Privacy Policy

Skynet Accountancy and Bookkeeping Ltd
Last updated: 01/01/2026

Skynet Accountancy and Bookkeeping Ltd respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, store and protect your personal data when you visit our website, contact us, or use our services. It also explains your legal rights and how the law protects you.

This notice should be read alongside any specific privacy information we provide when collecting data for a particular purpose (for example, during onboarding or anti-money laundering checks). This notice supplements any other notices and is not intended to override them.

Contents

  1. Important information and who we are
  2. The personal data we collect
  3. How your personal data is collected
  4. How we use your personal data
  5. Lawful bases for processing
  6. Marketing preferences
  7. Disclosures of your personal data
  8. International transfers
  9. Data security
  10. Data retention
  11. Your legal rights
  12. Cookies and website data
  13. Complaints
  14. Glossary
  1. Important information and who we are

Purpose of this Privacy Notice

This Privacy Notice explains how Skynet Accountancy and Bookkeeping Ltd collects and processes personal data through:

  • our website
  • enquiries and discovery calls
  • proposals, engagement letters and delivery of services
  • ongoing client relationship management
  • compliance activities including anti-money laundering checks

Controller

Skynet Accountancy and Bookkeeping Ltd is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this Privacy Notice).

Company name: Skynet Accountancy and Bookkeeping Ltd

Trading name: Skynet Accounting
Company number: 15067641
Registered office: B1 Vantage Business Park, Old Gloucester Road, Hambrook, Bristol, BS16 1GW
Trading office: 42a The Yews, Waterlooville, Hampshire, PO8 0BH

Data protection contact: Yesim Tilley

If you have any questions about this Privacy Notice or you wish to exercise your rights, please contact:

Yesim Tilley, Managing Director
Email: skynet@skynetaccounting.co.uk
Telephone: 02393 553991
Postal address: 42a The Yews, Waterlooville, Hampshire, PO8 0BH

Changes to this Privacy Notice and keeping your data accurate

We may update this notice from time to time. The latest version will be available on our website and on request. It is important that the personal data we hold about you is accurate and up to date. Please inform us if your details change.

Third-party links

Our website may include links to third-party websites, plug-ins and applications (for example, embedded video or booking platforms). Clicking those links may allow third parties to collect or share data about you. We do not control these third-party websites, and we are not responsible for their privacy notices. When you leave our website, you should read the privacy notice of any website you visit.

  1. The personal data we collect

Personal data means information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Depending on your relationship with us, we may collect, use, store and transfer different kinds of personal data, grouped as follows:

Identity data

For example: full name, title, date of birth, gender, marital status and identity verification details.

Contact data

For example: business details, billing address, email address, telephone numbers, and business contact details.

Business and engagement data

For example: company name, role, correspondence, meeting notes, and information relevant to providing our services.

Financial and tax data

For example: accounting records, tax details, payroll information, director/shareholder details, and documents needed to deliver our services.

Transaction data

For example: details about payments to and from you and our fee invoices.

Technical data

For example: IP address, browser type and version, device information, time zone setting, operating system, and other technology on the devices you use to access our website.

Usage data

For example: information about how you use our website.

Marketing and communications data

For example: your preferences in receiving communications from us and your communication preferences.

Anti-money laundering (AML) and verification data

For example: passport/driving licence, proof of address, source of funds/source of wealth information (where needed), and results of electronic verification checks.

  1. How your personal data is collected

We use different methods to collect personal data from and about you, including:

Direct interactions

You may give us personal data by:

  • completing contact or enquiry forms
  • booking a call
  • corresponding with us by phone, email, post, or video call
  • engaging us to provide services
  • providing documents during onboarding or during delivery of services

Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies, server logs and similar technologies.

Third parties or publicly available sources

We may receive personal data from:

  • HMRC
  • Companies House
  • identity verification and AML service providers
  • publicly available registers and sources
  • your employer or business where they engage us to provide services
  1. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we use personal data to:

  • respond to enquiries and provide information you request
  • prepare proposals, engagement letters and service schedules
  • provide accounting, tax and financial management services
  • comply with legal and regulatory obligations (including AML requirements)
  • communicate with you about deadlines, requests for information and service delivery
  • manage payments, fees and credit control
  • maintain proper records for professional and legal purposes
  • improve our website and service experience
  • manage and protect our business (including troubleshooting, security and risk management)

If you fail to provide personal data we need where we need to collect personal data by law or to perform a contract and you do not provide it when requested, we may not be able to provide the services.

For example, if you do not provide identification for AML checks, we may have to decline or end the engagement.

  1. Lawful bases for processing

We process your personal data under one or more of the following lawful bases:

Performance of a contract

Where processing is necessary to perform our services or take steps at your request before entering into a contract.

Legal obligation

Where we must comply with legal or regulatory obligations, including HMRC requirements and the Money Laundering Regulations.

Legitimate interests

Where processing is necessary for our legitimate business interests, provided these do not override your rights. Examples include:

  • responding to enquiries
  • maintaining business records
  • improving our services
  • preventing fraud and ensuring security
  • managing our client relationships

Consent

Where we rely on consent, you have the right to withdraw it at any time. We generally use consent only for optional marketing communications where required by law.

We may process personal data for more than one lawful basis depending on the purpose.

  1. Marketing preferences

We may contact you with updates about our services where permitted by law and where relevant to your relationship with us.

You can opt out of marketing at any time by:

  • using the unsubscribe link in an email (if included), or
  • emailing us at skynet@skynetaccounting.co.uk

Opting out of marketing does not affect service communications (for example, emails about deadlines, engagement terms, or requests for information).

We do not share your personal data with third parties for their own direct marketing.

  1. Disclosures of your personal data

We may share your personal data with trusted third parties where necessary for the purposes set out in this notice, including:

  • HMRC and other statutory bodies
  • AML and identity verification providers
  • cloud software and IT service providers (for example, practice management, email and document storage)
  • payment providers and banks
  • professional advisers such as insurers, legal advisers or auditors
  • regulators and professional bodies where required

We require third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow service providers to use your data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.

If we sell, transfer or restructure part of our business, personal data may be transferred as part of that process. Any new owner would be required to use your personal data in the manner set out in this Privacy Notice.

  1. International transfers

We do not intentionally transfer your personal data outside the UK.

Some technology providers may store or process data outside the UK. Where this is the case, we will ensure appropriate safeguards are in place in line with UK GDPR requirements.

  1. Data security

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. Measures include:

  • access controls and permissions
  • secure cloud systems
  • staff confidentiality obligations
  • secure storage and transmission practices

We have procedures to deal with suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

  1. Data retention

We will only retain personal data for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting or reporting requirements.

Typical retention periods include:

  • Client files and working papers: usually 6 years after the end of the engagement
  • Tax and accounting records: usually 6 years in line with statutory and professional requirements
  • AML records: 5 years from the end of the business relationship (as required by the Money Laundering Regulations)
  • Enquiries where no engagement follows: up to 12 months
  • Marketing preferences: until you opt out or request deletion

We may retain data for longer where required for legal claims, regulatory investigations, or where there is a clear lawful basis.

  1. Your legal rights

Under UK GDPR, you have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request erasure of your personal data in certain circumstances
  • object to processing where we rely on legitimate interests
  • request restriction of processing
  • request data portability in certain circumstances
  • withdraw consent where we rely on consent

No fee usually required
You will not have to pay a fee to exercise your rights, but we may charge a reasonable fee if a request is clearly unfounded or excessive.

Verifying identity
We may request information to confirm your identity before responding. This is to protect your data.

Time limit
We aim to respond within one month. If a request is complex, we will keep you informed.

  1. Cookies and website data

Our website uses cookies and similar technologies to improve website function and understand website use.

Cookies may collect Technical Data and Usage Data such as:

  • how you use our website
  • pages visited
  • time spent on pages
  • referral source

You can set your browser to refuse cookies or alert you when cookies are set. If you disable cookies, some website features may not work properly.

  1. Complaints

If you have concerns about how we handle personal data, please contact us first and we will try to resolve it.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/concerns

  1. Glossary

Legitimate interests means the interests of our business in operating and managing our practice effectively, while balancing your rights.

Performance of contract means processing your data where necessary to deliver services to you or take steps at your request before entering into a contract.

Legal obligation means processing necessary to comply with laws and regulations we are subject to.

Data controller means the organisation deciding how and why your personal data is processed.

Data processor means a third party processing personal data on behalf of the controller.