Privacy Policy for Hearthstone Accounts
At Hearthstone Accounts, we are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy outlines how we collect, use, process, and protect your information when you interact with our services, which include personal tax returns, corporate tax planning, VAT compliance, payroll services, financial forecasting, inheritance tax advice, IRS audit representation, capital gains tax consultancy, and international tax advice.
1. Information We Collect
We collect various types of information to provide and improve our consulting services. This information includes:
- Personal Identification Information: Name, address, date of birth, national insurance number, passport details, or other government-issued identification.
- Contact Information: Email address, phone number, and postal address.
- Financial Information: Bank account details, income details, expenditure records, investment portfolios, tax records, and other financial data required for tax and financial consulting.
- Business Information: For corporate clients, this may include company registration details, VAT numbers, payroll data, and financial statements.
- Technical Data: When you visit our online platform, we may collect information regarding your IP address, browser type, operating system, referring URLs, and device information. This helps us ensure the security and functionality of our platform.
- Communication Data: Records of your communications with us, including emails, phone calls, and meeting notes, to effectively manage client relationships and provide tailored advice.
2. How We Collect Your Information
We collect information through various methods, including:
- Direct Interactions: When you engage our services, communicate with us via phone, email, or in person, or provide documents for tax and financial consulting.
- Website Usage: Through cookies and similar tracking technologies when you browse our online platform.
- Third Party Sources: In some cases, we may receive information from third parties, such as HMRC, Companies House, or other financial institutions, where necessary for the provision of our services and with your consent or legal basis.
3. How We Use Your Information
We use your information for the following purposes, relying on various legal bases under GDPR:
- Service Provision: To deliver our financial and tax consulting services, including personal tax returns, corporate tax planning, VAT compliance, payroll services, financial forecasting, inheritance tax advice, IRS audit representation, capital gains tax consultancy, and international tax advice. This is necessary for the performance of a contract with you.
- Legal and Regulatory Compliance: To comply with legal and regulatory obligations, such as anti-money laundering regulations, tax laws, and professional body requirements. This is necessary for compliance with a legal obligation.
- Communication: To communicate with you about your services, updates, and relevant information. This is necessary for the performance of a contract with you or in our legitimate interests.
- Improving Our Services: To analyze how our services are used and to improve their quality, efficiency, and relevance. This is in our legitimate interests to grow our business.
- Security and Fraud Prevention: To maintain the security of our systems and to detect and prevent fraud and other illegal activities. This is in our legitimate interests to protect our business and clients.
4. Disclosure of Your Information
We may share your information with:
- Government Bodies: Such as HMRC (His Majesty's Revenue and Customs) or other tax authorities, when required by law for tax filings, audits, or regulatory compliance.
- Service Providers: Third-party vendors who assist us in providing our services, such as IT support, document management, or secure data storage providers, under strict confidentiality agreements.
- Professional Advisors: Including lawyers, auditors, and insurers, when necessary for professional advice or to protect our legal interests.
- Other Parties: With your explicit consent or as required by law.
We ensure that all third parties respect the security of your personal data and treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
5. Data Security
We have implemented appropriate technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. We use data encryption, secure servers, access controls, and regular security audits. Our staff are trained on data protection best practices.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This typically aligns with regulatory requirements for financial and tax records, which can be up to 7 years after the end of our relationship. Once your data is no longer necessary, we will securely delete or anonymize it.
7. Your Rights
Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:
- Right of Access: To request a copy of the personal data we hold about you.
- Right to Rectification: To request that we correct any inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): To request the deletion of your personal data, under certain conditions.
- Right to Restriction of Processing: To request that we limit the way we use your personal data, under certain conditions.
- Right to Object to Processing: To object to our processing of your personal data, under certain conditions.
- Right to Data Portability: To request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.
8. International Data Transfers
We primarily process data within the United Kingdom. If, for specific service requirements (e.g., international tax advice involving non-UK jurisdictions), your data needs to be transferred outside the UK or European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office, to guarantee the protection of your data.
9. Cookies
Our online platform may use cookies to enhance your experience. Cookies are small data files placed on your device. We use necessary cookies for the website’s basic functionality and analytical cookies to understand how our site is used, which helps us improve it. You can manage your cookie preferences through your browser settings.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our online platform, and we encourage you to review it periodically.
11. How to Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
Hearthstone Accounts
315 Bishopsgate, Floor 7,
London, Greater London, EC2M 3JY, UK
Phone: 020 7946 0876
12. Complaints
If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.