Privacy Policy
This policy explains what personal information Country Accountant Surrey collects, why we collect it, how we use it and the rights you have. We are committed to keeping your information secure and processing it lawfully under the UK GDPR and the Data Protection Act 2018.
Who we are
Country Accountant Surrey is a UK-based accountancy practice operating from Cranleigh, Surrey, providing services to small businesses, sole traders and landlords across Surrey and the surrounding areas. References in this policy to "we", "us" and "our" mean Country Accountant Surrey. We are the data controller for personal information we collect through this website and during the course of our engagements.
You can contact us at info@countryaccountantsurrey.co.uk.
Information we collect
- Information you give us — for example when you complete the contact form, subscribe to our newsletter, register for the client portal or engage us as your accountant. This typically includes your name, email address, telephone number and any details you choose to share about your business or financial position.
- Information about your visit — anonymised analytics about pages visited, broad geographic location (city level) and approximate visit timing. We only set non-essential cookies after you have given consent through our cookie banner.
- Information from connected services — if you authorise us to access third-party accounting software (such as Xero) on your behalf, we receive accounting records, invoices, contacts and related data from that service. We only request the access needed for the work you have asked us to do.
- Information you upload — documents, receipts and correspondence you provide through the client portal, by email or by post.
How we use your information
- To provide the accountancy, bookkeeping and tax services you have engaged us for.
- To respond to enquiries submitted through the contact form.
- To send you our newsletter, where you have asked to receive it.
- To meet our legal and regulatory obligations (including HMRC, Companies House and anti-money-laundering requirements).
- To improve the website and the services we provide.
- To detect and prevent fraud and protect the security of our systems.
Our lawful basis
We rely on the following lawful bases under UK GDPR: contract (to deliver the services we have agreed with you), legitimate interests (to run our business, respond to enquiries and keep our systems secure), legal obligation (where we are required to keep records for HMRC or other regulators) and consent (for non-essential cookies and marketing emails, which you can withdraw at any time).
Where we store your information
Your information is held on infrastructure provided by Amazon Web Services. Operational data is stored in the AWS London region (eu-west-2); a small number of analytical and AI processing tasks run in the AWS Ireland region (eu-west-1). Both regions are within the United Kingdom and European Economic Area, and we do not transfer personal data outside the UK/EEA without appropriate safeguards.
Third parties we use
We use a small number of trusted suppliers to deliver our services. Each is contractually required to protect your information and only process it on our instructions:
- Amazon Web Services — hosting, storage, identity management, email delivery (UK / EEA regions only).
- Microsoft 365 — business email and document collaboration.
- Anthropic (via AWS Bedrock, Ireland) — AI features such as the daily briefing and bookkeeping summaries; processed within AWS infrastructure in the European Union.
- Xero — where you have authorised us to connect to your Xero organisation, we read and (with your further consent) write accounting data on your behalf.
- BoldSign (EU) — for engagement letters and other electronic signatures.
- Cloudflare Turnstile — to protect our forms from automated abuse.
- Google Analytics — anonymised website analytics, loaded only after you have given consent.
How long we keep your information
We retain client records for at least seven years after the end of an engagement to meet HMRC and other regulatory record-keeping requirements. Newsletter records are kept until you unsubscribe. Contact-form enquiries are kept only for as long as needed to respond, unless we go on to engage with you further. Anonymised analytics may be kept indefinitely.
Cookies
We use a small number of cookies. Essential cookies are needed for the site to work; non-essential cookies (analytics and limited personalisation) are only set after you have given consent. You can change your choice at any time by clearing your browser data or contacting us.
Your rights
Under UK data protection law you have the right to: access the personal information we hold about you, ask us to correct inaccurate information, ask us to erase information where there is no good reason for us to keep it, restrict or object to our processing, and receive your information in a portable format. To exercise any of these rights, please email info@countryaccountantsurrey.co.uk.
If you are unhappy with how we have handled your information you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Changes to this policy
We may update this policy from time to time. The date at the top of the page tells you when it was last changed. Where the changes are material we will draw them to your attention.
Contact
If you have any questions about this policy or how we use your information, please contact us at info@countryaccountantsurrey.co.uk.