Introduction
At 1 Accounts Online Limited we are entrusted with a large amount of personal data to store for our clients. It Is important to us that our client’s data is kept safe under our protection. HMRC guidelines state that by law we must store any data that relates to our client’s accounts for 6 years. After 6 years it is our obligation to delete any data relating to that client. For new and existing clients, once a proposal is signed, 1 Accounts are given permission to store any personal data that is required to complete the relevant work. All our software is in the cloud and so each piece of software is GDPR compliant. Please read the rest of the document for more information, if you have any questions please email jade@1accounts.co.uk or phone 01440 844986.
Who we are?
1 Accounts is a family run small business. Our data controller is Jade Donno. Jade can be contacted via email on jade@1accounts.co.uk or via telephone on 01440844986.
What information do we collect?
At 1 Accounts we collect a variety of data. When a Client signs our proposal, this gives us permission to store any neccessery data. Information is requested via an encrypted form, using Jot Form. Any additional information is then requested via encrypetd email, using Karbon.
Listed below is the data we always request:
Full Name
Date Of Birth
Business Name
Trading Name
Postal Address
Phone number
Email Address
Registered Office Address
Trading Start Date
Business Type
Year End
VAT Number (if applicable)
Government Gateway Username and Password.
PAYE Reference (If applicable)
Bank Provider
Account Number and Sort Code
Registered Number
Tax reference
A utility bill
A copy of passport
Bank Statements
How do we use personal information?
1 Accounts use personal information for a variety of different reasons. Please see the most common reasons below:
Account set up and administration
Delivering marketing and events communication.
Internal research and development purposes
Internal work flow purposes
Providing relevant services
Legal obligations
Meeting internal audit requirements
What legal basis do we have for processing your personal data?
As an accounting practice we have the legal obligation to store any data that helped us complete our clients accounts. This must be stored for a minimum of 6 years. No data will be stored if we do not have a signed proposal. If a client terminates their contract and wishes for their data to be removed, legally we cannot remove any data that relates to their accounts. This data will remained stored on Karbon, Tax Calc, Practice Ignition, HMRC & Companies House.
When do we share personal data?
1 Accounts Online Limited always treat personal data confidentially. Please see listed below the companies below that we may have to share your personal information with:
HMRC – To file accounts etc.
Companies House – To register companies
The Police – For any legal obligations
A specific mortgage provider – If applying for a mortgage
Sage One – To set up an account
Xero – To set up an account.
All these companies use either secure online portals or postal services to ensure the data is handled in the most secure way possible.
Where do we store and process personal data?
The majority of 1 Accounts Online Limited’s data is stored online, however we have the following procedures in place for storing personal data within the office.
Confidential post and/or hard copies of information is scanned and filed on Onedrive. This is then put in our confidential waste bin.
Confidential waste is inserted into a allocated bin. This is then taken via Doxbond to be shredded and disposed of.
If un-maned the office is locked.
In the case of having to store a physical document, this is stored and locked in a drawer or cupboard. All of which have their own keys and locks.
Each member of staff has their own Surface Book pro. These are protected via facial recognition and taken home over night.
Each member of staff has their own iPhone (models vary). These are all protected via finger print and passwords. These are taken home over night.
How do we secure personal data?
1 Accounts Online Limited store data online through a variety of software. Please see listed below what software we use, why and their own Privacy Policy.
Tax Calc – This is used to store any data we have regarding our client. The software helps with accounts production. It also creates templates for letters and official documents. Please follow the link to see their Privacy Policy: https://www.taxcalc.com/legal.php?page=privacy
Onedrive – This is used as a document management system. Any important documents, letters or emails are securely stored on Onedrive. Please follow the link to see their Privacy Policy: https://privacy.microsoft.com/en-gb/privacystatement
Microsoft 365 – We Microsoft outlook as our email platform. Any secure data sent via email will be encrypted via share file. Any email addresses are stored securely via Microsoft. Please follow the link to their privacy policy: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/solutions
Sage One – Sage One is accounting software our clients use. Sage One is an option to use, so data will only be stored if this software is chosen by the client. It holds any information regarding the clients business. Please follow the link to see Sage’s Privacy policy: https://uk.sageone.com/privacy-policy/
Xero – Xero is accounting software that our clients use. Xero is an option to use, so data will only be stored if this software is chosen by the client. It holds any information regarding the clients business. We also use Xero to manage our own accounts. All our invoices are sent via Xero. Please follow the link to see Xero’s Privacy Policy: https://www.xero.com/uk/about/terms/privacy/
Dashlane – Dashlane is used to store and generate all employee log in’s and passwords. With this we can monitor how secure our log in’s are and avoid any password hacks. Please follow the link to see Dashlane’s Privacy Policy: https://www.dashlane.com/download/Dashlane_SecurityWhitePaper_December2017.pdf
GoCardless – GoCardless is used to take our direct debits. This links directly to Xero to generate an invoice. Please follow the link to see their privacy policy: https://support.gocardless.com/hc/en-gb/articles/360000281005-GoCardless-and-GDPR
Practice Ignition – Practice Ignition is used to generate proposals for our clients. This links directly to GoCardless & Xero. Please follow the link to see their privacy policy: https://www.practiceignition.com/privacy
Docusign – Docusign is used so that clients can sign documents easily without having to scan and send or physically come into the office. Please follow the link to see their privacy policy: https://www.docusign.com/company/terms-and-conditions/schedule-docusign-signature/attachment-data-protection
Move My Books – Move my books is used to transfer a clients information from an existing piece of software to either Xero or Sage One. Please follow the link to their Privacy Policy: https://www.movemybooks.co.uk/privacy-policy/
Receipt bank: Many of our clients use this to keep track of purchases. This links directly to Xero and Sage One. Please follow the link to their Privacy Policy: https://www.receipt-bank.com/privacy-policy/
Companies House: This is the United Kingdoms registrar of companies. It is a legal requirement for companies to be registered. Please follow the link to their Privacy Policy: https://companieshouse.blog.gov.uk/2018/04/18/protecting-you-protecting-us/
HMRC – Her Majesty’s Revenue and Customs is responsible for the collection of taxes. Please follow the link to their Privacy policy: https://www.gov.uk/help/privacy-policy
Mail Chimp – This is an email marketing tool. We use this to send practice updates and information to our clients in bulk. Please follow the link to their Privacy Policy: https://mailchimp.com/legal/privacy/?_ga=2.1808690.2077737376.1526281866-1287058875.1523434830
Karbon – This is our internal workflow system. We also use this to send encryped emails and information. Please follow the link to their privacy policy: https://karbonhq.com/privacy-and-legal/
First Order – This is for any compaines house related jobs. We use this for confirmation statments, setting up companies & producing dividend vouchers. Please follow the link to their privacy policy: http://www.firstorderuk.co.uk/privacy-policy/

How long do we keep your personal data for?
We legally have to store any data relating to our clients accounts for a minimum of 6 years. From the point of termination we will delete any data that was for internal use only. Then we must keep any data that helped us completed the job required for 6 years. After 6 years a notification will be sent and all data removed from karbon, Onedrive & Tax Calc We cannot remove data from HMRC or Companies house.
Your rights in relation to personal data
Under GDPR you have the right to control your data. You have the right to:
Access any personal information if requested.
Restrict us to use any personal information.
Register a complaint with the Information Commissioners Office.
Restricting us to use data may cause problems in completing the work. However we will leave a note on Tax Calc to not use this particular piece of data. If access to data is required, this can only be the individuals data. Any data regarding another individual will require written consent.
If asked to delete data, this may not be possible due to our legal obligation to store data for 6 years.
How to contact us?
If you have wish to have your data removed or have any questions you can contact us in the following ways:
EMAIL: jade@1accounts.co.uk
POST: Rubine House, Manor Road, Haverhill, Suffolk, CB9 0EP
TELEPHONE: 01440844986