Privacy Policy
How MazeKey Accountants collects, uses, stores and protects your personal information — in full compliance with UK GDPR and the Data Protection Act 2018.
Please Read This Policy Carefully
This Privacy Policy explains how MazeKey Accountants (“we”, “us”, “our”) collects, uses and protects the personal information you provide to us when you use our website, contact us, or engage us for accounting and professional services. We are committed to protecting your privacy and handling your data responsibly, lawfully and transparently in accordance with UK GDPR and the Data Protection Act 2018.
Who We Are
MazeKey Accountants is the data controller responsible for your personal information. Our full contact details are:
Business Name: MazeKey Accountants
Address: Address: Building 3, North London Business Park, Oakleigh Road South, New Southgate, London N11 1GN
Telephone: 020 3981 9311
Email: business@mazekey.co.uk
Website : mazekey.co.uk
As a data controller, we determine the purposes and means of processing your personal data. We are registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.
Information We Collect
We collect personal information in several ways depending on how you interact with us. The types of personal data we may collect include:
2.1 Information You Provide Directly
- Identity data: first name, last name, title, date of birth, National Insurance number
- Contact data: email address, telephone number, postal address
- Business data: company name, company registration number, VAT number, business address
- Financial data: income, expenditure, bank account details, tax reference numbers, financial records and statements
- Transaction data: details of services we have provided to you and payments made
- Communications data: any information you include in emails, letters, telephone calls or messages to us
2.2 Information We Collect Automatically
- Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system and platform
- Usage data: information about how you use our website, including pages visited and time spent
- Cookie data: see Section 8 for full details of our cookie use
2.3 Information from Third Parties
- HMRC, Companies House and other government bodies in the course of providing our services
- Banks and financial institutions, with your consent
- Credit reference agencies where relevant to services provided
- Referrals from other clients or professional contacts
Special Category Data: In providing accounting and tax services, we may occasionally process special category data (such as health information relevant to certain tax reliefs, or information about criminal convictions relevant to directorship). We process such data only where strictly necessary and with appropriate safeguards in place.
How We Use Your Information
We use the personal data we hold about you for the following purposes:
Special Category Data: In providing accounting and tax services, we may occasionally process special category data (such as health information relevant to certain tax reliefs, or information about criminal convictions relevant to directorship). We process such data only where strictly necessary and with appropriate safeguards in place.
| Purpose | Type of Data | Legal Basis |
|---|---|---|
| Providing accounting, bookkeeping, tax and payroll services | Identity, Contact, Financial, Business | Contract performance; Legal obligation |
| Filing tax returns, accounts and regulatory submissions on your behalf | Identity, Financial, Business | Contract performance; Legal obligation |
| Responding to your enquiries and communications | Identity, Contact, Communications | Legitimate interests |
| Sending service updates, deadline reminders and relevant information | Identity, Contact | Contract performance; Legitimate interests |
| Managing our business relationship and client records | Identity, Contact, Transaction | Contract performance; Legal obligation |
| Anti-money laundering (AML) and Know Your Client (KYC) checks | Identity, Financial | Legal obligation |
| Invoicing and financial administration | Identity, Contact, Financial | Contract performance; Legal obligation |
| Improving our website and services | Technical, Usage | Legitimate interests |
| Marketing communications (where you have consented) | Identity, Contact | Consent |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Legal Basis for Processing
Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
4.1 Performance of a Contract
Where processing is necessary to perform a contract with you — for example, providing accounting, tax or payroll services you have engaged us to deliver.
4.2 Legal Obligation
Where we are required to process your data to comply with a legal obligation — for example, anti-money laundering legislation, HMRC reporting requirements, or professional regulatory obligations as a regulated accountancy practice.
4.3 Legitimate Interests
Where processing is in our legitimate business interests, provided those interests are not overridden by your rights. Our legitimate interests include managing client relationships, improving our services, and protecting our business from fraud or risk. We always carefully balance our interests against your rights and freedoms before relying on this basis.
4.4 Consent
Where you have given us clear consent to process your data for a specific purpose — such as receiving marketing communications from us. You have the right to withdraw consent at any time by contacting us at business@mazekey.co.uk.
Who We Share Your Data With
We may share your personal information with the following categories of recipients, but only where strictly necessary and appropriate:
5.1 Government and Regulatory Bodies
- HMRC — for the purpose of filing tax returns, VAT returns, payroll submissions (RTI) and other statutory filings on your behalf
- Companies House — for filing annual accounts, confirmation statements and other company documentation
- The Charity Commission — for clients in the charity sector, as required
- Other regulatory bodies — as required by law or professional regulation
5.2 Professional Third Parties
- Solicitors, barristers or other legal professionals where required for the provision of services
- Banks and financial institutions with your consent
- Insurance providers where relevant
5.3 Service Providers
- Cloud accounting software providers (such as Xero, QuickBooks or Sage) — where you have subscribed to these platforms
- IT service providers and cloud hosting providers who store data on our behalf
- Email and communication service providers
We do not sell your personal data to any third party. We do not share your personal data with marketing companies or data brokers. All third-party service providers who process data on our behalf are bound by data processing agreements and are required to keep your data secure and confidential.
5.4 Legal Requirements
We may disclose your personal data to law enforcement agencies, courts or other government authorities where required by law, or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of any person.
How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes for which it was collected, including satisfying any legal, accounting or reporting requirements.
| Type of Data | Retention Period | Reason |
|---|---|---|
| Client accounting and tax records | Minimum 6 years from the end of the relevant tax year | HMRC statutory requirement |
| Company accounting records | Minimum 6 years from the date the record was made | Companies Act 2006 |
| Anti-money laundering (AML) records | 5 years from the end of the business relationship | Money Laundering Regulations 2017 |
| Payroll records | Minimum 3 years after the end of the tax year | HMRC statutory requirement |
| VAT records | Minimum 6 years | HMRC statutory requirement |
| General client correspondence | 6 years from the end of the client relationship | Professional standards and legal claims |
| Website enquiry data (non-clients) | 12 months | Legitimate interests |
| Marketing consent records | Until consent is withdrawn | UK GDPR consent records |
When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention policy.
Keeping Your Data Secure
We take the security of your personal data very seriously. We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, accessed, altered or disclosed without authorisation.
Technical Measures
- Encrypted data storage and transmission (SSL/TLS)
- Password-protected and access-controlled systems
- Two-factor authentication on key systems
- Regular software updates and security patching
- Use of reputable, UK/EEA-based cloud service providers with appropriate security certifications
Organisational Measures
- Strict access controls — only staff who need access to your data to perform their role can access it
- Staff training on data protection obligations and secure handling of personal data
- Clear data handling procedures and internal policies
- Regular review of data security practices
Data Breach Procedure: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.
Cookies
Our website uses cookies to distinguish you from other users and to improve your browsing experience. Cookies are small text files placed on your device when you visit a website.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the website to function — enabling navigation, form submission and security features | Session |
| Performance / Analytics | Helping us understand how visitors use our website so we can improve it (e.g. Google Analytics) | Up to 2 years |
| Functional | Remembering your preferences and settings to enhance your experience | Up to 1 year |
You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.aboutcookies.org.
Your Rights Under UK GDPR
Under UK data protection law, you have a number of important rights regarding your personal data. These rights are:
9.1 Right of Access
You have the right to request a copy of the personal data we hold about you (known as a Subject Access Request). We will respond within one month of receiving your request.
9.2 Right to Rectification
You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete data.
9.3 Right to Erasure
You have the right to request that we delete your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent. This right does not apply where we have a legal obligation to retain the data.
9.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, where you contest its accuracy or object to our processing of it.
9.5 Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to request that we transmit it to another data controller.
9.6 Right to Object
You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to processing for direct marketing purposes.
9.7 Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently carry out any such automated decision-making.
How to Exercise Your Rights: To exercise any of these rights, please contact us at business@mazekey.co.uk or by post to Building 3, North London Business Park, Oakleigh Road South, New Southgate, London N11 1GN. We will respond to all requests within one month. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.
International Data Transfers
In the course of providing our services, we primarily store and process data within the United Kingdom and the European Economic Area (EEA). Where we use third-party service providers who may transfer data outside the UK or EEA (for example, cloud software platforms), we ensure that appropriate safeguards are in place, including:
- Adequacy decisions issued by the UK Government confirming that the destination country provides an adequate level of data protection
- Standard Contractual Clauses (SCCs) approved for use under UK GDPR
- UK International Data Transfer Agreements (IDTAs) where appropriate
- Binding Corporate Rules (BCRs) for multinational organisations
We will only transfer your personal data internationally where we are satisfied that your rights and freedoms are adequately protected.
Third-Party Websites
Our website may contain links to third-party websites, including government portals such as HMRC (gov.uk), Companies House and cloud accounting platforms. When you follow a link to any of these websites, please be aware that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies or for how those websites collect and use your personal data.
We encourage you to review the privacy policy of any website you visit before providing any personal information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or in applicable law. When we make significant changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify existing clients by email.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any changes are posted constitutes your acceptance of those changes.
This policy was last reviewed and updated in April 2026.
Contact Us & How to Complain
If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or have a concern about how we have handled your personal data, please contact us using any of the details below.
- London Branch
163 Stoke Newington Road, N16 8BP
- Head office
Building 3
North London Business Park
Oakleigh Road South
New Southgate
N11 1GN
North London Business Park
Oakleigh Road South
New Southgate
N11 1GN
How to Complain to the ICO
If you are not satisfied with our response to your privacy concern, or believe we are processing your personal data in a way that is not compliant with UK data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) — the UK’s independent data protection regulator.
Information Commissioner’s Office (ICO)
Helpline: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would, however, always appreciate the opportunity to address your concerns directly before you approach the ICO, and encourage you to contact us in the first instance.