • Request correction of inaccurate or incomplete data (right to rectification)

  • Request deletion of your data in certain circumstances (right to erasure)

  • Object to or restrict processing (e.g. marketing, profiling)

  • Request a copy of your data in a machine-readable format (right to data portability)

  • Withdraw your consent (if previously given) at any time

To exercise any of these rights, please contact us using the details above. We will respond within one month. In some cases, we may be legally entitled to refuse the request, in which case we will explain why.

Automated decision-making

We do not carry out automated decision-making or profiling using your personal data.

Complaints

If you are unhappy with how we have handled your data, please raise your concern with us first.

Complaints should be sent to dpo@provestor.co.uk 

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office www.ico.org.uk