Privacy Policy

Last reviewed: Thursday, 21 May 2026

1. Who We Are

HLS Accounts (formerly trading as HLS Accounting) is a firm of Chartered Accountants based in Cardiff, Wales. We provide accounting, bookkeeping, tax advisory, payroll, and related financial services to individuals and businesses.

We are the Data Controller for the personal data we collect. This means we are responsible for deciding how and why your personal data is used, and we are accountable for protecting it.

Trading Name: HLS Accounting Website: https://hlsaccounting.co.uk ICO Registration Number: [Insert your ICO registration number here]

2. Who This Policy Applies To

This policy applies to:

  • Current, former, and prospective clients of HLS Accounts
  • Visitors to our website
  • Anyone who contacts us by phone, email, or in person
  • Representatives of business clients (directors, employees, partners)

3. What Personal Data We Collect

3.1 Client Services Data

To provide our accountancy and tax services, we may collect:

  • Full name, date of birth, and National Insurance number
  • Postal address, email address, and telephone number
  • Financial information including income, expenses, assets, and liabilities
  • Bank account details (solely for the purpose of completing your accounts or tax returns)
  • Business registration details, company number, and VAT number
  • Payroll information including employee records and salary data
  • Tax reference numbers (UTR, company tax reference)
  • Copies of identity documents where required for anti-money laundering (AML) compliance

3.2 Website Data

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Pages visited and time spent on our site
  • Referral source (how you arrived at our website)
  • Cookie data (see Section 9 for our Cookie Policy)

3.3 Contact and Enquiry Data

When you contact us, we may collect:

  • Your name and contact details
  • The content of your message or enquiry
  • Records of our correspondence

4. Our Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Contract - To deliver accounting, tax, and payroll services you have engaged us for. Legal Obligation - To comply with HMRC requirements, AML regulations, and Companies House filings. Legitimate Interests - To manage our business, maintain client records, and respond to enquiries. Consent - For marketing communications. You may withdraw consent at any time.

5. How We Use Your Personal Data

We use your personal data to:

  • Prepare and file tax returns (Self Assessment, Corporation Tax, VAT)
  • Provide bookkeeping, management accounts, and year-end accounts
  • Administer payroll and auto-enrolment pension contributions
  • Communicate with HMRC, Companies House, and other regulatory bodies on your behalf
  • Carry out identity verification and anti-money laundering checks as required by law
  • Send you relevant updates about changes in tax law or accounting standards that affect you
  • Respond to your queries and manage our relationship with you
  • Comply with our own legal and regulatory obligations

6. Who We Share Your Data With

We may share your personal data with the following third parties, strictly on a need-to-know basis:

  • HMRC - for the submission of tax returns and other statutory filings
  • Companies House - for annual returns and company filings
  • Your pension provider - for payroll and auto-enrolment purposes
  • Our accountancy software providers (e.g. Xero, QuickBooks) — held under data processing agreements
  • Our professional indemnity insurer, if required to investigate a complaint
  • Anti-money laundering regulators, if we are legally obliged to report

We will never sell your personal data to third parties. We do not share your data for any commercial or marketing purpose without your explicit consent.

7. International Data Transfers

We primarily store and process your data within the United Kingdom and European Economic Area (EEA). Where we use software providers that store data outside the UK or EEA, we ensure that appropriate safeguards are in place - such as UK adequacy decisions or Standard Contractual Clauses - before any transfer takes place.

8. How Long We Keep Your Data

We retain your personal data for as long as necessary, or as required by law. Key retention periods are:

Client accounting records - 6 years from end of tax year (HMRC statutory requirement) Company records (limited companies) - 6 years from end of accounting period (Companies Act 2006) AML / identity verification documents - 5 years from end of business relationship (AML Regulations 2017) Payroll records - 3 years from end of the tax year they relate to (HMRC requirement) Enquiries / correspondence (non-clients) - 12 months Website analytics data - Up to 26 months

9. Cookies

Our website uses cookies to improve your browsing experience. Cookies are small text files stored on your device. We use:

  • Essential cookies - required for the website to function correctly
  • Analytics cookies - to understand how visitors use our website (e.g. Google Analytics)
  • Preference cookies - to remember your settings

You can control cookie settings through your browser at any time. Disabling non-essential cookies will not affect your ability to use our website or services.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of Access (SAR) - You may request a copy of all personal data we hold about you. We will respond within 30 days. Right to Rectification - You may ask us to correct inaccurate or incomplete data. Right to Erasure - You may request deletion of your data, subject to our legal retention obligations. Right to Restriction - You may ask us to restrict processing while a dispute is resolved. Right to Portability - You may request your data in a structured, machine-readable format. Right to Object - You may object to processing based on legitimate interests or for direct marketing. Right to Withdraw Consent - Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within one calendar month and will not charge a fee unless a request is manifestly unfounded or excessive.

11. How We Protect Your Data

We take data security seriously and have put in place appropriate technical and organisational measures, including:

  • Secure encrypted email for sharing sensitive documents
  • Password-protected accounting software with role-based access controls
  • Two-factor authentication on all client-facing platforms
  • Secure disposal of paper documents containing personal information
  • Regular staff training on data protection and information security

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, contact you directly.

12. How to Contact Us

If you have any questions about this policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:

Company: HLS Accounting Email: info@hlsaccounting.co.uk Address: 59 Llwyn Y Pia Road Lisvane, Cardiff CF14 0SX Phone: 029 2280 5941

13. Right to Complain to the ICO

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO) Website: https://ico.org.uk Helpline: 0303 123 1113

We would appreciate the opportunity to resolve any concern directly before you contact the ICO. Please get in touch with us first using the details in Section 12.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law or our practices. The most current version will always be available on our website. Where changes are material, we will notify existing clients directly.

This policy was last reviewed and updated in March 2026.