Privacy Policy

David Grey & Co. Privacy Policy

This document details David Grey & Co. Privacy Policy in line with the General Data Protection Regulation (GDPR)

David Grey & Co. are committed to protecting your personal data and respect your privacy. This privacy notice will inform you of how we use and look after your personal data.

David Grey & Co. Accountants are Data Controllers and we collect, store and use the personal information of our clients to enable us to provide the services that have been requested of us.

This version was last updated on 1st May 2018

  1. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified, such as:

Identity data incl. first, last & middle names, date of birth

Contact data incl. address, e-mail address, phone & fax numbers

Professional Data incl. any information we may collect in the course of providing our services to you.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with an answer to an enquiry). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  1. How is your personal data collected?

The personal information that we process has been obtained directly from the data subject themselves or via a 3rd party who use our services. The data may have been given over the phone, via e-mail or letter or through a form that has been filled out.

  1. How we use your personal data

We only use your personal data where the law allows. The following are the Lawful Basis for processing personal information, for more information on the Lawful Basis please Click Here

A – Consent | B – Contract | C – Legal Obligation | D – Vital Interests | E – Public Task | F – Legitimate Interest

David Grey & Co. process the following personal information, the reasons and lawful basis for this is detailed in the table below:

Personal Information

being processed

Lawful Basis Lawful Basis (Category) Reason
Title/Prefix A Consent Consent
First Name C Legal Obligation Anti-money laundering
Last Name C Legal Obligation Anti-money laundering
Middle Name(s) C Legal Obligation Anti-money laundering
Address (incl. Postcode) C Legal Obligation Anti-money laundering
Telephone B Contract Contacting client
Fax A Consent Consent
Mobile B Contract Contacting client
Email Address B Contract Contacting client
Gender A Consent Consent
Date of Birth C Legal Obligation HMRC
National Insurance Number C Legal Obligation HMRC
UTR Number C Legal Obligation HMRC
Proof of Identity C Legal Obligation Anti-money laundering
Proof of Address C Legal Obligation Anti-money laundering


Change of purpose We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

  1. Data Security

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

David Grey & Co. retain the personal data of clients for the duration of time that a client uses our services. Should a client leave, David Grey & Co. will send to the client all personal data and accounts held on file in a safe and secure manor. This information and any associated documentation will then be permanently deleted and/or destroyed by David Grey & Co.

Where the law requires it, copies of accounts or other information may be kept on file/in storage for a period of 7 years, after which it will be deleted and/or destroyed.

Any documentation relating to anti-money laundering will be kept for a period of 3 years after which it will be deleted and/or destroyed.

  1. Your Legal Rights

The GDPR includes the following rights for individuals, for detailed information on these rights please Click Here

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

You also have the right to request a copy of all the Personal Information that is processed by David Grey & Co. and upon request will receive a report containing this information free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. If you wish to exercise any of the rights set out above, please contact us.

As a security measure we may need to request certain information from you to help us confirm your identity and ensure your right to access your personal data. We aim to respond to all legitimate requests within one month.

Individuals have the right to complain to the ICO ( if they think there is a problem with the way their data is being handled by David Grey & Co.


  • No categories