Check Instagram Post

Get Started

Contact us

Cookies

Last modified: 26-02-26

This policy explains how we collect, use and protect personal information when you use our website or become a client.

1. Who we are

We provide fixed-fee, compliance-only tax and accounting services for non-VAT registered clients. This includes services for construction subcontractors (CIS), landlords with straightforward rental income, sole traders, and small limited companies. We operate as a Xero-only practice and may recharge software subscriptions at cost (no mark-up).

For data protection purposes, we are the “data controller” for personal information we process in connection with our website and our services.

2. The personal information we collect

Depending on how you interact with us, we may collect:

  • Identity and contact information (e.g., name, address, email address, telephone number).
  • Client onboarding information (e.g., date of birth, National Insurance number, UTR, VAT status confirmation, business details, and verification/AML information).
  • Financial information needed to deliver the services (e.g., income and expense summaries, statements, payroll details if separately agreed, and supporting documents/receipts).
  • Website and device data (e.g., IP address, browser type, device identifiers, pages visited, and approximate location derived from IP address).
  • Communications (e.g., emails, messages, call notes, and information you submit through online forms).
  • Marketing preferences (e.g., whether you opt in/out of receiving updates).

3. How we collect your information

We collect personal information in the following ways:

  • Directly from you (e.g., via enquiry/quote forms, email, telephone, onboarding questionnaires, or when you provide records).
  • From third parties where appropriate and lawful (e.g., identity verification/AML providers, your letting agent, software platforms, or other professional advisers you authorise).
  • Automatically via our website (e.g., cookies and similar technologies).

4. How we use your information and our lawful bases

We use personal information for the purposes below, relying on one or more lawful bases under UK data protection law (UK GDPR):

4. 1 Providing our services
  • To assess eligibility and provide quotes.
  • To onboard you as a client, including identity verification, anti-money laundering checks, and conflict checks.
  • To onboard you as a client, including identity verification, anti-money laundering checks, and conflict checks.
  • To manage software access and administration for Xero where included in your package.

Lawful basis: performance of a contract; and/or compliance with a legal obligation (e.g., AML requirements).

4. 2 Running our business
  • To manage our relationship with you, including handling queries and complaints.
  • To maintain internal records, quality control, training and service improvement.
  • To protect our business against fraud and manage risk.

Lawful basis: legitimate interests; and/or performance of a contract.

4. 3 Marketing and updates

If you choose to subscribe to updates, we may send you relevant information about our services. You can opt out at any time using the unsubscribe link (if provided) or by contacting us.

Lawful basis: consent (where required) and/or legitimate interests (for limited direct marketing where permitted).

5. Who we share your information with

We may share personal information with trusted third parties where necessary to operate our business and deliver services, including:

  • Software and IT providers (e.g., Xero and associated apps you approve, email/hosting providers, secure file transfer tools).
  • HMRC and other government bodies (e.g., Companies House) where you engage us to submit filings or where legally required.
  • Banks/payment providers (for taking payments and managing billing).
  • Professional advisers (e.g., insurers, lawyers) and regulators where required.
  • Service providers who support our operations (e.g., outsourced processing under our supervision).

Where we use third-party “processors” (service providers who process data on our behalf), we require appropriate contractual protections and confidentiality obligations.

5. 1 Referrals to a related firm

If we cannot act for you within our standard scope (for example, because your affairs become more complex or you become VAT registered), we may, with your agreement, pass your details to a related regulated firm so you can receive appropriate support. We will not share your details for referral purposes without confirming you are happy for us to do so.

6. International transfer

Some of our service providers (including outsourced processing) may be located outside the UK. Where we transfer personal data internationally, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with proportionate security measures.

7. How long we keep your information

We keep personal information only as long as necessary for the purposes set out in this policy, including meeting legal, regulatory and professional obligations. As a guide, records relating to tax and accounting work are typically retained for at least 6 years after the end of the relevant accounting/tax period, or longer where required by law, our professional obligations, or to deal with queries/claims.

8. Your rights

You have rights under UK GDPR, including:

  • The right to access your personal data.
  • The right to rectification (to correct inaccurate or incomplete data).
  • The right to erasure in certain circumstances.
  • The right to restrict processing in certain circumstances.
  • The right to data portability (where applicable).
  • The right to object to processing (including to direct marketing).
  • The right to withdraw consent where we rely on consent (this will not affect processing already carried out).

To exercise your rights, contact us using the details in section 12. You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data.

9. Security

We take appropriate technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration and destruction. Access to client data is restricted to authorised personnel and service providers who need it to perform their roles, and is subject to confidentiality obligations.

10. Cookies and website analytics

Our website uses cookies and similar technologies. Cookies are small text files placed on your device to help the site function and to improve your experience. Where required, we will ask for your consent before placing non-essential cookies (e.g., analytics). You can manage cookies through your browser settings and, where available, our cookie banner/preferences tool.

11. External links

Our website may contain links to third-party websites. We are not responsible for the content or privacy practices of those sites. Please review the privacy policy of any external site you visit.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website, with the “Last updated” date shown at the top of this document.

13. Contact us

If you have questions about this Privacy Policy or how we handle your information, please contact:

White Cat Tax & Accounting
Address: Flat 12, Ashford Court, 24 Baker Street, London, W1U 3BW, United Kingdom
Email: example@mail.com
Phone: +44 7700 900123

Non-VAT clients only. Compliance-only service.

Services
ABout

Contact

© Copyright 2026. All rights reserved.