Brewers Chartered Accountants

Brewers' new privacy policy

In accordance with the introduction of the GDPR legislation in May 2018, we have amended our privacy policy. You can review our new policy below:

Brewers Chartered Accountants

Privacy Policy

Who are we?

Brewers Chartered Accountants is a partnership registered to carry out audit, accountancy and tax work in the UK and Ireland by the Institute of Chartered Accountants in England and Wales (ICAEW) under firm number C007380835.

What does this Policy cover?

We at Brewers Chartered Accountants take your personal data seriously. This policy:

  • sets out the types of personal data that we collect about you;
  • explains how and why we collect and use your personal data;
  • explains how long we keep your personal data for;
  • explains when, why and with who we will share your personal data;
  • sets out the legal basis we have for using your personal data;
  • explains the effect of refusing to provide the personal data requested;
  • explains the different rights and choices you have when it comes to your personal data; and
  • explains how you can contact us.

What personal data do we collect about you?

We collect information about you when you engage us for personal tax services, company statutory accounting services, corporation tax services, management accounts services, audit services, payroll services, company secretarial services and business planning services. This information will relate to your personal and financial circumstances. It may also include special categories of personal data such as data about your health, if this is necessary for the provision of our services.

We may also collect information when you voluntarily complete client surveys or provide feedback to us.

We may also collect sensitive personal data about you, in the form of racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. We only collect sensitive personal data from you, and further process this data, where you have given explicit consent.

Information about connected individuals

We may need to gather personal information about your close family members and dependants to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We will provide a copy of this privacy policy for them or, where appropriate, ask you to pass the privacy policy to them.

How and why we collect and use your personal data?

We collect information about you to provide you with the services for which you engage us. The primary legal basis that we intend to use for the processing of your data is for the performance of our contract with you. We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client. The information that we collect about you is essential for us to be able to carry out the services that you require from us effectively. Without collecting your personal data, we would be unable to fulfil our legal and regulatory obligations. We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the necessary personal data, or withdraw your consent for the processing of your personal data, we may not be able to provide the services for which we have been engaged and in certain circumstances we may have to cease acting for you altogether.

How long do we keep your personal data for?

During our relationship with you we will retain personal data which is necessary to provide services to you. We will take all reasonable steps to keep your personal data up to date throughout our relationship.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.

We are also subject to regulatory requirements to retain your personal data for specified minimum periods. These are generally six years, with the exception of trust and settlements where we are advised to retain records until the trust has been wound up.

These are minimum periods, during which we have a legal obligation to retain your records. We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligation we need to meet. We reserve the right to retain data for longer where we believe it is in our legitimate interests to do so. In any case, we will not keep your personal data for longer than 15 years after our relationship with you has ended.  

You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above. 

Who do we share your personal data with?

If you agree, we will pass on your personal information to other members of the Bourne Group of companies so that they may offer you their products and services.

To deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, financial planning or legal services as well as product providers that we use to provide our services to you.

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Where third parties are involved in processing your data we will have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidentiality in processing your data and that they will only act in accordance with our written instructions.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

Where it is necessary for your personal data to be forwarded to a third party we will use password and /or encryption to protect your personal data in transit.

To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes.

Do we make automated decisions concerning you?

We do not carry out automated profiling.

Do we use Cookies to collect personal data on you?

We use cookies to track visitor use of the website and to compile statistical reports on website activity.

For further information visit

You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.


We would like to send you information about our products and services and those of other companies in our group which may be of interest to you. If you have agreed to receive marketing information, you may opt out later.

You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the group. If you no longer wish to be contacted for marketing purposes, please contact us by email or post, or by clicking here

Do we transfer your data outside the EEA?

We do not and will not transfer your data outside the EEA unless specifically requested and approved by you.

Some product providers, such as Xero, may hold their data servers outside the EEA, in these instances we abide by their Privacy Statements and will continue to use these providers as long as the data is held in a territory that is deemed to provide an adequate level of data protection through their domestic legislation or international commitments.

What rights do you have in relation to the data we hold on you?

By law, you have many rights when it comes to your personal data. Further information and advice about your rights can be obtained from the Information Commissioner’s Office.

Brewers' GDPR rights table























We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page.  This privacy policy was last updated on 09/05/2018.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you: by email at [email protected]

Or write to us at: Brewers Chartered Accountants, Bourne House, Queen Street, Gomshall, Surrey, GU5 9LY.


Brewers Chartered Accountants Privacy Policy v1.0 09 May 2018



Back to News Index

« Read Previous