WEBSITE PRIVACY POLICY
1. Introduction
This Privacy Policy explains how we process personal data when you use our website, contact us, use our services.
We process personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the Data Use and Access Act 2025 (DUAA 2025), as well as any other applicable UK laws.
2. Data Controller
The data controller is:
AM BOOKKEEPING & ACCOUNTING LTD
Address: 12 Wall Street Plymouth
Company number: 16785480
ICO registration number: ZC110642
Contact email: office.ambookkeeping@gmail.com
3. Person responsible for data protection
The person responsible for data protection in our organisation is:
Agnieszka Mierzwicka DPO
Contact: office.ambookkeeping@gmail.com
4. What personal data we process
Depending on your relationship with us, we may process:
- enquiries/leads: name, email, phone, message content, form data;
- clients/contractors: identification, contact, company and billing data, correspondence and documents necessary to deliver services;
- website visitors: technical data (IP, device/browser identifiers), usage data, cookies;
- recruitment (if applicable): CV, experience, references, contact data.
Special category data: we do not ask for sensitive data via the website as a rule. If we receive it or it is necessary for a specific matter, we process it only in accordance with Article 9 UK GDPR and with enhanced safeguards.
5. Purposes and lawful bases (UK GDPR)
We process personal data only where we have a lawful basis:
- contract / steps before contract (Art. 6(1)(b));
- legal obligation (Art. 6(1)(c));
- legitimate interests (Art. 6(1)(f)) – in such cases we document a balancing test (LIA – Legitimate Interests Assessment);
- consent (Art. 6(1)(a)) where required.
Special category data (if applicable) is processed only where an Article 9 condition applies.
6. Sources of your data
We collect data directly from you, from your organisation (if you act on behalf of a business).
7. Who we share data with
We may share data with IT providers (processors), professional advisers where necessary, and public authorities/regulators where legally required. We do not sell personal data.
8. International transfers
If data is transferred outside the UK, we use appropriate safeguards (adequacy, SCCs, or other lawful mechanisms). Transfers are documented and assessed where required (TRA).
9. Automated decision-making and profiling
We do not carry out automated decision-making or profiling under the UK GDPR.
10. Retention
We retain data only as long as necessary and to meet legal requirements.
Suggested periods (adapt):
- enquiries/leads: 12 months
- client files/services: 6 years after completion
- billing/tax records: e.g. 6 years
- recruitment: 6 months
- marketing consent: until withdrawn or objected
Data is then securely deleted or anonymised.
11. Your rights
You have rights of access, rectification, erasure (where applicable), restriction, portability (where applicable), objection, withdrawal of consent, and the right to complain to the ICO.
12. DSAR/SAR – including “stop-the-clock”
DSARs can be submitted by email or other specified channels. We respond within one month as a rule. We may verify identity and request clarification.
Where we request clarification or additional information necessary to respond, the deadline may be paused until we receive it (“stop-the-clock”).
We may refuse requests that are manifestly unfounded or excessive in accordance with the law.
13. Complaints (DUAA 2025) – internal process
You may submit a complaint to: office.ambookkeeping@gmail.com We acknowledge within 72 hours and aim to respond within 30 days, informing you if more time is needed. If you are unhappy, you may complain to the ICO.
14. ICO contact details
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Phone: 0303 123 1113
15. Changes
We may update this policy. The latest version is published on this page.
Last updated: 1/04/2026