Privacy Policy

1. Contact Details

1.1 The Data Protection Officer is Conor McCutcheon, who can be contacted about anything to do with your personal data and data protection, including to make a subject access request, using the following details:

  • Email address: conor@marathonaccountants.co.uk

  • Postal address: 93B Louisville Road, London, SW17 8RN

  • Telephone number: +44 771 825 4462

2. Introduction

2.1 The Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) require organisations that process personal data to meet certain legal obligations. We are a data controller within the meaning of the Act and process personal data accordingly.

2.2 We are committed to complying with the requirements of the DPA and GDPR. Personal information will only be held or processed to the extent necessary to provide the agreed professional services and for any other purpose specifically agreed.

3. Information Collected

3.1 We collect, retain, and process personal data about you in order to:

  • Take you on and retain you as a client in compliance with UK laws and professional regulations (e.g., anti-money laundering requirements).

  • Prepare and file accounts and tax returns.

  • Provide advice on tax and national insurance liabilities.

  • Offer ad hoc advice.

3.2 If the required information is not provided, we may be unable to provide the agreed services, triggering the disengagement provisions in our terms and conditions.

3.3 Personal data collected and processed may include:

  • Names and addresses.

  • Email addresses.

  • Telephone numbers.

  • Information held by HMRC.

  • Information required to prepare tax returns and accounts.

  • Correspondence between us.

4. How Information is Collected

4.1 Information about you may be collected from:

  • You directly.

  • A spouse or partner.

  • HMRC.

  • Your organisation.

  • Electronic ID verification providers.

  • Other third parties authorised by you (e.g., banks, investment managers).

5. How Your Information is Used

5.1 We may use information we hold about you to:

  • Provide services under the contract in force between us.

  • Contact you about other services we provide that may be of interest if you have consented.

  • Meet legal and regulatory requirements.

  • Further legitimate interests.

5.2 We retain records according to our retention policy to defend against legal claims or disciplinary action.

5.3 No automated decision-making or automatic data portability is involved in our processing activities.

5.4 Subcontractors used in our processes comply with GDPR requirements.

6. Lawful Basis for Processing Personal Data

6.1 Personal data may be processed on the following bases:

  • Contract: To fulfil the engagement letter and service agreements.

  • Consent: To meet clients’ wider expectations of our professional relationship.

  • Legal obligations and public interest: To comply with legal requirements.

  • Legitimate interests: To provide services effectively.

7. Transferring Personal Data Outside the United Kingdom

7.1 Personal data may be transferred to the Philippines to perform our contract with you. Where adequacy regulations do not exist, we ensure binding contractual agreements to maintain data protection consistent with UK legislation.

8. Information Which May Be Given to Others

8.1 Personal data may be shared with:

  • HMRC.

  • Third parties you request us to correspond with (e.g., finance providers, pension providers).

  • Subcontractors bound by the same professional and ethical obligations.

  • An alternate appointed in the event of incapacity or death.

  • Tax insurance providers.

  • Professional indemnity insurers.

  • ICAEW or external reviewers for quality assurance.

8.2 Data sharing is required to fulfil contractual obligations and cannot be opted out of. If you ask us not to provide information, we may need to cease acting for you.

8.3 Additional sharing may occur when required by law, such as with:

  • Police and law enforcement agencies.

  • Courts and tribunals.

  • The Information Commissioner’s Office (ICO).

9. Data Security

9.1 We implement appropriate security measures to prevent personal data loss, misuse, alteration, or unauthorised access. Access to data is restricted to those with a business need.

9.2 While we take all reasonable precautions, data transmissions over the internet are not wholly secure. Measures are in place to handle suspected data breaches, including periodic policy reviews.

10. Retention of Information

10.1 Information retention periods:

  • Tax returns and accounts: Retained for seven years from the end of the tax year.

  • Ad hoc advisory work: Retained for seven years from the end of the business relationship.

  • Ongoing client relationships: Permanent information retained for the duration of the relationship and deleted seven years after cessation unless otherwise agreed.

11. Requesting Information Held About You

11.1 Subject access requests (SARs) can be made in writing to the contact details above. Proof of ID and address may be required.

11.2 Third-party SARs require your written authorisation.

11.3 Requests may be refused where permitted by law (e.g., to prevent crime or protect tax collection).

12. Correcting Information (Right to Rectification)

12.1 Notify us immediately of any incorrect data so we can amend our records.

13. Deleting Records (Right to Erasure)

13.1 You may request the deletion of your records. We will consider your request and provide reasons if we cannot comply.

14. Restricting or Objecting to Processing

14.1 You may request processing restrictions or object to processing. We will act appropriately upon your request.

15. Withdrawing Consent

15.1 You can withdraw consent for us to contact you about other services. Withdrawal does not affect other lawful processing activities.

16. Data Portability

16.1 You may request data portability where applicable. We will respond within one month, extendable by two months for complex requests.

17. Complaints

17.1 Questions or concerns about data processing can be directed to us. If dissatisfied, you may contact:

  • Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

  • ICAEW as detailed in our terms and conditions.

18. Privacy Notice Confirmation

18.1 By using our services, you confirm your understanding and acceptance of this Privacy Policy, including data use as outlined above.