Legal

Privacy Policy

Last updated: 19 April 2026 · Ballards Online Limited

This privacy notice explains how Ballards Online (“we”, “us”, “our”) collects, uses, stores and protects your personal data when you use our website and services. We are the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: 19 April 2026.

1. Who we are

Ballards Online is a firm of chartered accountants regulated by the Institute of Chartered Accountants in England and Wales (ICAEW). Our full regulatory and contact details are on our contact page. We are registered with the UK Information Commissioner’s Office (ICO).

2. Data we collect

  • Enquiry data you submit via forms (name, company name, email, phone, service interest, any message).
  • Identification data required for anti-money-laundering (AML) checks — typically photo ID and proof of address.
  • Client records you provide so we can prepare accounts, tax returns, VAT, payroll and related services.
  • Technical data (IP, browser, device, referrer, pages visited) collected automatically when you use the site.

3. Why we use it — lawful bases

  • Contract — to quote for, deliver and invoice the services you engage us for.
  • Legal obligation — to comply with the Money Laundering Regulations 2017 (as amended), HMRC and Companies House requirements, and professional ICAEW rules.
  • Legitimate interests — to respond to enquiries, run and secure the website, and communicate operationally with you.
  • Consent — optional marketing (opt-in only) and non-essential cookies. You can withdraw consent at any time.

4. How long we keep it

Enquiry data that does not lead to engagement is deleted within 24 months. Client records are retained for 7 years after the end of the engagement to meet HMRC, Companies Act and AML record-keeping rules, then securely destroyed.

5. Who we share it with

Only with (a) HMRC and Companies House where legally required, (b) our regulated software suppliers hosted in the UK / EEA (engagement, accounting and filing platforms), (c) our professional indemnity insurer if a claim arises, and (d) law-enforcement or regulators where lawfully compelled. We do not sell data and we do not share it for third-party marketing.

6. International transfers

Our primary infrastructure is UK-hosted. Where a supplier processes data outside the UK, we rely on UK adequacy regulations or the International Data Transfer Addendum to the EU Standard Contractual Clauses.

7. Your rights

You have the right to access, rectify, erase, restrict, port and object to our processing of your personal data, and to withdraw consent at any time. To exercise any right, email us via our contact page. You may also complain to the Information Commissioner’s Office.

8. Security

We use TLS 1.2+ for data in transit, encrypted storage at rest, access controls on a need-to-know basis, and regular backups. All staff are bound by ICAEW professional confidentiality.

9. Changes to this notice

We review this notice at least annually. Material changes will be flagged on this page with a revised “last updated” date.

If you have any questions about this page, please contact info@ballardsnewman.co.uk.