This notice explains how Champleys Accountants Limited collects, uses and protects personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018 and related legislation.
Last updated: 16 May 2026This privacy notice explains how Champleys Accountants Limited ("we", "us", "our") collects, uses and protects personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and related legislation. This notice applies to clients, prospective clients and other individuals whose personal data we process in the course of providing professional services, as well as visitors to this website.
Champleys Accountants Limited is an accountancy and tax advisory firm registered in England and Wales (company number 08666523). Our registered office is Champleys Mews, Market Place, Pickering, YO18 7AE. For the purposes of data protection law, we are the data controller.
Our Data Protection contact is Michael Richmond, who can be contacted using the details at the end of this notice.
We are registered with the Information Commissioner's Office (ICO). Our registration number is ZB481129.
Depending on the nature of our engagement, we may collect and process personal data including:
We may obtain personal data directly from you or from third parties, including HMRC and other public authorities (with your authority), Companies House and other public registers, banks, pension providers and insurers, and third parties you authorise us to deal with.
We process personal data in order to:
We process personal data on one or more of the following legal bases:
Where we request personal data that is necessary to provide our services or to meet legal obligations, failure to provide that information may mean we are unable to act or may need to cease acting.
We are required by law to verify the identity of our clients and related parties. To comply with anti-money laundering legislation, we may carry out identity verification and risk-assessment checks. These may include electronic verification checks using third-party providers, including credit-reference agencies and identity-verification databases.
These checks are used for compliance and risk-assessment purposes. They will not affect your credit rating and will not be visible to lenders. Information obtained may be retained as part of our statutory compliance records.
We may share personal data with:
All third parties with access to personal data are subject to confidentiality obligations and, where appropriate, contractual data-protection safeguards. We do not sell personal data or share it for marketing purposes.
Our website includes two ways for you to send us information:
The enquiry form on our Contact page is processed by Formspree, a US-based form-handling service. When you submit the form, the information you provide (name, email, phone number if given, and your message) is forwarded to us by email. Formspree may retain the submission temporarily for delivery purposes. Their privacy policy is available at formspree.io/legal/privacy-policy.
The document upload form on our Existing Clients page is processed by our own website server. When you submit files and the accompanying details, they are emailed directly to our office ( ) and are not retained by any third-party form provider. The email is delivered via Microsoft 365, which we use for our office email. Uploaded files are then treated as part of our work for you and retained in accordance with the retention periods set out below.
You may also email documents directly to our mailbox. This is a shared mailbox hosted on Microsoft 365 and is monitored by Champleys staff during office hours.
Our website does not use cookies for tracking, analytics, advertising or marketing. We do not use Google Analytics, Facebook Pixel or any similar tracking technologies.
Our website loads typography from Google Fonts via Google's content-delivery network. This does not set cookies, but Google may receive your IP address as part of the technical process of delivering the font files. If you prefer to block this, most browsers offer settings or extensions to do so without affecting the readability of our site.
We use a combination of electronic systems, cloud-based software, email and paper records to process personal data. Email communications are not always encrypted. By engaging us, you acknowledge and accept the inherent risks of electronic communication in exchange for efficiency and cost effectiveness. If you require alternative communication arrangements, please notify us.
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. We are not responsible for data breaches arising solely from the acts or omissions of third-party service providers, provided we have selected them with appropriate care and safeguards.
We retain personal data only for as long as necessary to meet legal, regulatory and professional requirements. In general:
Further details on record retention are set out in our engagement terms.
You have rights in relation to your personal data, including the right of access, the right to rectification, the right to erasure in certain circumstances, the right to restrict processing, the right to data portability, and the right to object to processing. Full details of individual rights are available on the ICO website at www.ico.org.uk, or on request from us.
If you are concerned about how we handle your personal data, please contact us in the first instance so we can address the issue. You also have the right to lodge a complaint with the Information Commissioner's Office at www.ico.org.uk.