Free 20-min tax review — we guarantee to find £1,000+ in savings or you owe us nothing. Claim yours →

Privacy Policy

Last updated: 28 April 2026 · Version 1.0

Sutton Roff Accountants & Tax Consultants ("Sutton Roff", "we", "us" or "our") is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, who we share it with, and what your rights are under UK data protection law.

Sutton Roff is a trading name of AudTax Limited, a company registered in England & Wales (company no. 10356341). We are registered with the Information Commissioner's Office (ICO) as a data controller.

1. Who is responsible for your data

The data controller is AudTax Limited, trading as Sutton Roff Accountants & Tax Consultants. You can reach our data protection contact at:

  • Email: info@suttonroff.co.uk
  • Post: 60 Tottenham Court Road, Suite 4796A, London W1T 2EW
  • Phone: 0203 633 5413

2. What information we collect

We collect personal information when you:

  • Submit an enquiry through our website — your name, phone number, email address, type of business, and any message you choose to provide.
  • Become a client — additional information needed to deliver our services, including financial records, identification documents (for anti-money-laundering checks under the Money Laundering Regulations 2017), and any other data you share with us in the course of an engagement.
  • Browse our website — technical data including your IP address, browser type, device information, the pages you visit, and how you interact with our forms. We also receive click identifiers from advertising platforms (such as gclid from Google Ads) that arrive in the URL when you click an ad. These help us measure which of our marketing channels are working.
  • Contact us by phone, email or WhatsApp — the contents of those communications and the contact details you used.

3. Why we collect it (and our lawful basis)

We process your personal data on the following lawful bases under Article 6 of the UK GDPR:

  • Performance of a contract — when we deliver accountancy, tax or advisory services to you under an engagement letter.
  • Compliance with a legal obligation — for anti-money-laundering checks, tax record-keeping, and statutory reporting to HMRC, Companies House and other authorities.
  • Legitimate interests — to respond to your enquiry, run our business, measure the effectiveness of our marketing, prevent fraud, and keep our website secure. We balance these against your rights and freedoms.
  • Consent — for non-essential cookies, marketing emails, and any data processing that legally requires explicit consent. You can withdraw consent at any time.

4. Who we share your information with

We do not sell your personal data. We share it only with parties who help us run the business or where the law requires:

  • Our staff and partners — qualified accountants and support staff who need access to deliver your service. All staff are bound by professional confidentiality obligations.
  • AudTax Group — our parent organisation, where shared services (such as IT and finance) require it.
  • Service providers acting as data processors:
    • MailerSend (transactional email delivery) — based in the EU/US.
    • Google (advertising measurement, Google Workspace, analytics).
    • Calendly (appointment scheduling).
    • Xero, QuickBooks, FreeAgent, Sage (accounting platforms, used only with your authorisation as part of an engagement).
    • Our IT host — for website infrastructure.
  • Regulators and authorities — HMRC, Companies House, ACCA, AAT, IFA, the National Crime Agency, and the ICO, where law or professional rules require disclosure.
  • Professional advisers — our solicitors, insurers, and auditors, where necessary.

5. International transfers

Some of our service providers (notably Google and MailerSend) process data outside the UK. Where this happens, we rely on appropriate safeguards under UK GDPR — typically the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision. You can request copies of the safeguards in place by emailing us.

6. How long we keep your data

  • Website enquiries that don't become clients: 24 months from your last contact, then deleted.
  • Client records: at least 6 years after the end of the tax year to which they relate, in line with HMRC requirements. Some records (e.g. anti-money-laundering checks) are kept for 5 years from the end of our business relationship.
  • Marketing data: until you unsubscribe or 24 months of no engagement, whichever is sooner.
  • Server logs and click IDs: 90 days, then anonymised or deleted.

7. Cookies and tracking

We use cookies and similar technologies to make the site work, measure how it's used, and personalise advertising. You can accept or reject non-essential cookies via the banner that appears on your first visit, and you can change your choice any time using the "Manage cookies" link in the footer. See our Cookie Policy for the full list.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") — subject to our legal obligations to retain client records.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests, including direct marketing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent where we relied on it.
  • Complain to the ICO at ico.org.uk if you believe we've handled your data unlawfully — though we'd appreciate the chance to put it right first.

To exercise any of these rights, email info@suttonroff.co.uk. We'll respond within one calendar month.

9. How we keep your data secure

We use technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit (TLS/HTTPS), restricted access controls, regular backups, multi-factor authentication on critical systems, and staff training. Despite this, no system is perfectly secure — if we ever discover a breach that's likely to affect your rights, we'll tell you and the ICO without undue delay.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision. For material changes, we'll notify clients directly by email.

11. Questions or complaints

If you have any questions about how we handle your data, email info@suttonroff.co.uk or write to us at the postal address above. You can also lodge a complaint with the ICO directly at ico.org.uk/make-a-complaint.

Chat with us
Call WhatsApp Book review