Privacy Policy

Last Updated: 17 May 2025

Astons Accountants & Business Advisors Limited (trading as Astons Accountants, referred to as “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you visit or interact with our website, and outlines your rights in relation to that data. We comply with applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, to ensure that your personal information is handled lawfully and fairly.

This Policy covers what information we collect, how and why we use it, the legal bases for processing, whom we disclose it to, your choices and rights regarding your information, and how we safeguard your data. Please read this Privacy Policy carefully. By using our website (the “Site”), you acknowledge that you have been informed of our practices as described herein. If you do not agree with this Policy, please refrain from using the Site.

  1. Who We Are

Data Controller: Astons Accountants & Business Advisors Limited is the organisation responsible for your personal data collected via this Site. For the purposes of data protection law, we act as the “data controller” for personal information obtained through our Site. Our company is registered in the United Kingdom (Company No. 12960424). You can find our contact details in the Contact Us section of this Policy.

  1. Information We Collect and How We Use It

We only collect personal data that you knowingly provide to us or that is collected automatically as described below. The types of information and the purposes for which we process it include:

  • Contact and Enquiry Information: If you fill out our contact or enquiry form (or contact us via email or phone), we will collect the information you provide. This typically includes your name, email address, phone number (if provided), the name of your business (if applicable), and the content of your message or enquiry. We use this information to respond to your enquiry, provide the information or services you requested, and follow up as necessary. For example, if you ask a question about our services, we will use your contact details to communicate with you and answer your questions. The legal basis for this processing is our legitimate interests in responding to potential clients and running our business (i.e. handling enquiries and offering our services). In some cases, processing may also be considered necessary to take steps at your request prior to entering into a contract (for instance, if your enquiry relates to engaging our services). We will not use the information you provide in an enquiry to send you marketing emails unless you have also given us consent to do so (see “Marketing Communications” below).
  • Marketing Communications (Opt-in): As part of our contact form or other interactions, you may have the option to receive promotional emails, newsletters or offers from us (for example, by ticking a box to consent). If you opt-in to receive such communications, we will collect your name and email address for the purpose of sending you periodic updates about our services, news, or relevant accounting/tax updates. The legal basis for this is your consent. You can withdraw your consent at any time – every marketing email will include an “unsubscribe” link, or you can contact us directly to opt out. We will not send you marketing communications unless you have expressly agreed to receive them, and we do not share your contact details with third parties for their own marketing.
  • Usage Data and Analytics: When you visit our Site, we automatically collect certain information about your device and how you interact with the Site. This usage data may include your IP address, browser type and version, operating system, referring website, pages viewed, the dates/times of visits, and other technical information about your visit. We use cookies and similar tracking technologies (explained below) to collect this information. Why we collect it: to understand how visitors use our Site, to monitor the performance of our Site, and to improve user experience and our content. For instance, we use Google Analytics (a web analytics service) to help analyze website traffic and usage. Google Analytics may set cookies in your browser to collect information such as your geographic region, pages you visit, time spent on pages, and interactions with our Site. The data collected through analytics is aggregated and does not directly identify you. The legal basis for processing usage data is our legitimate interests in monitoring and improving our website and services. However, where required by law (under e-Privacy rules), we will obtain your consent for the use of non-essential cookies like analytics cookies. In practice, this means you will be presented with a cookie consent banner when you first visit our Site – analytics cookies will not be activated unless you consent. You have full control over cookies (see Section 3 below).

We do not intentionally collect any special categories of personal data (such as sensitive information about health, race, political opinions, etc.) through our Site, and we ask that you do not provide such information in the contact form or communications. Our Site is not intended to collect personal data of children under 18, and we do not knowingly process data of minors without parental consent.

  1. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to distinguish you from other users and to improve your experience. Cookies are small text files that are placed on your device when you visit a website. We use the following types of cookies:

  • Necessary Cookies: These are essential for the Site to function (for example, to remember your cookie preferences). They are always active and do not require consent.
  • Analytics Cookies: These cookies (e.g., from Google Analytics) collect information about how visitors use our Site. They help us understand which pages are popular, how long visitors stay, and other usage patterns. We use this information in aggregate form to improve our website’s content and performance. Analytics cookies will only be set if you accept them via our cookie consent tool. All analytics data collected is anonymous or pseudonymised; for instance, we may anonymise your IP address so that you are not personally identified.
  • Other Third-Party Cookies: Our Site does not currently use advertising cookies or social media plugins that track you, but if we embed content from third-party services (like videos or maps), those services might set cookies as well. We will inform you or seek consent as required if any such cookies are used.

When you first visit our Site, you will see a cookie notice allowing you to accept all cookies or manage your preferences. You can choose to accept or reject analytics cookies. If you opt to reject analytics cookies, your visit will not be tracked by Google Analytics. You can also adjust your browser settings to refuse some or all cookies, or to delete cookies that have already been set. For more details on cookies, you can refer to our Cookie settings or contact us with any questions.

Please note that if you block or disable certain cookies, some features of the Site may not function fully. For example, our analytics will not work (which is fine from your perspective, but it limits our ability to improve our Site for users).

  1. How We Share and Disclose Your Information

We value your privacy and do not sell or trade your personal information to third parties for their marketing or any other purposes. However, we may share your data with selected third parties in the following scenarios, in accordance with data protection law:

  • Service Providers: We use trusted third-party service providers to help us operate our website and deliver our services. This includes, for example, our website hosting provider, IT maintenance and support services, and analytics providers like Google (for Google Analytics). These third parties may process personal data on our behalf only for the purposes described in this Policy. We ensure that any service providers acting on our behalf are bound by confidentiality obligations and contractual data protection agreements, meaning they must protect your data and can only use it according to our instructions.
  • Google Analytics: As noted, we use Google Analytics, which is provided by Google LLC. In order to provide us with analytics services, certain usage data (described above) is collected by Google. Google may process this data on servers outside the UK/EEA (for example, in the United States). However, Google is obliged to safeguard your data in compliance with GDPR requirements – for instance, through Standard Contractual Clauses and other measures. You can review Google’s own Privacy Policy to learn more about how it handles analytics data. If you have opted out of analytics cookies, we do not send your data to Google Analytics.
  • Legal Requirements: We may disclose your personal information if required to do so by law or by valid requests from public authorities (e.g., a court order, law enforcement request, or regulatory obligation). We will also share information where necessary to establish, exercise, or defend our legal rights or to protect the rights, property, or safety of our business, clients, or others (for example, to prevent fraud or cybercrime).
  • Business Transfers: In the unlikely event that Astons Accountants undergoes a business transition such as a merger, acquisition, or sale of assets, personal data held by us may be transferred to the new owner or partner as part of that transaction. If this happens, we will ensure your data remains subject to equivalent privacy protections and notify you if required by law.

Aside from the instances above, we will not disclose your personal data to any third party without your consent. Where we do share data, we only share the minimum information necessary and always in line with a lawful basis for processing.

  1. International Data Transfers

As a UK-based firm, we primarily process your data within the United Kingdom. However, some of our service providers or partners may be located outside of the UK (or may store data on servers abroad). In particular, the use of Google Analytics involves transferring certain data to Google’s servers which may be in the United States or other countries.

Whenever we transfer personal data outside of the UK (or European Economic Area), we will ensure that appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements. These safeguards may include, for example, relying on a recognised adequacy mechanism (if the destination country has been deemed to provide an adequate level of data protection) or using standard contractual clauses approved by the UK Information Commissioner’s Office (ICO) which contractually oblige the recipient to protect your data to UK/EU standards.

You have the right to request more information about international transfers of your personal data and the safeguards that apply (see Section 9 on your rights).

  1. Data Retention – How Long We Keep Your Information

We will not keep your personal data for longer than is necessary for the purposes for which it is processed, unless a longer retention period is required or permitted by law (for example, for regulatory compliance or tax/audit purposes). The retention periods can vary depending on the type of data and purpose of processing:

  • Enquiry/Contact Data: If you contact us via the Site (or email), we will retain your personal data for as long as needed to respond to and resolve your enquiry. Typically, we will store enquiries and correspondence for up to 12 months from the date of our last interaction with you, in case you have follow-up questions or decide to use our services. If you become a client, your data will be retained in accordance with our client privacy practices (which will be communicated to you separately as part of our engagement). If you do not become a client, we will delete or anonymise your enquiry data after this retention period, unless we are required to keep it longer (e.g. for legal reasons).
  • Marketing Data: If you have opted in to receive marketing emails, we will retain your contact information for that purpose until you unsubscribe or withdraw your consent. If you opt out, we will promptly remove you from our mailing list and will not further retain your details for marketing. (We may keep a record of your opt-out request to ensure we honour your preference in the future.)
  • Analytics Data: Data collected via Google Analytics and other cookies is typically retained in aggregate form. Google Analytics retains non-aggregated site visit data for a set period (for example, we may configure Google Analytics to retain user-level and event-level data for 14 months). This allows us to review historical trends. After that period, the data is deleted automatically by Google. We do not personally identify users via analytics data, and we only have access to anonymised statistics in Google Analytics. Cookie data is stored on your own device; you can clear cookies from your browser at any time to remove data earlier. Our analytics logs on Google’s systems are automatically purged as per the configured retention setting.
  • Legal and Business Records: In some cases, we may need to retain certain information for longer periods if required for legal compliance or legitimate business purposes. For instance, if a particular communication could be relevant to a legal dispute, we may retain it until it is no longer needed. We also keep backups of our electronic records which are cycled and overwritten on a rolling basis.

After the applicable retention period has elapsed, we will either securely delete your personal data or anonymise it (so that it can no longer be associated with you). Please note that even after we delete data from active systems, it might persist in secure backups for a short period until those backups are updated, but we have processes to eventually purge data from all storage.

  1. How We Protect Your Personal Data

We take the security of your personal information seriously. Astons Accountants implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. These measures include, for example, using secure servers, encryption technologies where appropriate, up-to-date firewalls and antivirus protection, and access controls to limit who within our organisation can access personal information. We also ensure that any third-party service providers we use have adequate security standards (for instance, we choose reputable hosting providers and tools that comply with security best practices).

However, please be aware that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You transmit information to us at your own risk, and we recommend that you take steps to protect yourself online as well (such as using secure passwords and not sharing confidential information via unsecured channels).

If we become aware of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law.

  1. Your Rights Under Data Protection Law

Under UK data protection laws, you have several important rights regarding the personal data that we hold about you. These include:

  • Right of Access: You have the right to ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of that data and certain information about how we use it. This is commonly known as a “Subject Access Request.” We will provide this information free of charge, within one month of your request (unless an extension is permitted by law).
  • Right to Rectification: You have the right to have inaccurate personal data corrected or incomplete data completed. If you believe any information we hold about you is incorrect or incomplete, please let us know and we will rectify it.
  • Right to Erasure: You have the right to request that we delete your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes for which it was collected, if you withdraw consent and we have no other legal basis to continue processing, or if you object to processing (see below) and we have no overriding legitimate grounds to continue. This is sometimes called the “right to be forgotten.” Please note that this right is not absolute; sometimes we may have legal obligations or other legitimate reasons to retain your data (for instance, we cannot delete information that is required to comply with a legal obligation).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances. This means we would store your data but temporarily suspend any other processing. You might exercise this right if, for example, you contest the accuracy of the data or have objected to our processing and we are considering your objection.
  • Right to Data Portability: For personal data that you have provided to us and which we process by automated means on the basis of your consent or for the performance of a contract, you have the right to obtain a copy of such data in a structured, commonly used, machine-readable format, and to request that we transfer it to another data controller where technically feasible.
  • Right to Object: You have the right to object to our processing of your personal data where we are relying on legitimate interests as the legal basis (Section 2 above) and there is something about your particular situation which makes you want to object. You also have an absolute right to object if we were to process your data for direct marketing purposes (we will always respect that, and as noted, we only send marketing communications with consent). If you raise an objection, we will consider it and respond in accordance with the law. We will stop processing your data unless we have a compelling legitimate ground to continue (for the original purpose) that overrides your rights, or if we need to continue processing for legal reasons.
  • Right to Withdraw Consent: Where we rely on your consent to process personal data (for example, for sending marketing emails or placing certain cookies), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent for marketing, we will cease sending you marketing communications. If you withdraw consent for analytics cookies, you may need to adjust your cookie settings or browser settings to ensure cookies are disabled, and we will respect that choice.
  • Right to Complain: If you have any concerns or complaints about how we handle your personal data, we encourage you to contact us first (see Section 9 below) so we can address your issue. However, you also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), which is the supervisory authority for data protection in the UK. The ICO’s website is www.ico.org.uk and it provides details on how to report a concern. Lodging a complaint will not affect any other rights or remedies you have.

To exercise any of your rights, you can contact us using the details provided in the next section. We may need to verify your identity before acting on a data rights request, to ensure that we do not disclose data to the wrong person. We will respond to requests within one month, or inform you if an extension is needed for complex requests. Note that some rights may not apply in certain circumstances; we will explain if that is the case (for example, if you request deletion of data we are required by law to keep, we may not be able to delete it but will inform you of the reason).

  1. External Links

Our website may contain links to other websites or resources that are outside our control. If you follow a link to any external website, please be aware that those third-party sites have their own privacy policies and that we do not accept any responsibility or liability for their content or practices. We encourage you to review the privacy notices of any site you visit. This Privacy Policy applies solely to personal data collected by Astons Accountants through our own Site.

  1. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will post the updated Policy on this page and update the “Last Updated” date at the top. In some cases, we may provide additional notice of changes (such as adding a website banner or sending an email notification, if appropriate).

We encourage you to review this page periodically to stay informed about how we are protecting your information. Your continued use of the Site after any modifications to this Policy have been posted will signify your acknowledgment of the modified Policy.

  1. Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise any of your data protection rights or make a privacy-related enquiry, please contact us. We are here to help and will respond as promptly as we can.

Astons Accountants & Business Advisors Limited (Data Controller)
Email: info@astonsaccountants.co.uk
Phone: 01582 459500
When contacting us about your personal data, please provide enough information for us to identify you and fulfil your request. For example, if you are requesting a copy of your data, detail the context in which we may have collected it (such as you submitted an enquiry on a certain date).

We provide accounting services for a range of sectors and industries. Get in touch to see how we can help you.

01582 459500
01727 815125
info@astonsaccountants.co.uk
Hertfordshire office: 6b Parkway, Porters Wood, St Albans, Hertfordshire AL3 6PA
Bedfordshire office: 19-21 Manor Road, Caddington, LU1 4EE