Friendly Figures Logo

Privacy Policy

How we collect, use and protect your personal data

1. Who We Are

Friendly Figures Ltd ("we", "us", "our") is a UK-based accountancy practice providing bookkeeping, tax, compliance and advisory services to individuals and businesses.

We are a company registered in England and Wales (Company Number: 16794695) and registered with the Information Commissioner's Office (ICO).

We are a data controller for the purposes of UK data protection legislation and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy, please contact:

Email: contactus@friendlyfigures.co.uk

2. The Personal Data We Collect

We collect and process personal data necessary to provide professional accountancy services and to comply with legal obligations.

  • Identity Data – Includes your name, date of birth, National Insurance number, tax references and identity documents such as passport or driving licence details (for anti-money laundering verification).
  • Contact Data – Includes your residential or business address, email address and telephone number.
  • Financial & Tax Data – Includes bank account details, income records, transaction information, payroll data, VAT information and tax return details.
  • Company & Business Data – Includes company registration details, director and shareholder information, UTR numbers and VAT numbers.
  • AML & Compliance Data – Includes identity verification documentation, risk assessment information and source of funds information where required under anti-money laundering regulations.
  • Technical Data (where applicable) – Includes IP address, browser type and cookie data collected via a website.

3. How We Collect Your Data

We collect data directly from you during onboarding and throughout our engagement, from HMRC (with your authority), from Companies House, from accounting software providers, and from identity verification providers for AML checks.

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contractual Obligation – To provide agreed accountancy, tax and advisory services.
  • Legal Obligation – To comply with tax legislation, anti-money laundering regulations and regulatory requirements.
  • Legitimate Interests – To operate and manage our practice effectively.

5. Anti-Money Laundering (AML)

As a regulated accountancy practice, we are legally required to verify client identity, conduct risk assessments, retain identification records, and report suspicious activity where required by law.

Failure to provide required identification documentation may prevent us from acting for you.

6. How We Use Your Data

We use your personal data to prepare statutory accounts and tax returns, submit information to HMRC and Companies House, provide bookkeeping and payroll services, offer business advisory services, comply with regulatory and legal obligations, and communicate with you regarding your financial affairs.

We do not sell or trade your personal data.

7. Sharing Your Data

We may share your data with HMRC, Companies House, cloud accounting software providers, professional advisers where necessary, and regulators such as ICAEW if required.

All third parties are required to maintain confidentiality and appropriate security measures.

8. International Data Transfers

Where cloud software providers store data outside the UK, we ensure appropriate safeguards are in place, including UK adequacy decisions or Standard Contractual Clauses.

9. Data Retention

We retain client records for a minimum of 6 years after the end of the relevant accounting period (for tax and regulatory purposes) and AML identification records for 5 years after the end of the client relationship.

After this period, data is securely deleted or destroyed.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including secure cloud storage, password-protected systems, restricted access to client files and encrypted communications where appropriate.

11. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure where legally permissible
  • Request restriction of processing
  • Object to processing
  • Request data portability

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk

12. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will be available upon request or on our website.