Privacy Notice


Version 1.0  |  April 2026  |  Compliant with UK GDPR and the Data (Use and Access) Act 2025

1.  Who We Are

Noel Guilford (sole trader, trading as Guilford Accounting) is the data controller for the personal information described in this notice.

We are responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025 (DUAA 2025).

Contact details

  • Name:  Noel Guilford, Guilford Accounting
  • Website:  guilfordaccounting.co.uk
  • Email:  noel@guilfordaccounting.co.uk
  • Post:  Fourwinds House, Balderton, Chester, CH4 9LF

No Data Protection Officer is required for this practice. We do not carry out large-scale systematic monitoring or large-scale processing of sensitive data.

Please let us know promptly if your personal information changes. Email us at noel@guilfordaccounting.co.uk.

2.  What Personal Data We Collect, Why, and on What Legal Ground

Personal data means information that identifies or could identify a living individual. We collect only what we need.

Communication data

This covers messages you send us by email, phone, post, contact form, or social media. We use it to respond, keep records, and establish or defend legal claims. Our legal ground is legitimate interests: to reply to you and maintain proper records.

Client and prospect data

This covers your name, address, phone number, email, company details, and financial information gathered during the course of providing accounting, advisory, mentoring, or coaching services. We use it to perform our contract with you, comply with our legal obligations (including HMRC and anti-money laundering requirements), and manage our professional relationship. Our legal ground is performance of a contract and, where required by law, legal obligation.

Website user data

This covers how you use our website, including pages visited, time spent, and navigation paths. We use it to ensure the website works properly and to understand how visitors use it. Our legal ground is legitimate interests: to administer and improve our website and business.

Technical data

This covers your IP address, browser type, device information, and similar technical information collected via cookies and analytics tools. Our legal ground is legitimate interests or, where required by law, consent via your cookie preferences.

Marketing data

This covers your preferences for receiving marketing from us and your communication preferences. Our legal ground is either consent or recognised legitimate interests under the DUAA 2025 (direct marketing). You can opt out at any time (see Section 4).

Required data. Where we need personal data to fulfil a contract or comply with the law, and you choose not to provide it, we may be unable to provide the relevant service.

Further processing. We use personal data only for the purpose it was collected, or a reasonably compatible purpose. The DUAA 2025 introduced a new framework for compatible further processing: if we need to use your data for an unrelated new purpose, we will tell you and explain the legal basis.

Sensitive data. We do not collect sensitive personal data (race, religion, health, biometrics, etc.) unless this is strictly necessary for a service and you give your explicit consent.

Criminal conviction data. We do not collect information about criminal convictions or offences.

Automated decision-making. We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

3.  How We Collect Your Personal Data

We collect personal data:

  • directly from you, when you contact us, engage our services, or fill in forms on our website
  • automatically, via cookies and analytics when you visit our website (see Section 9)
  • from third parties such as analytics providers (e.g. Google), search information providers, or from publicly available sources such as Companies House

4.  Marketing

We may use your personal data to send you information about our services, events, articles, or other relevant content. We rely on either your consent or recognised legitimate interests under the DUAA 2025 for direct marketing.

Under the Privacy and Electronic Communications Regulations (PECR), we may send marketing emails to existing clients without separate consent. We may not do so for new contacts without your agreement.

You can opt out of marketing communications at any time by emailing noel@guilfordaccounting.co.uk or by clicking the unsubscribe link in any email we send you.

We will never share your personal details with any third party for their own marketing purposes.

5.  Who We Share Your Data With

We share personal data only where necessary. Recipients may include:

  • our bookkeepers and payroll provider, who process data on our behalf under a written agreement requiring them to keep it confidential
  • professional advisers such as our bank, insurer, or solicitor
  • HMRC, Companies House, and other government bodies where we are legally required to report
  • IT service providers supporting our practice (e.g. Xero, TaxCalc, cloud storage, email systems)

All third parties who receive your data must respect its security and use it only for the purpose for which we share it.

6.  International Transfers

Some of our service providers (such as Xero, Google, or AWeber) are based outside the UK. Where we transfer personal data outside the UK, we do so only where:

  • the UK government has decided that the destination country provides an adequate level of protection
  • the provider participates in the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework)
  • we use a contract approved by the ICO, such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses

If none of these safeguards is available, we will ask for your explicit consent before transferring your data.

7.  How We Keep Your Data Secure

We take appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, disclosure, alteration, or destruction. Access is limited to those who need it to carry out their role.

We have procedures for dealing with suspected data breaches and will notify you and the Information Commissioner's Office (ICO) where we are legally required to do so.

8.  How Long We Keep Your Data

We keep personal data only as long as necessary for the purposes we collected it, including any legal or regulatory requirements.

Tax law requires us to keep basic client records for six years after the end of the relevant tax year. We keep engagement files for six years after the end of the client relationship. Other data is reviewed and deleted periodically.

In some cases we may anonymise personal data for research or statistical purposes, in which case we may retain it indefinitely.

9.  Cookies

Our website uses cookies. Some are strictly necessary for the website to function. Others collect analytics or preference data.

Under changes introduced by the DUAA 2025 (in force 5 February 2026), the list of cookies exempt from prior consent has been expanded. We will still ask for your consent for non-essential cookies.

You can set your browser to block or alert you to cookies. Some website features may not work if you do. For full details, please see our Cookie Policy on our website.

10.  Your Rights

Under UK data protection law you have the following rights in relation to your personal data:

  • Access:  to request a copy of the personal data we hold about you
  • Correction:  to ask us to correct inaccurate or incomplete data
  • Erasure:  to ask us to delete your data in certain circumstances
  • Restriction:  to ask us to restrict processing of your data
  • Portability:  to receive your data in a structured, commonly used format
  • Objection:  to object to processing based on legitimate interests
  • Withdraw consent:  where processing is based on consent, to withdraw it at any time
  • Complain:  to raise a complaint directly with us or with the ICO (see Section 11)

To exercise any of these rights, email noel@guilfordaccounting.co.uk. We will respond within one month. There is no fee unless your request is clearly unfounded, repetitive, or excessive.

We may need to verify your identity before responding. The DUAA 2025 clarifies that our searches for your data need be only reasonable and proportionate.

For further information on your rights, see: ico.org.uk

11.  How to Complain

From 19 June 2026, the DUAA 2025 requires all data controllers to have a formal internal complaints procedure. This section satisfies that requirement.

If you have a concern about how we handle your personal data, please contact us first and we will do our best to resolve it.

Submit a complaint to us by:

  • Email:  noel@guilfordaccounting.co.uk
  • Post:  Fourwinds House, Balderton, Chester, CH4 9LF

We will acknowledge your complaint within 30 days, investigate it without undue delay, and communicate the outcome to you with enough detail for you to understand our reasoning.

If you remain dissatisfied, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk, the UK supervisory authority for data protection.

12.  Third-Party Links

Our website may contain links to other websites. We are not responsible for their privacy practices. We encourage you to read the privacy notice of every website you visit.

Guilford Accounting  |  noel@guilfordaccounting.co.uk  |  guilfordaccounting.co.uk  |  Version 1.0, April 2026