Privacy Policy

Last updated: 29 August 2025

1. Introduction

Glitter Mount Accounting Services ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website glitter-mount.com and use our services.

This policy should be read alongside our Terms of Service and Cookie Policy.

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide to us when you:

• Contact us through our website forms
• Subscribe to our newsletter
• Request our services
• Communicate with us by email or phone
• Engage our professional services

This information may include:

• Name and contact details (email, phone, address)
• Business information (company name, industry, size)
• Financial information (only when providing services)
• Communication preferences
• Any other information you choose to provide

2.2 Information Automatically Collected

When you visit our website, we may automatically collect certain information, including:

• IP address and location data
• Browser type and version
• Operating system
• Referring website
• Pages visited and time spent
• Device information

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our cookie usage, please see our Cookie Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• Providing accounting and financial services
• Communicating about our services
• Processing your requests and enquiries
• Managing client relationships
• Complying with professional and legal obligations

3.2 Website and Communication

• Operating and maintaining our website
• Sending newsletters and marketing communications (with consent)
• Responding to your comments and questions
• Providing customer support

3.3 Business Operations

• Improving our services and website
• Conducting business analysis
• Preventing fraud and enhancing security
• Complying with legal and regulatory requirements

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing necessary for the performance of a contract with you or to take steps prior to entering into a contract.

4.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Providing and improving our services
• Direct marketing to existing clients
• Fraud prevention and security
• Business administration

4.3 Legal Obligation

Processing necessary to comply with legal or regulatory obligations, including:

• Anti-money laundering requirements
• Tax and accounting regulations
• Professional body requirements
• Court orders or statutory demands

4.4 Consent

Where you have given specific consent, such as for marketing communications or non-essential cookies.

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Professional Requirements

• With HMRC and other tax authorities as required
• With Companies House for statutory filings
• With professional regulatory bodies
• With banks and financial institutions (when authorised)

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• IT and software services
• Cloud storage and backup
• Communication services
• Professional indemnity insurance

5.3 Legal Requirements

We may disclose information when required by law, including:

• Court orders or legal proceedings
• Regulatory investigations
• Law enforcement requests
• Statutory obligations

5.4 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of that transaction.

6. International Transfers

We primarily store and process your data within the UK. However, some of our service providers may be located outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Secure backup and recovery procedures

However, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

8.1 Client Data

• Accounting records: 6 years after the end of the accounting period
• Tax records: 6 years from the end of the relevant tax year
• VAT records: 6 years from the end of the VAT period
• Payroll records: 3 years after the end of the tax year

8.2 Marketing Data

Newsletter subscriptions and marketing data are retained until you unsubscribe or we determine the data is no longer needed.

8.3 Website Data

Website analytics and technical data are typically retained for 2 years unless longer retention is required for legal purposes.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request copies of your personal data that we hold.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

9.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling, though we do not typically engage in such activities.

10. Exercising Your Rights

To exercise any of your rights, please contact us using the details provided in Section 16. We will respond to your request within one month, though this may be extended in complex cases.

Please note that certain rights may be limited by:

• Legal or regulatory requirements
• Professional obligations
• Legitimate business interests
• The rights and freedoms of others

11. Marketing Communications

We may send you marketing communications if:

• You have given explicit consent
• You are an existing client and we are marketing similar services
• We have a legitimate interest and you have not objected

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in emails
• Contacting us directly
• Updating your preferences

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it promptly.

13. Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites, and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party websites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our website

The updated policy will be effective from the date specified in the "last updated" notice.

15. Complaints

If you have concerns about how we handle your personal data, please contact us first using the details below. We will investigate and respond to your complaint promptly.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

16. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

17. Professional Obligations

As professional accountants, we are subject to additional confidentiality and data protection obligations under:

• Institute of Chartered Accountants in England and Wales (ICAEW) regulations
• Association of Chartered Certified Accountants (ACCA) rules
• Professional codes of conduct
• Client confidentiality requirements

These professional obligations may affect how we handle your personal data and may provide additional protections beyond those required by data protection law.

18. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms. This helps us identify and mitigate privacy risks in our operations.

19. Automated Processing

We do not typically engage in automated decision-making or profiling that would significantly affect individuals. If we were to introduce such processing in the future, we would update this policy and ensure appropriate safeguards are in place.

20. Data Minimisation

We are committed to data minimisation and only collect and process personal data that is:

• Adequate for our purposes
• Relevant to our services
• Limited to what is necessary

We regularly review the personal data we hold to ensure it remains necessary and accurate.