Privacy Policy

1. Who We Are

AISG Finance and Accounting

We are the data controller for the personal information we process. If you have any questions about this policy or how your data is handled, please contact us using the details above.

2. Personal Data We Collect

We collect and process personal data necessary to provide accounting, tax, and advisory services. This may include:

Client Information

  • Full name
  • Address and contact details
  • Date of birth
  • National Insurance number
  • UTR (Unique Taxpayer Reference)
  • Company registration details
  • Financial records, invoices, receipts, bank statements
  • Payroll information (if applicable)
  • Identification documents for AML/KYC checks
  • Any information you provide when communicating with us

Website & Technical Data

  • IP address
  • Browser type
  • Cookies and analytics data
  • Information submitted through website forms

We only collect information that is relevant to the services you request or to meet our legal obligations.

 

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from you (forms, emails, phone calls, meetings)
  • Automatically through our website (cookies, analytics)
  • From third‑party platforms such as Xero
  • From publicly available sources (Companies House)
  • From HMRC or other authorities where required

 

4. How We Use Your Data

We process your personal data for the following purposes:

  • Providing accounting, tax, bookkeeping, and advisory services
  • Preparing accounts, tax returns, and financial statements
  • Communicating with you regarding your business or personal tax affairs
  • Meeting legal obligations (HMRC, AML, professional standards)
  • Managing billing, payments, and internal records
  • Using secure cloud accounting tools such as Xero
  • Improving our website and services

 

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract – to provide the services you have requested
  • Legal Obligation – to comply with HMRC, AML, and regulatory requirements
  • Legitimate Interests – to manage our business, improve services, and maintain records
  • Consent – for optional marketing communications (only if you opt in)

 

6. Use of Xero (Cloud Accounting Software)

We use Xero, a secure cloud‑based accounting platform, to manage bookkeeping, accounts preparation, invoicing, and financial reporting.

How Xero Processes Your Data

  • Your financial data may be stored and processed within Xero’s secure cloud environment.
  • Xero may store data on servers outside the UK; where this occurs, Xero uses approved safeguards such as Standard Contractual Clauses.
  • Access to your Xero data is restricted to authorised staff only.
  • We do not share your Xero data with any third party unless required by law or with your consent.

You can view Xero’s privacy policy on their website.

 

7. Sharing Your Data

We may share your data with:

  • HMRC and other regulatory bodies
  • Cloud accounting providers (e.g., Xero)
  • IT and software providers
  • Payment processors
  • Professional advisers (e.g., legal or compliance consultants)
  • Subcontractors working under confidentiality agreements

We never sell your data.

 

8. International Transfers

Where data is transferred outside the UK (e.g., via Xero or cloud services), we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • Standard Contractual Clauses (SCCs)
  • Secure, compliant cloud infrastructure

 

9. Data Retention

We retain personal data only for as long as necessary:

  • 6 years for tax and accounting records (as required by HMRC)
  • AML/KYC records for 5 years after the end of the client relationship
  • Website analytics data for shorter periods as required

After retention periods expire, data is securely deleted or anonymised.

 

10. How We Protect Your Data

We use a range of security measures, including:

  • Encrypted storage and secure servers
  • Access controls and authentication
  • Regular software updates and monitoring
  • Staff training on data protection
  • Secure cloud‑based systems

 

11. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (in certain circumstances)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent (where applicable)
  • Lodge a complaint with the ICO

 

12. Cookies

Our website uses cookies to:

  • Improve user experience
  • Analyse website traffic
  • Remember preferences

You can manage or disable cookies through your browser settings. A separate Cookie Policy may be provided.

 

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.