Accurex Accounting takes the security of your data extremely seriously. As an outsourced accounting partner to UK accountancy practices, we understand that the data entrusted to us including financial information, client records, and personal data — is highly sensitive. We implement robust technical and organisational measures to protect this information from unauthorised access, disclosure, alteration, or destruction.
Our data security framework is aligned with the requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and recognised industry best practices.
When we collect personal data through our Website (e.g. enquiries, trial requests, contact forms), Accurex Accounting acts as the Data Controller, determining the purposes and means of processing in accordance with UK GDPR.
When we process client data on behalf of UK accountancy practices in the course of delivering our outsourced services, we act as a Data Processor. Our clients, as Data Controllers, retain responsibility for the lawfulness of the underlying processing. We process data strictly in accordance with documented client instructions.
We provide all clients with a Data Processing Agreement (DPA) as part of our standard engagement. Our DPAs are compliant with Article 28 of the UK GDPR and include provisions covering:
We employ a comprehensive range of technical controls to protect your data, including:
In the event of a personal data breach, we will:
We may engage trusted sub-processors to support our service delivery, including cloud software providers, IT support providers, and communication platforms. All sub-processors are subject to contractual data protection obligations equivalent to those imposed on us by our clients. We maintain an up-to-date register of sub-processors and will notify clients of any material changes.
Where data is processed outside the UK, we ensure appropriate safeguards are in place in accordance with the UK GDPR and ICO guidance. This includes adherence to the UK's adequacy framework. We will never transfer data outside the UK without appropriate protections in place and, where relevant, without the prior knowledge and consent of the Data Controller.
We retain personal data and client data only for as long as required to fulfil our contractual and legal obligations. Upon termination of an engagement, we securely delete or return all client data in accordance with the terms of the Data Processing Agreement and applicable law. Standard retention is 7 years for accounting and financial records in line with HMRC requirements, unless a shorter period is agreed.
We are committed to supporting our clients in meeting their obligations to data subjects. Where we receive a data subject rights request relating to data we process on a client's behalf, we will promptly notify the relevant client and provide all necessary assistance to enable them to respond within the statutory deadline. We will not respond directly to data subject requests on behalf of our clients without explicit authorisation.
Accurex Accounting is registered with the ICO and complies with all applicable UK data protection legislation. We work closely with clients to ensure our processing activities support their own GDPR compliance obligations. Where required, we will cooperate with and submit to independent audits or inspections by clients or their nominated representatives.
If you have any questions about our data security practices or wish to raise a concern, please contact our data protection lead:
Email: contact@accurexaccounting.com
Phone: 020 8144 0210
Post: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ You also have the right to raise concerns directly with the ICO at www.ico.org.uk.