MenuLast updated: 25/11/2025
Taxflow Partners Limited (“Taxflow Partners”, “we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and safeguard your information when you interact with us, use our website or become a client.
We are registered in England & Wales under company number 13357679, with our registered office at:
124 City Road, London, EC1V 2NX, United Kingdom
We are a CIMA Members in Practice firm authorised to provide accounting and related services.
For privacy enquiries, contact: privacy@taxflowpartners.com
We may process the following categories of data depending on the nature of our relationship with you:
Identity & Contact Data
- Name
- Job title
- Business email address
- Business phone number
- Company details
Client & Financial Data
- Accounting, bookkeeping and tax information
- Payroll data
- VAT, corporation tax and personal tax records
- Financial statements
- Information required for AML/KYC compliance
- Documents and communications relating to service delivery
Technical & Usage Data
- IP address
- Browser type
- Device information
- Website usage and analytics
- Cookies (see Cookie Policy)
Marketing & Communications Data
- Communication preferences
- Interaction with our emails
- Records of opt-outs or suppression requests
We may collect information directly from you, via our website, during onboarding, or from publicly accessible sources such as Companies House. We may also receive business contact information from reputable third-party providers who confirm that they collect and share such data lawfully.
We only process personal data where a valid lawful basis applies under UK GDPR.
A. To perform a contract with you
Including:
- Preparing year-end accounts
- Corporation tax compliance
- VAT returns
- Payroll
- Bookkeeping and outsourced finance
- Management accounts
- Tax advisory
- Budgeting, forecasting and business advisory
B. To comply with legal obligations
Including:
- Anti-money laundering (AML) and Know-Your-Customer (KYC) checks
- HMRC and statutory reporting requirements
- Record-keeping obligations for regulated services
C. For our legitimate interests
We may process business contact information to:
- Communicate with individuals acting in a business capacity
- Share relevant information about our services
- Administer and improve our website and client experience
- Maintain secure systems and operational efficiency
Any direct marketing is limited, relevant and offers a clear opt-out option. We only contact individuals where our services may be relevant to their professional role.We maintain a Legitimate Interest Assessment (LIA) for this activity.
D. With your consent
We rely on consent for:
- Non-essential cookies
- Marketing where consent is required under PECR
Consent can be withdrawn at any time.
For business-to-business communication, we may obtain contact details from:
- Publicly available sources (e.g., Companies House, company websites, professional directories)
- Individuals who provide their information directly
- Reputable business data providers that confirm lawful collection
- Manual research conducted from publicly available materials
We do not use consumer marketing lists and do not target personal email addresses intended for private use.
We may share personal data with:Cloud hosting and secure data storage providers
- Technology and communication service providers
- Professional advisers (legal, compliance, regulatory)
- Our insurers
- HMRC and other authorities where legally required
All third parties are required to protect your data and process it only in accordance with our instructions.
We never sell personal data
Some service providers may store data outside the UK. Where this applies, appropriate safeguards are used, such as:
- UK International Data Transfer Agreements (IDTAs)
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
We retain personal data only as long as necessary:
- Accounting and tax records — minimum 6 years
- AML/KYC records — 5 years after the business relationship ends
- Client communications — up to 6 years
- Business-to-business marketing contact data — no longer than 18 months from last meaningful engagement
- Analytics/cookie data — usually 12–26 months
After retention periods expire, data is securely deleted or anonymised.
Under UK GDPR you have the right to:
- Access your data
- Request correction
- Request erasure
- Object to processing (including direct marketing)
- Restrict processing
- Request data portability
- Withdraw consent
- Complain to the ICO (ico.org.uk)
We use essential, performance, functionality, and analytics cookies.
Non-essential cookies are only used with your consent.
See our Cookie Policy for more details.
We use a range of technical and organisational measures to protect personal data, including:
- Encryption
- Access controls
- Secure cloud infrastructure
- Regular monitoring
- Staff confidentiality and training
- Only authorised personnel access personal data.
We may update this Privacy Policy periodically. The updated version will be posted on this page, with a revised “Last updated” date.