Privacy Policy

Effective: 2 March 2025 • Version: 4

Introduction

Thames Williams Limited ("we", "us", "our", or "Thames Williams") understands that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone who visits our website and uses our services, and we are committed to protecting your personal data in accordance with the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and other relevant UK privacy laws.

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our accounting services. Please read this Privacy Policy carefully and ensure that you understand it.

By using our website and services, you are acknowledging that we are processing your personal information and, where necessary, consenting to such practices as outlined in this statement. Your acceptance of this Privacy Policy is deemed to occur upon your first use of our website or services. If you do not accept and agree with this Privacy Policy, you must stop using our website and services immediately.

Who We Are

Thames Williams Limited
Company Number: 09716945
Registered Office Address: UNIT 21A, 57 Frederick Street, Birmingham, West Midlands, England, B1 3HS

We are a controller for the purposes of the UK General Data Protection Regulation. This means that we are responsible for, and control the processing of, the personal information you provide to us.

Information We Collect

Types of Personal Information

Depending on your use of our services, we may collect some or all of the following personal and non-personal information:

  • Identity Data: Full name, date of birth, gender, national insurance number, unique taxpayer reference (UTR), and government-issued identification
  • Contact Data: Home/business postal address, email address, telephone numbers
  • Business Information: Company name, business type, job title, company registration details, VAT numbers
  • Financial Data: Bank account details, payment card information, income details, tax codes
  • Accounting Data: Financial records, receipts, invoices, P60s, tax returns, shareholding details, details of other business involvement
  • Transaction Data: Details about payments to and from you and other details of services you have purchased from us
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website
  • Marketing and Communications Data: Your preferences for receiving marketing from us and your communication preferences

How We Collect Your Information

We collect your personal information through:

  1. Direct interactions: When you:
    • Create an account on our website
    • Subscribe to our services
    • Request information about our services
    • Complete forms on our website
    • Communicate with us by phone, email, or post
    • Provide feedback or contact us
  2. Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
  3. Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources such as:
    • Analytics providers
    • Advertising networks
    • Search information providers
    • Companies House
    • HM Revenue & Customs (HMRC)

How We Use Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  4. Consent: Where you have given us clear consent to process your personal data for a specific purpose.

Distinction Between Website Users and Clients

It's important to note that we process data differently depending on whether you are just a visitor to our website or an actual client:

For Website Visitors: We primarily collect technical data for website functionality and improvement. We may also process contact information if you use our contact forms or download resources.

For Clients: We process more extensive personal information necessary for providing accounting services, including financial and tax information, in accordance with our contractual obligations and legal requirements.

Purposes for Processing Your Data

We may use your personal information for the following purposes:

  • Service Provision: To provide accounting, tax, and financial advisory services
  • Client Communication: To respond to your inquiries and keep you informed about your accounting matters
  • Account Management: To manage our relationship with you, including notifying you about changes to our terms or privacy policy
  • Transaction Processing: To process and deliver services, manage payments, and collect money owed to us
  • Legal and Regulatory Compliance: To comply with our legal obligations as an accounting firm, including anti-money laundering regulations
  • Business Operations: To administer and protect our business and website, troubleshoot, and conduct data analysis
  • Marketing: To send you relevant newsletters and updates (with your consent)
  • Service Improvement: To use data analytics to improve our website, products/services, and customer experiences
  • Recruitment: To process job applications if you apply for a position with us

Job Applicants

If you apply for a position with us, we will collect and process personal information about you for recruitment purposes. This may include:

  • Contact details (name, address, email, phone number)
  • Employment history and qualifications
  • References and background checks
  • Any other information you provide in your CV or application

We process this information based on our legitimate interests to assess your suitability for the role and to communicate with you during the recruitment process. If your application is successful, we will provide you with a separate privacy notice relating to employee data.

Anti-Money Laundering Compliance

Under Section 330 of the Proceeds of Crime Act 2002, we have a duty to report to the relevant authorities if we know, or have reasonable cause to suspect, that you or anyone connected with your business are or have been involved in money laundering. We are obliged by law to undertake this reporting, but we are under no obligation to make you aware of this reporting.

In fact, we may commit the criminal offence of "tipping off" under Section 333 of the Proceeds of Crime Act 2002 if we were to inform you that a report had been made. In consequence, neither Thames Williams's principals nor staff may enter into any correspondence or discussions with you regarding such matters.

Communication, Marketing and Advertising

Marketing Communications

We may use your Identity, Contact, and Technical Data to form a view on what we think you may want or need, or what may be of interest to you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.

We may use your data for the following marketing activities:

  • To send you newsletters, updates, and promotional materials
  • To invite you to events, seminars, or webinars
  • To inform you about new services or features
  • To provide you with useful resources and guidance relevant to your business

Service-Related Communications

Please note that service-related communications are not considered marketing. These include:

  • Communications about your account or subscription
  • Notifications about changes to our services or policies
  • Information about scheduled maintenance
  • Updates about tax deadlines and regulatory changes
  • Responses to your enquiries or support requests

You will continue to receive these service-related communications even if you opt out of marketing communications.

Opting Out

You can ask us to stop sending you marketing messages at any time by:

  • Following the opt-out links on any marketing message sent to you
  • Updating your preferences in your account settings (if applicable)
  • Contacting us at privacy@thameswilliams.com

When you opt out of receiving marketing communications, this will not apply to personal data provided to us as a result of a service purchase, service experience, or other transactions.

Disclosure of Your Information

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party companies who provide services on our behalf (e.g., IT providers, cloud storage, payment processors)
  • Professional Advisors: Other professionals involved in providing services to you (with your consent)
  • Regulatory Bodies: HM Revenue & Customs (HMRC), Financial Conduct Authority (FCA), or other regulatory bodies as required by law
  • Group Companies: Other members of our group, if applicable
  • Legal Compliance: When required by law, court order, or regulatory requirement
  • Business Transfers: In the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation), personal data may be transferred to the third party purchaser or other acquiring entity

We require all third parties to respect the security of your personal information and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Personal Information Provided by Third Parties

We may receive information about you from other sources (such as credit reference agencies, business partners, sub-contractors, advertising networks, analytics providers, and search information providers), which we will add to the information we already hold about you in order to help us provide our products and services in accordance with your requirements and to ensure that the quality of data we have on your account(s) is maintained properly. We may also obtain information about you from social media providers or from third-party websites where you have left commentary or feedback.

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include:

  • Encryption of sensitive data
  • Password protection and secure authentication procedures
  • Firewalls and anti-malware systems
  • Regular security assessments
  • Staff training on data protection
  • Access controls to ensure that only those who need to access the data can do so

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure.

International Transfers

Some of our external third parties may be based outside the UK or European Economic Area (EEA), so their processing of your personal data may involve a transfer of data outside the UK/EEA.

Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government
  • Where we use certain service providers, we may use specific contracts approved by the UK government which give personal data the same protection it has in the UK
  • Where we use providers based in the US, we may transfer data to them if they are part of an approved data protection framework

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK/EEA.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For accounting records, we typically retain information for six years plus the current year (6+1 years) after the end of the relevant tax year or business relationship. This retention period is determined by various UK tax and accounting regulations.

Different retention periods apply to different types of records and data, which may include:

  • Financial records and tax returns: 6+1 years (as required by HMRC)
  • Client contact details: Duration of the business relationship plus 6+1 years
  • Marketing data: 3 years from the point of last contact
  • Website usage data: 26 months
  • Recruitment data: 6 months for unsuccessful candidates

If you request that we delete your data, we will comply with your request unless we have a legal obligation to retain certain information, in which case we will inform you of this requirement.

Your Data Protection Rights

Under the UK GDPR, you have the following rights:

  • The right to be informed about our collection and use of your personal data
  • The right of access to the personal data we hold about you
  • The right to rectification if any personal data we hold about you is inaccurate or incomplete
  • The right to be forgotten (i.e., the right to ask us to delete any personal data we hold about you)
  • The right to restrict processing of your personal data
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)
  • The right to object to us using your personal data for particular purposes
  • Rights relating to automated decision-making and profiling

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@thameswilliams.com or by post to our registered address. To process your request, we may need to verify your identity to confirm your rights regarding the personal data we hold. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Automated Decision Making and Profiling

We do not use automated decision-making or profiling that has a legal or similarly significant effect on you. If this changes in the future, we will update this privacy policy and ensure that you are able to exercise your rights in relation to such processing.

Right to Withdraw Consent

Where we are relying on consent to process your personal data, you have the right to withdraw this consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

Cookies and Tracking Technologies

Our website may use cookies and similar technologies to enhance your browsing experience. Cookies are small text files that are placed on your device when you visit certain parts of our website and/or when you use certain features of our website.

Types of Cookies We Use

  • Essential Cookies: These cookies are essential for you to browse our website and use its features, such as accessing secure areas
  • Performance/Analytics Cookies: These cookies allow us to recognise and count visitors and analyse website use. We use this data to improve our website and services
  • Functionality Cookies: These cookies enable the website to remember choices you make and provide enhanced features
  • Targeting/Advertising Cookies: These cookies record your visit to our website, the pages you visit, and the links you follow to provide more relevant advertising

We may use third-party analytics services such as Google Analytics, which rely on cookies to generate more advanced visitor charts and data mining reports. Similar to our server-based logs, these services collect anonymous information that will not be used to identify our website visitors.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Most web browsers allow you to control cookies through their settings preferences. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new effective date.

We recommend that you check this page occasionally to ensure that you are happy with any changes to this Policy. If you have any questions about this Privacy Policy or our privacy practices, please contact us.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Thames Williams Limited
UNIT 21A, 57 Frederick Street
Birmingham, West Midlands
England, B1 3HS
privacy@thameswilliams.com
+44 121 798 9805

Complaints

If you have a complaint about our use of your personal information, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Last Updated: 02 March 2025