Privacy Policy

The Business Bookkeeper Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

1. Information About Us

The Business Bookkeeper Ltd
Registered in England under company number: 8139683
Registered address: 22 Burley Close, London, SW16 4QQ.
Data Protection Officer: Selina Orleans-Foli
Email address:
We are a member of Institute of Accountants and Bookkeepers

2. What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 6, below.

4. What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know,  but you can always contact us to find out more or to ask any questions.

b) The right to access the personal data we hold about you.

c) The right to have your personal data rectified if any of your personal data held by us inaccurate or incomplete.

d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of.

5. How Do You Collect or Obtain Personal Data?

  • We may collect data about you by you providing the data directly to us (for example by filling in forms on our website, corresponding with us by phone, mail, email, social media or otherwise, by you posting details and documents to us or by you granting us access to shared online/electronic resources such as accounting software or online storage).
  • We may also collect data relating to your tax affairs (for example PAYE coding notices, tax calculation statements, and other correspondence) by it being sent to us by post or in electronic format by HMRC in cases where you have authorised HMRC to liaise directly with us as your tax agent.
  • To comply with legal obligations to which we are subject, to obtain evidence of your identity and address, we may receive data from third party agencies which may include residency and identity checks and ‘risk’ factors such as politically exposed persons and those on sanctions lists, and from publicly availably sources such as Companies House and the UK Electoral Register.

6. What Personal Data Do You Collect?

We may collect some or all of the following personal data (this may vary according to your relationship with us:

  • Full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, business name, job title, profession, payment information, national insurance number, passport number, tax reference number and financial details.
  • Information relevant to preparing your financial accounts, corporation tax, payroll, VAT and other services you require from us.

7. How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it or to comply with any legal requirements. Your personal data may be used for the following purposes:

  • Supplying our services to you as our client. Your personal details are required in order for us to enter into a contract with you
  • To provide, maintain and improve our bookkeeping services
  • To fulfil our obligations under relevant laws in force (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
  • To comply with professional obligations to which we are subject as a member of International Association of Bookkeepers.
  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
  • To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
  • Communicating with you. This may include responding to emails, calls or texts from you.
  • To contact you about other services we provide which may be of interest to you if you have consented to us doing so.
  • With your permission and/or where permitted by law, we may also use your
    personal data for marketing purposes, which may include contacting you by email/telephone/text message/post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. You may unsubscribe or opt-out at any time.

8. How Long Will You Keep My Personal Data?

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:

  • to provide you with the services you have requested
  • to comply with other law, including for the period demanded by HMRC
  • to support a defence of claim in court
  • Where we act as a data processor we will delete or return all personal data to the data controller as agreed with the controller

9. How and Where Do You Store or Transfer My Personal Data?

We shall only transfer any Personal Data we hold to a country outside the European Economic Area (“EEA”), if one of the following conditions applies:

  • The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms.
  • You have given your consent that your Personal Data is transferred.
  • The transfer is necessary for one of the reasons set out in the GDPR 2017, including the performance of a contract between you and us, or to protect your vital interests.
  • The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
  • The transfer is authorised by the ICO and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.

The security of your personal data is essential to us and to protect your data, we take a number of important measures, including but not limited to the following:

  • Data is protected by strong passwords that are changed regularly
  • Data is backed up frequently
  • Software is kept up-to-date with the latest security patches
  • Computers are protected by security software and firewalls
  • Files are kept in locked drawers or filing cabinets
  • Paper documents are shredded and disposed of securely when no longer required
  • Data users shall be appropriately trained and supervised in accordance with this notice which includes requirements that data users log off from or lock their computer/electronic device when it is left unattended. We shall take appropriate security measures against unlawful and/or unauthorised processing of personal data and against the accidental loss of or damage to your personal data.

10. Do You Share My Personal Data?

There may be situations in which it is necessary for us to disclose your Personal Data to other third parties, which include but are not limited to:

  • HMRC, our professional body Insitute of Accountants and Bookkeepers and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to the requirements of MLR 2017 (or any similar legislation), professional indemnity insurers, and an alternate appointed by us in the event of incapacity or death.
  • Subcontractors
  • Professional indemnity insurers
  • In providing you with our service we use secure online storage and software providers to process electronic data, including personal data. These providers are GDPR compliant or apply equivalent/adequate safeguards. A full list of these providers can be provided on request.
  • In some limited circumstances we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
  • If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
  • If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR 2017.
  • We use youtube videos embedded on our website, Youtube has it’s own cookie and privacy policy over which we have no control. You can view their privacy policy here.

11. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal address shown in Part 12.

In order to respond to your request, we may request additional information from you to confirm your identity. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within one month of receiving it.

Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

12. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Selina Orleans-Foli)

Email address:
Telephone number: 0207 137 6565.

Postal Address: The Business Bookkeeper Ltd, 22 Burley Close, London, SW16 4QQ.

13. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available at

14. Cookie Policy

This Cookie Policy explains how we use cookies and similar technologies to recognise you when you visit our website. It explains what these technologies are and why we use them, as well as your rights to control our use of them.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, The Business Bookkeeper) are called “first-party cookies”. Cookies set by parties other than the website owner are called “third-party cookies”. Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Website. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

What types of cookies do we use and how do we use them?

We use several types of cookies on our website, including:

  1. Essential Cookies: These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas. Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions.

  2. Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These might include cookies from third-party analytics services such as Google Analytics.

  3. Functionality Cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

  4. Advertising or Targeting Cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  5. Social Media Cookies: These cookies are used based on social media services we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.