Privacy Policy

Privacy Policy

Alliotts LLP is committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Alliotts LLP is a firm of Chartered Accountants and business advisors and became part of the Shaw Gibbs Group in September 2024. For full details of all companies in the Shaw Gibbs Group, refer to their Legal Notice.

Alliotts LLP is registered to carry on audit work in the UK and regulated for a range of investment business activities by the ICAEW.

Details about our audit registration can be viewed at www.auditregister.org.uk for the UK under reference number C008291317.

We operate from two offices (address updated August 2024)

Manfield House,

1, Southampton Street,

London

WC2R 0LR

 3 London Square,

Cross Lanes,

Guildford

GU1 1UJ

Alliotts acts as the ‘data controller’ of the personal information submitted by visitors to our website and collected by us through such visits or otherwise collected by us in relation to:

  • The provision of our products and services to clients
  • Enquiries regarding our products and services
  • People who supply services for us
  • Professional contacts
  • People who elect to receive business communications from us

This privacy notice explains how Alliotts uses personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

If you have any questions about this privacy notice, please email data@alliotts.com

Quick Reference Guide 

  • What information we collect about you
  • How we use your information and the legal basis How long we keep your data
  • How we share your information
  • International data transfers
  • How we may market to you
  • How we keep your information secure
  • Your rights
  • Cookies
  • Children’s data
  • Other websites
  • Changes to our privacy notice
  • How to contact us
  1. What information do we collect about you?

We collect information about you when you register with us or engage us to provide products or services, or otherwise when you do business with us. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions.

We will collect some or all of the following information from you:

  • Your name and contact details (including postal and email address and telephone number(s))
  • Your date of birth
  • Identification documents such as copies of passports or drivers’ licences, where required by law.
  • Financial information including taxation affairs and your banking information
  • Unique identifiers such as your National Insurance number, Company House personal code, unique taxpayer reference number, and VAT numbers for individuals
  • Information about your family members (where relevant to our services)
  • Information relevant to the products or services you engage us to provide, including the types of services provided to you
  • Information relevant to the products or services you provide to us
  • Information you provide when you register for events or to receive other communications from us including special requirements such as dietary requirements
  • Information you provide when you inquire about our products or services
  • Employment and business information
  • Information about your shareholding
  • Professional qualifications and memberships
  • Job title
  • Marketing preferences
  • CCTV (Images and Recordings) and information included in visitor logs and car registration number when you visit our offices

We may also obtain information about you from other sources to help us provide the required services or comply with our legal and regulatory obligations, including:

  • Credit reference agencies and fraud prevention agencies
  • Identity verification services for anti-money laundering purposes
  • Companies House and other public registers
  • HMRC and other regulatory bodies
  • Other professional advisers (with your consent)
  • Your internet protocol (IP) address, operating system and web browser when you visit our website
  • Website usage information collected using cookies, please see our cookie policy or further details.

Important: If you share other people’s data with us, you must ensure that person consents to you providing that information to us, or that there is another lawful basis for sharing their information.

  1. How we use your information and the legal basis:

We process your personal data for the following purposes and on the following legal bases:

Purposes Lawful Basis
Direct Marketing including sending you information about products or services which we feel may interest you (where you have consented or we have a legitimate interest)

 

 Consent, or

Legitimate Interest where you have contacted us about a provision of an Alliotts’ service.
Improve our website and services

 

 Legitimate Interests
Event Registration and Management Legitimate Interests
Responding to inquiries made by web form, telephone calls or emails Legitimate Interests
Managing our relationship with you as a customer Necessary to fulfil a contract with you
Manage our business operations and quality control Legitimate Interests
Coordinating and responding to inspections from regulatory bodies to provide required evidence Legal Obligation
Meeting legal obligations in relation to the services we provide to you Legal Obligation
Carry out identity verification and anti-money laundering checks Legal Obligation
Assess and manage conflicts of interest Legitimate Interests
Manage or investigate complaints you may make Legitimate Interests
Controlling, monitoring and managing security of our offices using CCTV, access logs for the purposes of preventing, detecting and investigating crime, unauthorised access and security incidents; Safeguarding Alliotts’ premises, assets, information and equipment; Supporting incident investigation, accident reporting and health & safety compliance Legitimate Interests
Deliver professional services to you (audit, tax, advisory, and related services) Necessary to fulfil a contract with you
Collect information from credit reference agencies and fraud prevention agencies Legitimate Interests
Maintain our records for administrative purposes Legitimate Interests
Defend or pursue legal claims Legitimate Interests
Fraud prevention and detection Legitimate Interests

 

Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests.

  1. How long do we keep your data?

We will retain your personal data only for as long as necessary for the purposes for which your data was collected. This could include keeping your data for as long as necessary to fulfil our contract with you, to comply with our legal and regulatory requirements, and otherwise in accordance with guidance from our supervisory bodies (e.g., ICAEW).

Service Line Retention period Action at end of period

 
Accounts and Outsourcing Six years plus current Secure destruction
Audit In accordance with professional standards (usually Six years plus current) Secure destruction
Corporate tax In accordance with HMRC requirements (usually Six years plus current) Secure destruction
Personal Tax In accordance with HMRC requirements (usually Six years plus current)

Information relating to gifts, chargeable assets, capital relief and others as applicable will be retained permanently and reviewed annually

 Secure destruction

Retained until client disengagement and information returned to client.
Payroll Six years plus current Secure destruction

 

 

 
Probate Duration of client engagement Return to client or secure destruction – action to be taken according to written instruction from the client.

 

 
Company Secretarial Retained for the duration of client engagement Co sec records returned to client or sent to new accountant
  • Client Engagement data                      6 years from the end of the engagement or longer where required by specific regulations
  • Anti-money laundering records           5 years from the end of the business relationship
  • Marketing consent records                  Until consent is withdrawn, plus a reasonable period to maintain suppression lists
  • Website analytics                                Typically 26 months

For further information about specific retention periods, please see our Data Retention Policy or email our Data Protection Officer at data@alliotts.com.

  1. How we share your information

We will only share information with third parties where it is necessary to provide our services or comply with legal obligations.

We share information with the following categories of recipients:

  • Other companies in the Shaw Gibbs Group
  • Our international network, Alliott Global Alliance if necessary to provide advice/services
  • Business associates and other professional advisers (where requested or necessary)
  • Our IT service providers and technology platforms (e.g., cloud hosting, document management, practice management software)
  • Email and communication service providers
  • Professional indemnity insurers
  • Credit reference agencies and fraud prevention agencies
  • Banking and payment service providers
  • HMRC and other tax authorities
  • Legal and regulatory authorities, including ICAEW
  • Courts, tribunals and law enforcement agencies where required by law
  • Prospective buyers or investors (in the event of a business sale or restructure)
  1. International data transfers

In some circumstances, the information you provide may be transferred to countries outside the United Kingdom that may not have equivalent data protection laws.

Where we transfer data internationally, we will take steps to ensure adequate protections are in place, including:

  • Transferring to countries with UK adequacy decisions
  • Using Standard Contractual Clauses approved by the UK authorities
  • Ensuring the recipient is covered by appropriate binding corporate rules
  • Relying on appropriate derogations where necessary

You have the right to obtain information about the safeguards we have in place for international transfers. Please contact us using the details at the end of this notice.

  1. How we may market to you

We would like to send you information about products and services of ours and other companies in The Shaw Gibbs Group which may be of interest to you.

We may contact you by:

  • Email
  • Post
  • Telephone (where you have provided consent)

Your right to opt out: You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes or wish to change your preferences, please contact data@alliotts.com

Choosing to opt out of marketing communications will have no detrimental impact to your relationship with Alliotts LLP.

If you opt out, we will add you to a do not contact list to ensure we comply with your request and that you are not added back into our marketing lists.

  1. How we keep your information secure

We take the security of your information seriously. We have implemented appropriate technical and organizational measures to protect your personal data from loss, misuse, alteration, unauthorized access or destruction, including:

  • Secure storage on encrypted servers and in controlled physical premises
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Staff training in data protection and information security
  • Secure communication channels
  • Regular backups and disaster recovery procedures
  • Confidentiality obligations for all staff and third-party processors

Our security and privacy policies are regularly reviewed and updated.

  1. Your rights

Under the General Data Protection Regulation, all individuals have certain rights in relation to their personal data.  You are entitled to:

Right  What this means 
Right to be informed  You have the right to clear information about how we use your data (this notice)
Right of access  You can request a copy of your personal data
Right to rectification  You can ask us to correct inaccurate or incomplete data
Right to erasure  You can ask us to delete your data in certain circumstances
Right to restrict processing  You can ask us to stop processing your data temporarily
Right to data portability  You can request your data in a machine-readable format
Right to object  You can object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making  You have rights regarding automated decisions

Please note: These rights are not absolute and are dependent on the lawful basis relied upon and may be overridden by our legal obligations. For example, we may need to retain certain information to comply with regulatory requirements.

To exercise any of your rights, please:

  • Contact our Data Protection Officer using the details below
  • Specify which right you wish to exercise and the data it relates to

Where necessary, you may be asked to provide proof of identity (copy of driving license or passport) and address (recent utility or credit card bill)

We will respond to your request within one month. In complex cases, we may extend this by a further two months and will inform you if this is necessary.

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner Office (ICO): https://ico.org.uk/

  1. Cookies

Cookies are small text files placed on your computer to collect standard internet log information and visitor behavior information. This information helps us track visitor use of the website and compile statistical reports on website activity.

We use cookies to:

  • Remember your preferences and settings
  • Understand how you use our website
  • Improve website performance and user experience
  • Provide analytics on website traffic

For detailed information on the cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.

  1. Children’s data

Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from children.

If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

  1. Other websites

Our website may contain links to other websites. This privacy notice only applies to Alliotts website.

When you click on links to other websites, you should read their own privacy policies to understand how they collect and use your information. We are not responsible for the privacy practices of other organisations.

  1. Changes to our Privacy Notice

We keep our privacy notice under regular review to reflect changes in law, best practice, and our data processing activities.

Any updates will be posted on this webpage. Where changes are significant, we may also notify you directly by email.

Previous versions of this notice are available on request.

  1. How to contact us

If you have any questions about this privacy notice, wish to exercise your rights, or have concerns about how we handle your data, please contact:

Data Protection Officer

Alliotts LLP

Manfield House

1 Southampton Street

London

WC2R 0LR

Email: data@alliotts.com

Alliotts LLP | Version 3.0 | March 2026