GDPR & Privacy Policy

1. Who We Are

GW Pro Advisory Services Ltd ("we", "us", "our") is a data controller registered in England and Wales. We are registered with the Information Commissioner's Office (ICO) under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

• Identity data: full name, date of birth, title, National Insurance number, Unique Taxpayer Reference (UTR)
• Contact data: email address, telephone number, postal address
• Financial data: income details, bank account information, tax records, business accounts
• Identity documents: passport, driving licence, proof of address (for AML compliance)
• Technical data: IP address, browser type, cookies (see our Cookie Policy)
• Communications: emails, messages, and correspondence with us

3. How We Collect Your Data

We collect data directly from you when you: complete our client registration or contact form; book a consultation; provide documents for AML/KYC purposes; communicate with us by email, phone, or our client portal; or use our website.

4. Lawful Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: to provide the accountancy and tax services you have engaged us for
• Legal obligation: to comply with AML regulations, HMRC requirements, and other legal duties
• Legitimate interests: to manage our business, prevent fraud, and improve our services
• Consent: for marketing communications (you may withdraw consent at any time)

5. How We Use Your Data

• Providing accountancy, tax, and advisory services to you
• Communicating with HMRC, Companies House, and other authorities on your behalf
• Conducting anti-money laundering (AML) checks as required by law
• Sending you important updates about your tax obligations and deadlines
• Generating and storing client engagement documents
• Complying with our legal and regulatory obligations

6. Data Retention

We retain personal data for the following periods:

• Tax and accounting records: 7 years from the end of the relevant tax year (HMRC requirement)
• AML/KYC records: 5 years from the end of the client relationship (Money Laundering Regulations 2017)
• General correspondence: 6 years
• Marketing data: until you withdraw consent or request deletion

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access: to request a copy of the data we hold about you
• Right to rectification: to correct inaccurate or incomplete data
• Right to erasure: to request deletion of your data (subject to legal retention obligations)
• Right to restrict processing: to limit how we use your data in certain circumstances
• Right to data portability: to receive your data in a structured, machine-readable format
• Right to object: to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact us at info@gwproadvisory.co.uk. We will respond within 30 days.

8. Third Parties and Data Sharing

We may share your data with:

• HMRC, Companies House, and other regulatory authorities as required by law
• Our software providers (Xero, QuickBooks, FreeAgent) under data processing agreements
• Resend (email delivery service) under GDPR-compliant terms
• Professional advisers where necessary for the provision of our services

We do not sell your personal data to third parties.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted storage, secure access controls, and regular security reviews. Our client portal uses industry-standard security protocols.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.