Last updated: 7 June 2026
This Privacy Policy explains how Conway & Partners Ltd (“we”, “us”, “our”) collects, uses, shares and protects your personal information when you visit our website, make an enquiry, or engage us as your accountants and advisers. We are committed to protecting your privacy and to handling your personal data lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and our professional and regulatory obligations as a firm of accountants.
Please read this policy together with our Cookie Policy and any other notices we may provide on specific occasions when we collect or process your personal data, so that you are fully aware of how and why we use it.
1. Who we are
Conway & Partners Ltd is a firm of chartered accountants and business advisers based in Oxford. For the purposes of data protection law, we are the data controller responsible for the personal information we hold about you.
Registered office / business address: Conway & Partners Ltd, 115 Magdalen Road, Oxford, Oxfordshire, OX4 1RQ
Email: info@conwaypartners.co.uk
Telephone: 01865 764 321
Company registration number: [company registration number]
ICO registration number: [ICO registration number]
If you have any questions about this policy or about how we use your personal data, please contact us using the details above, marking your enquiry for the attention of our Data Protection contact.
2. The personal information we collect
Depending on your relationship with us, we may collect and process the following categories of personal data:
- Identity data — your name, title, date of birth, job title, and the name of your business or organisation;
- Contact data — your email address, telephone number, postal address and the contents of your correspondence with us;
- Enquiry data — information you provide through our website enquiry and consultation forms, including the nature of your enquiry and any consent you give;
- Financial and accounting data — financial records, tax information, bank details, payroll information, and other accounting data you share with us in the course of an engagement;
- Identity verification and due diligence data — copies of identification documents, proof of address and related information we are legally required to collect to meet our anti-money-laundering (AML) and “know your client” obligations;
- Technical and usage data — your IP address, browser type and version, device information, and information about how you use our website, collected through cookies and similar technologies (see our Cookie Policy);
- Marketing and communications data — your preferences in receiving updates and marketing from us, and your communication preferences.
Where you provide us with personal data about other individuals (for example, your employees, business partners, family members or beneficiaries), you confirm that you have the authority to do so and that you have informed them of how their data will be used as set out in this policy.
Special category data. In the ordinary course of accountancy and tax work we do not seek to collect special category data (such as information about health, ethnicity or religious beliefs). Where such information is unavoidably processed (for example, in connection with certain tax reliefs or payroll matters), we do so only where a lawful basis and an appropriate condition for processing under the UK GDPR applies.
3. How we collect your information
We collect personal data when you contact us by telephone, email or through our website; when you complete an enquiry or consultation form; when you engage us and provide information during an engagement; from third parties such as your previous accountants, HMRC, Companies House, credit reference and identity-verification agencies; and automatically through cookies and similar technologies when you use our website.
4. How and why we use your information (our lawful bases)
Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following bases, depending on the purpose:
- Performance of a contract — to provide our accountancy, tax and advisory services, administer your engagement, and process payments and invoices;
- Compliance with a legal obligation — to meet our obligations under tax law, company law, anti-money-laundering regulations, and the rules of our professional body, including reporting to HMRC and other authorities where required;
- Legitimate interests — to respond to your enquiries, manage and improve our services and website, ensure the security of our systems, and (where appropriate) send you relevant updates, provided your interests and rights do not override these;
- Consent — where you have given us consent, for example to contact you through our website enquiry form or to send you marketing communications. You may withdraw your consent at any time (see section 9).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related and compatible purpose.
5. Sharing your information
We do not sell your personal information to any third party. We may share your personal data, where necessary and lawful, with:
- Regulatory, tax and government authorities, including HM Revenue & Customs (HMRC), Companies House, and the National Crime Agency where we are required to make reports under anti-money-laundering law;
- Our professional advisers, including legal advisers, insurers and auditors;
- Trusted third-party service providers who process data on our behalf, such as IT, cloud-software, accounting-software, payroll, secure document-storage and email providers, who act under contract and only on our instructions;
- Identity-verification and credit-reference agencies for the purpose of meeting our due-diligence obligations;
- Any party to whom we are required to disclose information by law, regulation or court order, or in connection with the sale or restructuring of our business.
All third parties who process data on our behalf are required to keep your information secure and to process it only for the purposes we specify.
6. International transfers
Some of the third-party providers we use (for example, cloud-software and accounting-software providers) may store or process personal data outside the United Kingdom. Where this happens, we take steps to ensure that your personal data continues to receive an equivalent level of protection, for example by relying on an adequacy decision by the UK government, or by putting in place appropriate safeguards such as the International Data Transfer Agreement or standard contractual clauses approved for use in the UK. You may contact us for more information about the safeguards in place.
7. How long we keep your information
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy our legal, regulatory, accounting, tax and professional obligations. In particular:
- Accountancy and tax records are generally retained for a minimum of six years from the end of the relevant accounting period or tax year;
- Records collected to meet our anti-money-laundering obligations are retained for five years after the end of our business relationship with you;
- Enquiry and website-contact data is retained only for as long as needed to deal with your enquiry and for a reasonable period afterwards.
When personal data is no longer required, we securely delete or anonymise it.
8. Marketing communications
Where you have agreed to receive them, or where we are otherwise permitted to do so, we may send you updates, newsletters and information about services that may be of interest to you. You can ask us to stop sending you marketing communications at any time by contacting us or by using the unsubscribe link in any email. Opting out of marketing will not affect communications relating to a service we are providing to you.
9. Your rights
Under UK data protection law you have a number of rights in relation to your personal data. These include the right to:
- Be informed about how your personal data is used (as set out in this policy);
- Access the personal data we hold about you;
- Request that we correct any inaccurate or incomplete data;
- Request that we erase your personal data, where there is no continuing lawful reason for us to retain it;
- Restrict or object to our processing of your data in certain circumstances;
- Data portability — to receive your data in a structured, commonly used format;
- Withdraw your consent at any time, where we are relying on consent to process your data.
Some of these rights are qualified, and there are circumstances in which we may be unable to comply with a request — for example, where we are legally required to retain your information. To exercise any of your rights, please contact us using the details in section 1. We will respond within one month. You will not normally have to pay a fee.
10. Automated decision-making
We do not use your personal data to make decisions based solely on automated processing, and we do not carry out profiling that produces legal or similarly significant effects on you.
11. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful access, loss, damage, alteration or disclosure. These include access controls, secure storage, encryption where appropriate, and staff confidentiality obligations. Where we engage third parties to process data on our behalf, we require them to maintain equivalent security standards.
12. Cookies
Our website uses cookies and similar technologies to function correctly and to help us understand how the site is used. For full details of the cookies we use and how you can manage them, please see our Cookie Policy.
13. Third-party websites
Our website may contain links to third-party websites, plug-ins and services. We are not responsible for the privacy practices or content of those third parties. We encourage you to read the privacy notice of every website you visit.
14. Complaints
If you have any concerns about how we handle your personal data, please contact us first so that we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at ico.org.uk or by telephone on 0303 123 1113.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. Any changes will be posted on this page with a revised “last updated” date. We encourage you to review this policy periodically.
