Privacy Notice

This is our privacy notice.

It tells you what information we’ll hold about you, what we’ll use it for, how we’ll keep it safe and what your rights are if you want to access, correct or erase it.

If you have any questions regarding how we collect and use your personal data or if you’d like to make a data access request, you can contact our Data Protection Officer at .

Grey Rabbit Accountancy Limited (trading as “Grey Rabbit Accountancy”) is an accountancy and tax advisory firm registered in England and Wales number 16586262. Our registered address is:

2-3 Plough Cottages
Bradden Lane
Hemel Hempstead
Hertfordshire
HP2 6HY

This notice tells you how we look after your personal data, what your rights are, and how we comply with data protection law1 and the protections that it gives you.

Grey Rabbit Accountancy is a data controller. This means we choose how we hold and use personal data about you.

We’ve appointed a Data Protection Officer who is our point of contact responsible for addressing enquiries about this privacy notice or our use of your personal data. You can contact our Data Protection Officer at .

1 All applicable privacy and data protection legislation and regulations including the Privacy and Electronic Communications (EC Directive) Regulations (2003), the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations (2020) (UK GDPR), and any other national laws national laws, regulations and secondary legislation in the UK relating to the processing of personal data and the privacy of electronic communications

The information we hold about you may include:

  • Personal identification details including your name, address, tax reference numbers and copies of forms photographic identification
  • Contact details including your e-mail address and telephone number
    Financial information including details of income and expenditure, bank statements, investment statements, rental statements and employment details
  • Accounting records including bookkeeping records, financial statements and tax returns
  • Login details where necessary to access third party systems on your behalf
    Details of our correspondence and communications with you
  • Information about any complaints and enquiries you make to us

We collect your personal data directly from you where you contact us by e-mail, telephone, post or social media to enquire about our services, when you ask us for a proposal, when you engage us to provide those services and during the course of that engagement.

We also obtain your personal data indirectly from third parties (such as your employer, HM Revenue and Customs or your former accountants) and publicly available sources (such as Companies House).

We’ll process your personal data where it’s necessary to fulfil the obligations of our contract. This might also include scenarios where you are an employee, subcontractor, supplier or customer of our client.

We may process your data without your knowledge or consent where we are legally obliged to do so.

We may also process your personal data for our own legitimate interests provided that they don’t override any of your own interests, rights and freedoms. This includes processing for statistical and business development purposes.

In some cases we might anonymise your personal data so that it can no longer be associated with you. In this case we may use it without giving you any further notice.

We’ll only keep your personal data for as long as we need to in order to fulfil the purpose for which it was collected. When assessing this retention period we’ll take into consideration the requirements of the services we are providing as well as any legal or statutory obligations.

If we need to use your personal data for any reason other than for which it was originally collected we’ll notify you of this along with our legal basis for the new processing.

We’ll share your personal data with third parties if we’re required to by law or if it’s necessary to perform the services we have agreed. We may also need to share your personal data with a regulator. Third parties include IT and cloud service providers, professional advisory services and administration services. We won’t transfer the personal data we collect about you outside of the United Kingdom.

We’ve implemented commercially reasonable and appropriate security measures to keep your personal data safe. These measures include administrative, physical and technical safeguards to protect against your data being accessed in an unauthorised manner, accidentally or maliciously lost, used, altered or disclosed. We limit access to your personal data to those employees, contractors and third parties who have a business need to know. They’ll only process data on our instructions and are subject to a duty of confidentiality. We have procedures in place to deal with a suspected data security breach and we’ll notify you and the Information Commissioner’s Office where we’re legally required to.

We’ve implemented commercially reasonable and appropriate security measures to keep your personal data safe. These measures include administrative, physical and technical safeguards to protect against your data being accessed in an unauthorised manner, accidentally or maliciously lost, used, altered or disclosed. We limit access to your personal data to those employees, contractors and third parties who have a business need to know. They’ll only process data on our instructions and are subject to a duty of confidentiality. We have procedures in place to deal with a suspected data security breach and we’ll notify you and the Information Commissioner’s Office where we’re legally required to.

Depending on the specific type of personal data you’re asking about, it’s your right by law to:

  • Ask to access your personal data to find out what data we’re holding about you and make sure we’re processing it lawfully
  • Ask us to correct the personal data we hold about you
  • Ask for us to erase the personal data we hold about you where there’s no good reason for us to carry on holding it
  • Object to us processing your personal data where we are relying on a legitimate interest as our legal basis for doing so
  • Ask us to suspend processing your personal data for a period (for example to allow you to check its accuracy or our reason for processing it)
  • Ask for your personal data to be transferred to another data controller (provided it is technically feasible to do so) where our processing is based on consent and carried out by automated means.

To ask for any of the above contact us using the details below. We might need to ask you for information to confirm your identity to prevent us disclosing information to someone who has no right to receive it. We won’t deny any reasonable request and we won’t charge you for accessing your personal data except if your request is unfounded or excessive. In this case we may choose to charge a reasonable fee to cover our administrative costs or refuse to comply.

Where we’re relying on your consent to collect, process or transfer your personal information for any specific purpose, you have the right to withdraw your consent for that specific processing at any time. To do so, contact us at .

If you’re unhappy with the manner in which we’re processing your personal data, you can make a complaint to the Information Commissioner’s Office which is the UK supervisory authority for data protection issues. They can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

T: 0303 1231113
W: ico.org.uk/concerns

This privacy notice was last updated on 26th June 2025.

Scroll to Top