dex.← Back to home

Legal

Privacy Policy

Last updated: 15 March 2025

1. Who we are

Dex Accountancy Limited ("Dex", "we", "us", "our") is a company registered in England and Wales. We are an accountancy practice providing tax, payroll, bookkeeping, VAT, and related services to sole traders and small and medium-sized enterprises in the UK.

We are the data controller for personal data collected through this website and in the course of providing our services. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number — to be added on registration].

Contact: sophie@dexaccountancy.com
Website: www.dexaccountancy.com

2. What personal data we collect

2.1 Information you give us directly

  • Your name, email address, and phone number when you contact us
  • Business name, address, and company registration number
  • Financial and accounting records provided to us in the course of delivering services
  • National Insurance number, date of birth, and payroll information (where we provide payroll services)
  • Login credentials and profile information if you register for our client portal
  • Payment information processed via Stripe (we do not store card details — these are held by Stripe)
  • Documents you upload to our client portal

2.2 Information collected automatically

  • IP address and browser type when you visit our website
  • Pages visited, time spent on pages, and referring URLs (via analytics cookies — see our Cookie Policy)
  • Device type and operating system

2.3 Information from third parties

  • Data from HMRC, Companies House, or other government bodies where you have authorised us to act on your behalf
  • Data from Xero or other accounting software you connect to our services

3. How we use your personal data

PurposeLegal basis (UK GDPR)
Providing accountancy services (tax returns, payroll, bookkeeping, etc.)Contract performance (Article 6(1)(b))
Responding to enquiries and onboarding new clientsLegitimate interests (Article 6(1)(f))
Complying with legal obligations (e.g. HMRC filing requirements, anti-money laundering checks)Legal obligation (Article 6(1)(c))
Operating and securing the client portalContract performance / Legitimate interests
Sending service-related communications (deadlines, document requests)Contract performance / Legitimate interests
Improving our website and services through analyticsLegitimate interests (Article 6(1)(f))
Sending marketing communications (with your consent)Consent (Article 6(1)(a))

4. Who we share your data with

We do not sell your personal data. We share it only where necessary:

  • HMRC and Companies House — where required for filing or compliance
  • Xero — accounting software we use to manage your records
  • Stripe — payment processing
  • Clerk — client portal authentication (your login credentials)
  • Vercel — website and portal hosting
  • Neon — secure database hosting (all data stored in EU region)
  • Cloudflare R2 — secure document storage (EU region)
  • Resend — transactional email delivery
  • Professional advisers — our own accountants or legal advisers, under strict confidentiality

All third-party processors are subject to data processing agreements and are required to process your data only on our instructions.

5. International transfers

We store all client data in EU/EEA data centres. Some of our third-party suppliers (such as Stripe and Clerk) may process data in the United States. Where this occurs, we rely on Standard Contractual Clauses or equivalent adequacy safeguards approved under UK law.

6. How long we keep your data

We retain personal data for as long as necessary for the purposes described above:

  • Client accounting records — 7 years from the end of the relevant tax year (HMRC requirement)
  • Payroll records — 3 years from the tax year to which they relate
  • Anti-money laundering records — 5 years from the end of the client relationship
  • Website enquiry data — 2 years if no engagement follows
  • Marketing consent records — until consent is withdrawn

After the applicable retention period, data is securely deleted.

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — ask us to delete your data where there is no overriding legal obligation to retain it
  • Restriction — ask us to limit how we use your data while a dispute is resolved
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email sophie@dexaccountancy.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

8. Cookies

We use cookies on this website. For full details, please see our Cookie Policy.

9. Security

We take the security of your personal data seriously. Our measures include encryption at rest and in transit, two-factor authentication for portal access, role-based access controls, and regular security reviews. We are working towards Cyber Essentials certification.

10. Changes to this policy

We may update this privacy policy from time to time. We will notify active clients of any material changes by email. The current version is always available at this URL.