Data Protection Policy – Xact+ Accountants

Last updated: September 21, 2025

Effective Date: August 04, 2022

1. Purpose of This Policy

Xact+ Accountants is committed to protecting the privacy and security of personal data. This policy explains how we collect, use, store, and protect personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We may also deliver services in collaboration with our UK Authorised Partners, who are equally bound by strict confidentiality and data protection standards.

2. Scope

This policy applies to:

  • All clients, suppliers, and third parties who share data with us.
  • All employees, contractors, and partners of Xact+ Accountants.
  • All personal data processed through our systems, website, and services.

3. Principles of Data Protection

We follow the core principles of UK GDPR. Personal data must be:

  • Lawful, fair, and transparent – we process data fairly and explain how it is used.
  • Collected for specific purposes – we only use data for agreed services.
  • Limited to what is necessary – we collect only the data we need.
  • Accurate and up-to-date – we take reasonable steps to correct or remove inaccurate data.
  • Stored securely – we protect data with technical and organisational measures.
  • Kept only as long as necessary – we retain data according to legal and regulatory requirements.

4. Types of Data We Collect

We may collect the following categories of personal data:

  • Identification details (e.g., name, date of birth, National Insurance number, UTR).
  • Contact information (e.g., email, phone number, business address).
  • Financial and tax records (e.g., bank details, payroll data, VAT records, accounting files).
  • Compliance documents (e.g., IDs, utility bills, Companies House filings).

5. How We Use Personal Data

    Personal data is used to:

    • Provide accounting, tax, compliance, and advisory services.
    • Communicate with clients and partners.
    • Submit filings to HMRC, Companies House, and regulatory bodies.
    • Meet anti-money laundering (AML) and “Know Your Customer” (KYC) requirements.
    • Manage billing, payments, and business records.

    When services are delivered with UK Authorised Partners, your data may be shared with them for compliance purposes.

    6. Legal Basis for Processing

    We process data on the following legal bases:

    • Contractual necessity – to deliver services agreed in our engagement letters.
    • Legal obligation – to comply with UK tax and accounting laws.
    • Legitimate interest – to manage our business effectively.
    • Consent – where required (e.g., for marketing communications).

    7. Data Sharing

    We may share personal data with:

    • HMRC, Companies House, and other government bodies.
    • Regulated UK Authorised Partners for specialist services (e.g., insolvency, audit, or other services).
    • Trusted third-party software providers (e.g., accounting platforms, payment processors).

    Note: We will never sell personal data to third parties.

    8. Data Subject Rights

    Under UK GDPR, you have the right to:

    • Access your personal data.
    • Request corrections to inaccurate information.
    • Request deletion of your data (where legally possible).
    • Restrict or object to processing.
    • Request data portability.
    • Withdraw consent for marketing at any time.

    Requests can be made by contacting us directly (see Section 12).

    9. Amendments

    We may update or modify the policy from time to time. Updated versions will be published on our website with a revised “Effective Date.”

    10. Contact Us

    If you have questions regarding these Terms, please contact us:

    Email: info@xactaccountants.co.uk

    Phone: 01615200345