Skip to main content Skip to search

Stephen Perry & Co is an accountancy and advisory practice registered in York. This privacy policy explains what personal information we collect about you and how we use it to deliver our services.

Stephen Perry & Co (collectively referred to as “Stephen Perry & Co”, “we”, “us” or “our” in this privacy policy) is a Data Controller and Data Processor, and holds personal data for various purposes. We have a responsibility to safeguard the personal information that we control and process on your behalf.

Our legal basis for processing your data

When you accept the use of our services, you agree that we have a legitimate interest in collecting and processing your data. Without the use of some personal data, we would be unable to provide the services that you have requested.

What information do we collect about you?

In order for us to deliver our service, we will ask you to provide us with information about you and your business. This information is described as ‘personal data’ because it can be used to identify you. The amount of information we require will depend on the type of service that you receive from us. We will only ask you for information that is relevant to providing you with the services that you ask for. The types of information that we collect are as follows:

  • name, contact details, date of birth, and government identification numbers such as National Insurance or driving licence number
  • education and working history
  • bank account details, earnings information, pension and insurance enrolment information
  • business performance information, financial records, and payroll

We may also collect information from publicly accessible sources such as Companies House.

How will we use the information about you?

We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:

  • to comply with our legal and regulatory obligations;
  • to provide you with our services or to take steps at your request before entering into a contract to provide services with you; or
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

A legitimate interest is when we have a business or commercial reason to use your information.

We may wish to use the information you provide in other ways that are not central to the service that you have instructed us for, but we will always ask for your explicit consent before we do this. Please see the “Marketing” section below for more details.

How long do we keep your information for?

We rely on you to provide us with the information that we need in order to deliver our service. We have a legitimate interest in your personal data for as long as you continue to use our services. If you decide to terminate your contract with us, we will delete the data that we no longer have a legitimate interest in retaining. We are also legally required to retain most types of information for a minimum of six (6) years, so that we are able to demonstrate compliance with fraud prevention measures.

Access to your information

In order to run our practice, we need to allow certain third parties access to your information. We use a cloud-based storage system called Microsoft OneDrive to store our files, including your personal information, and to enable two-way sharing between us and our clients. We also use a cloud-based case management system called AccountancyManager to deliver our services. We are partners with QuickBooks Online and work with other cloud software systems including Xero to give you remote access to your accounts in real-time. To help reduce your paperwork we have partnered with Receipt Bank and use their receipt and invoice scanning service to get your supplier paperwork converted to data and available for you to access from any device, whilst remaining compliant with HMRC requirements.

The data security policies of our partners can be viewed here:

We are legally required to disclose information to regulatory institutions in order to comply with anti-money laundering measures. Your data will not be transferred outside the European Union.

Your rights and responsibilities

You have the right to:

  • Request Access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the information that we hold about you;
  • Request Correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • Request Erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it;
  • Object to Processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to the processing on this ground as you feel it impacts on your fundamental rights and freedoms;
  • Request Restriction of Processing of your personal information. This enables you to ask us to suspend the processing of your personal information in certain circumstances, for example if you contest the accuracy of the data;
  • Request the Transfer of your personal information to you or a third party;
  • Withdraw Consent at any Time where we are relying on consent to process your personal information.

It is important that you ensure the information you share with us is accurate, up-to-date, and relevant to the service we provide.

We are confident that the way we handle your data is fully compliant with the General Data Protection Regulation (GDPR), but if you do have concerns about the data we collect or how we use it, you have the right to raise a complaint with a supervisory authority such as the Information Commissioner’s Office (ICO). You can contact the ICO here: We would, however, appreciate the chance to deal with your concern before you approach the ICO, so please contact us in the first instance.

We are registered with the ICO as data controller number ZA074739. Our registration includes details of the types of personal data that we process and the purposes for which they are processed. Details can be found by searching the ICO’s registration page here:


Stephen Perry & Co will not share your information for marketing purposes with third party companies. We will ask for your permission to send you information about news, events, and other products and services that we believe will interest you. You can opt in to receive these emails when you sign up for our services, and you can opt out again at any time. Please find our contact details in the section below.

Change of Purpose

We will only use your information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


By visiting our website, you acknowledge that we may collect your browsing information while you are on the site. We do this to improve the functionality of our website and improve your experience on future visits. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. You can set your browser not to accept cookies and prevent us from collecting this kind of information. By continuing to use our website, you are agreeing to this use of cookies.

Third Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Data Security

We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 13th July 2018.

How to contact us

If you need to discuss any aspects of this privacy policy, the terms of your contract, or if you wish to opt out of marketing correspondence, please contact:

Stephen Perry – Director | M: 07718 600111   T: 01904 404560
Stephen Perry & Co, 3 New Street, York. YO1 8RA.