skip to navigationskip to main content

Call: 01708 766206

Privacy Policy

This policy explains when and why we collect personal information about people that engage our services to act on their behalf or who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may from time to time change this policy so please check this page occasionally to ensure you are happy with any changes. By engaging our services or using this website you are agreeing to be bound by this policy. This Policy is effective from 30.04.2018

Any questions regarding this policy and our privacy practices should be emailed to or sent in writing to: Bruce Allen, 3rd floor Scottish mutual house, 27-29 north street , Hornchurch Essex, RM11 1RS. Or you can call on 01708 766206


This privacy notice provides you with details of how we collect and process your personal data.

Bruce Allen LLP is the data controller and we are responsible for your personal data (referred to as “we” “us” or “ our “ in the privacy notice)

We are Bruce Allen LLP Chartered Certified Accountants (Company Number OC305541).Our registered office is 3rd floor Scottish Mutual House,27-29 North street Hornchurch Essex RM11 1RS.

Our email address is

If you are not happy with any aspect of how we collect and use your data ,you have the right to complain to the Information Commissioner’s Office(ICO), the UK supervisory authority for data protection issues ( .We should be grateful however if you would contact us first if you do have a complaint so that we can try and resolve it for you.

It is very important that the information we hold about you is accurate and up to date and therefore please let us know if at anytime your personal information changes by emailing us at .

Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.


We will only use your personal data when legally permitted. The most common uses of your personal data are as follows::

In order to perform the contract between us..

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with legal or regulatory obligations.

Generally we do not rely on consent as a legal ground for processing your personal data ,other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by emailing us at

Purposes for processing your personal data

Set out below is the description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.

We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.

Purpose/Activity Type of data Lawful basis for processing
To register you as a new client (a) Identity

(b) Contact

Performance of a contract with you.


Preparation of  self assessment (a) Identity

(b) Financial

(c) Contact

Performance of a contract with you to comply with Legal obligations.



Preparation of Accounts (a) Identity

(b) Financial

(c) Contact

Performance of a contract with you obligations to comply with legal obligations.


Processing of Payroll (a) Identity

(b) Financial

(c) Contact

Performance of a contract with you obligations to comply with legal obligations.



Filing confirmation statements (a) Identity

(c) Contact

Performance of a contract with you obligations to comply with legal obligations.


To manage our relationship

With you which will include:

(a) Identity

(b) Contact


Performance of a contract with you

To comply with Legal Obligations Necessary for our legitimate interests


Notifying you of changes to our

Terms or privacy policy

  To keep our records up to date
To administer and protect our

Business and our site (including

Troubleshooting, data analysis, testing, system maintenance support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

Necessary for our legitimate interests for running our business, provision of administration and IT services, network security and to prevent fraud.
Necessary to comply with legal


To inform you of changes and

Developments in connection with

Taxation and Accounting requirements

(a) Identity

(b) contact

Necessary for our legitimate interest to keep you up to date with changes.


Marketing communications

You may receive marketing information from us if you have

. requested information from us or engaged in a contract of services with us.

. if you provided us with your details and ticked the box at the point of entry of your details for us

to send you marketing communications : and

. in each case, you have not opted out of receiving that marketing.

We will get your opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing communications at any time by emailing us at at any time.


We will not sell or rent your information to any third parties and we will not share your information with any third parties for marketing purposes. However we may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 2 above.

Service providers who provide IT and systems administration services

Professional advisers including lawyers, bankers, auditors, tax advisors and insurers who provide consultancy, banking, legal, insurance and accounting and taxation services.

HM Revenue & Customs, regulators and other authorities based in the UK and other relevant jurisdictions who require reporting of processing activities in certain circumstances.

Fraud prevention agencies.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow third such third parties to process your personal data for specified purposes and in accordance with our instructions.


Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

If we do ever have the situation whereby we transfer your personal data outside of the EEA we will do our best to ensure a similar degree of security of the data by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European commission: or

Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European commission which give personal data the same protection at has in Europe: or

Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy shield which requires them to provide similar protection to personal data shared between the Europe and the US

If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.


We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach which we are legally required to do so.


We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or insurance requirements.

To determine the appropriate retention period of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.

By law we have to keep basic information about our customers (including contracts, Identity, financial and transactional data) for six years after they have ceased being a client for both Tax and insurance purposes.

In some circumstances you can ask us to delete you data: see below for further information.


Under certain circumstances, you have the rights under data protection laws in relation to your personal data. These include the right to:

Request access to your personal data

Request correction of your personal data

Request erasure of your personal data

Object to processing of your personal data

Request restriction of processing your personal data

Request transfer of your personal data

Right to withdraw consent

You can see more about these rights at:


if you wish to exercise any of the rights set out above, please email us at

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have a number of requests. In this case, we will notify you and keep you updated.

Sign up for our newsletter