Privacy Policy

1. Who We Are

Genie Ledgers is a bookkeeping and accountancy practice based in Aldershot, Hampshire. We provide accounting, bookkeeping, payroll, tax, and related financial services to businesses and individuals.

For the purposes of UK data protection law, Genie Ledgers is the data controller in respect of the personal information we hold about you.

If you have any questions about this policy or how we handle your personal data, please contact us

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, and share your personal data when you:

  • Visit our website at www.genieledgers.co.uk

  • Enquire about or use our services

  • Communicate with us by phone, email, or post

  • Book a consultation with us

Please read this policy carefully. We may update it from time to time, and the current version will always be available on our website.

3. The Personal Data We Collect

Depending on how you interact with us, we may collect and process the following personal data:

Identity data — your name, date of birth, and National Insurance number (where required for tax purposes).

Contact data — your email address, phone number, and postal address.

Financial data — bank account details, income information, tax records, payroll information, and other financial records necessary to provide our services.

Business data — information about your business, including company registration details, trading history, and financial statements.

Communications data — records of correspondence between us, including emails and notes from phone calls or meetings.

Website data — information collected automatically when you visit our website, including your IP address, browser type, pages visited, and how long you spent on each page. We collect this via cookies — please see our Cookie Policy for more details.

Enquiry data — information you provide when completing our contact form or booking a consultation.

We do not collect or process any special category data (such as data relating to health, religion, or ethnicity) unless you specifically provide it to us and we have a lawful reason to process it.

4. How We Collect Your Personal Dat

We collect personal data in the following ways:

  • Directly from you — when you contact us, complete a form on our website, book a consultation, or engage us to provide services.

  • From third parties — such as HMRC, Companies House, banks, or previous accountants, where you have authorised us to liaise with them on your behalf.

  • Automatically — through cookies and similar technologies when you visit our website.

5. How We Use Your Personal Data

We will only use your personal data where we have a lawful basis to do so. Below are the purposes for which we use your data and the lawful basis we rely on in each case.

Providing accountancy, bookkeeping, payroll, and tax services — lawful basis: performance of a contract.

Responding to your enquiries and communications — lawful basis: legitimate interests / performance of a contract.

Preparing and filing returns with HMRC and other regulatory bodies — lawful basis: legal obligation.

Managing our client relationships and records — lawful basis: legitimate interests / legal obligation.

Sending service-related communications (e.g. deadline reminders) — lawful basis: legitimate interests / performance of a contract.

Improving our website and services — lawful basis: legitimate interests.

Complying with legal and regulatory obligations — lawful basis: legal obligation.

Sending marketing communications (where you have opted in) — lawful basis: consent.

Where we rely on legitimate interests as our lawful basis, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests — see Section 9.

Where we rely on consent, you may withdraw that consent at any time — this will not affect the lawfulness of any processing carried out before you withdrew consent.

6. Marketing Communications

We may send you information about our services, useful accounting tips, or relevant news if you have consented to receive such communications.

You can opt out at any time.

We will never sell your personal data to third parties for marketing purposes, and we do not allow third parties to use your data for their own marketing.

7. Sharing Your Personal Data

We may share your personal data with the following categories of recipients where necessary:

HMRC and other government bodies — we are required to share certain data with HMRC, Companies House, and other regulatory authorities as part of providing our services and meeting our legal obligations.

Software and technology providers — we use third-party software to deliver our services, including Xero (accounting software) and other cloud-based platforms. These providers act as data processors on our behalf and are contractually required to handle your data securely and in accordance with UK data protection law.

Professional advisers — such as solicitors or other accountants, where necessary and with your consent or where we are legally required to do so.

Regulatory and law enforcement bodies — where we are required or permitted to do so by law (for example, in connection with anti-money laundering obligations under the Proceeds of Crime Act 2002 and the Money Laundering Regulations).

We do not sell your personal data. We do not share it with any third party for their own purposes without your explicit consent, unless required by law.

International transfers: We do not routinely transfer your personal data outside the UK. Where any of our software providers process data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements.

8. How Long We Keep Your Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal and regulatory obligations.

As a general guide:

  • Client records (financial and tax data): We are required to retain these for a minimum of 6 years from the end of the relevant tax year, in accordance with HMRC requirements. In some cases (for example, where a return relates to a business asset), longer retention periods may apply.

  • Correspondence and communications: Retained for the duration of the client relationship and for 6 years thereafter.

  • Enquiry data (non-client): Retained for up to 12 months from the date of enquiry.

  • Website data (analytics): Retained in accordance with our cookie settings — typically no more than 26 months.

  • Marketing data: Retained until you withdraw consent or opt out.

When personal data is no longer required, we will delete or anonymise it securely.

9. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

Right of access — you have the right to request a copy of the personal data we hold about you (known as a Subject Access Request).

Right to rectification — you have the right to ask us to correct personal data that is inaccurate or incomplete.

Right to erasure — you have the right to ask us to delete your personal data in certain circumstances (for example, where we no longer need it and are not required by law to retain it).

Right to restrict processing — you have the right to ask us to pause processing your data in certain circumstances (for example, while we verify its accuracy).

Right to data portability — where we process your data by automated means on the basis of your consent or a contract, you have the right to receive that data in a structured, commonly used, machine-readable format.

Right to object — you have the right to object to processing based on legitimate interests, or to the use of your data for direct marketing purposes.

Rights in relation to automated decision-making — we do not make decisions about you based solely on automated processing that produce legal or significant effects, but you have the right not to be subject to such decisions where they do apply.

Right to withdraw consent — where we rely on consent to process your data, you may withdraw that consent at any time.

To exercise any of these rights, please contact us

We will respond to all requests within one month of receipt. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.

10. The Right to Complain

If you are unhappy with how we have handled your personal data, we ask that you contact us in the first instance so that we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters.

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Website: www.ico.org.uk Helpline: 0303 123 1113

11. Data Security

We take the security of your personal data seriously. We have put in place appropriate technical and organisational measures to protect your data against accidental loss, unauthorised access, alteration, or disclosure.

These measures include:

  • Secure, encrypted cloud-based systems for storing client financial data

  • Password protection and access controls on all devices and systems used in our practice

  • Staff awareness of data protection obligations

  • Regular review of our security practices

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. If you have any concerns about the security of your data, please contact us.

12. Cookies

Our website uses cookies to help improve your experience and to analyse website traffic. For full details of the cookies we use, what they do, and how to manage your preferences, please see our Cookie Policy

13. Links to Other Websites

Our website may contain links to third-party websites. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of any third-party sites, and we encourage you to read their privacy policies before providing any personal data to them.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website. Where changes are significant, we will notify you directly where we hold contact details for you.

This policy was last updated on: 30/03/2026