Introduction
At Bookkeeping & Beyond, we are committed to safeguarding your privacy and ensuring the security of your personal information. As a business providing accounting and financial services through a shared services model, with operations based in India and clients primarily located in the United Kingdom, we adhere to all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Information We Collect
We may collect and process the following types of personal data:
Personal Identification Information: Name, address, email address, phone number, and job title of our clients and their employees.
Financial Information: Bank account details, payment information, tax identification numbers, and invoices.
Technical Data: IP address, browser type, time zone setting, and device identifiers.
Usage Data: Information about how you use our website, products, and services.
Marketing and Communications Data: Preferences for receiving marketing communications from us and your communication preferences.
How We Use Your Information
We will use your personal data for the following purposes:
- To provide and manage our accounting services effectively.
- To process payments, manage invoices, and ensure compliance with financial regulations.
- To communicate with you regarding services, updates, and support.
- To notify you about changes to our services or this policy.
- To conduct internal quality assurance and compliance checks.
- To comply with legal obligations, including anti-money laundering and audit requirements.
- To send you marketing communications, where you have opted to receive them.
Legal Basis for Processing Personal Data
We will only collect and process your personal data when we have a legal basis to do so. The legal bases include:
Consent: Where you have provided explicit consent for us to process your data for specific purposes.
Contract: Processing necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests: Processing necessary for our legitimate interests, provided that your interests and fundamental rights do not override those interests.
Data Sharing and Disclosure
We do not sell, trade, or otherwise transfer your personal information to outside parties without your consent, except in the following circumstances:
Service Providers: We may share your information with trusted third-party service providers who assist us in operating our business and delivering our services. These third parties are required to maintain the confidentiality of your data and are prohibited from using it for any unauthorized purposes.
Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities, including law enforcement or regulatory agencies.
International Data Transfers
As our operations are based in India and we handle personal data of clients in the United Kingdom, we will ensure that adequate safeguards are in place for the transfer of personal data. This includes:
Implementing Standard Contractual Clauses (SCCs) as approved by the European Commission to provide appropriate safeguards for data transfers.
Ensuring that any third parties receiving your data are compliant with GDPR standards and provide adequate levels of data protection.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, or destruction. This includes:
- Use of encryption for sensitive data.
- Implementing access controls to limit data access to authorized personnel only.
- Conducting regular security audits and assessments to identify and mitigate risks.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or reporting requirements. When your data is no longer needed, we will securely delete or anonymize it.
Your Rights
You have certain rights regarding your personal data, including:
- The right to access your personal data.
- The right to rectify any inaccurate or incomplete personal data.
- The right to request the deletion of your personal data under certain circumstances.
- The right to restrict processing of your personal data.
- The right to data portability.
- The right to object to processing based on legitimate interests.
- To exercise these rights, please contact us using the contact details below.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the effective date.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: