Legal

Privacy Policy for Countify Clients and Website Visitors

How we collect, use and protect your personal data under UK GDPR.

£0
First consult
20+
Years combined
ACCA
Regulated

Last reviewed: 23 May 2026

This Privacy Policy for Countify clients and website visitors explains how we handle personal data when you use our website, contact us, or instruct us for accounting and tax services.

SK and Company Accountants Ltd trading as Countify | SC589649 | ICO ZA683204

1. Who we are

Countify is a trading name of SK and Company Accountants Ltd, a company registered in Scotland under company number SC589649, with its registered office at 3rd Floor, St. Georges Building, 5 St. Vincent Place, Glasgow, G1 2DH.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act as a data controller in respect of personal data we collect about you. This means we determine the purposes and means by which your personal data is processed.

We are registered with the Information Commissioner's Office (ICO) under registration number ZA683204. You can verify our registration at ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers.

Questions about this policy or how we handle your personal data should be directed to sales@countify.co.uk.

2. Information we collect

We may collect and process the following categories of personal data:

Contact and identity information

  • Name, email address, telephone number, postal address and business name provided when you contact us, submit an enquiry or instruct us as a client.
  • Professional information including job title, company role and company registration number.

Financial and accounting information

  • Financial records you supply or that we receive on your behalf, including invoices, bank statements, payroll records, tax returns, accounts and related documentation.
  • HMRC and Companies House reference numbers and correspondence.
  • Salary, dividend and pension information for payroll and personal tax clients.

Identity and anti-money laundering verification information

  • Proof of identity, such as passport, driving licence or national ID card.
  • Proof of address, such as a utility bill, bank statement or similar document.

We are required to collect and verify this information under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 before providing services.

Special category data

In limited circumstances, the financial records you provide may contain special category data, for example health information in an employment context or data revealing trade union membership in payroll records. We process such data only where strictly necessary to perform the services you have engaged us for and where we have a lawful basis under UK GDPR Article 9, specifically:

  • Processing is necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f)).
  • You have given explicit consent (Article 9(2)(a)).
  • Processing is necessary for carrying out obligations under employment law (Article 9(2)(b)).

We do not seek out special category data and will only hold it where it is contained within records you supply to us in the course of an engagement.

Technical and website data

Limited technical information when you use this website, such as IP address, browser type, device type, pages visited and time spent. See our Cookies Policy at www.countify.co.uk/cookies for full details.

3. Lawful basis for processing

We rely on one or more of the following lawful bases under UK GDPR Article 6:

Lawful basisWhen we use it
Contract (Article 6(1)(b))To deliver the accounting and tax services set out in your engagement letter, including preparing accounts, filing tax returns, processing payroll and providing VAT services.
Legal obligation (Article 6(1)(c))To comply with our obligations under HMRC regulations, Companies House requirements, the Money Laundering Regulations 2017, ACCA professional standards and other applicable law.
Legitimate interests (Article 6(1)(f))To operate and improve our website, prevent fraud and financial crime, manage our business relationships, and communicate with you about services relevant to your engagement. We have balanced these interests against your rights and determined they do not override your fundamental rights and freedoms.
Consent (Article 6(1)(a))Where you have actively opted in to receive marketing communications from us. You may withdraw consent at any time by emailing sales@countify.co.uk or clicking unsubscribe in any marketing email.

4. How we use your personal data

We use your personal data for the following purposes:

  • To provide accounting, tax, bookkeeping, payroll and related professional services under your engagement letter.
  • To communicate with you about your engagement including sending you documents, requests for information and engagement correspondence.
  • To comply with our legal and regulatory obligations including anti-money laundering checks, HMRC and Companies House filings, and ACCA regulatory requirements.
  • To send you service-related updates such as changes to tax legislation, filing deadlines or HMRC guidance relevant to your affairs. These communications are sent on the basis of legitimate interests and are not marketing.
  • To send you marketing communications only where you have given explicit consent or where we have an existing client relationship and you have not opted out.
  • To operate, maintain and improve this website using technical data.
  • To prevent and detect fraud and financial crime.
  • To manage our business records, billing and administration.

5. Who we share your data with

We do not sell your personal data. We share personal data only where necessary and under appropriate contractual safeguards. Recipients may include:

5.1. Regulatory bodies and government authorities

  • HMRC for tax returns, VAT filings, PAYE submissions and other regulatory filings made on your behalf.
  • Companies House for annual accounts, confirmation statements and other statutory filings.
  • ACCA in connection with our regulatory obligations as an ACCA-regulated firm.
  • Other regulators where required by law or court order.

5.2. Technology and service providers

We use the following categories of software provider to deliver our services, each acting as a data processor under written data processing agreements:

CategoryExamplesPurpose
Cloud accountingXero, QuickBooks Online, FreeAgentBookkeeping and accounts preparation
Practice managementIRIS Elements, TaxCalc, EngagerTax return preparation and client management
Payroll softwareBrightPay CloudPayroll processing and RTI submissions
Company secretarialInform DirectCompanies House filings
Cloud storageGoogle WorkspaceSecure document and file storage
CommunicationsMicrosoft Outlook, Google WorkspaceEmail and document sharing
Website hostingNext.js / hosting providerWebsite operation

5.3. Professional advisers and business transfers

We may share data with our legal advisers, insurers and auditors where necessary for the operation of our practice, subject to confidentiality obligations.

In the event of a merger, acquisition or sale of the practice, your personal data may be transferred to the successor entity. We will notify you in advance and ensure the same standard of protection continues to apply.

5.4. Overseas contractors

Some of our professional work is carried out by authorised contractors based outside the United Kingdom, recruited and controlled directly by us, based in Pakistan, who assist with bookkeeping, accounts preparation, payroll processing, administrative tasks and other professional work under our direct supervision and instruction.

These personnel are subject to confidentiality obligations and are permitted to access client data solely to the extent necessary to carry out the work we assign to them. Access is provided through the same secure cloud-based systems used by our UK team including Google Drive and cloud accounting platforms, and is subject to the same access controls and security standards described in section 8 of this policy.

We have taken steps to ensure that appropriate contractual safeguards are in place governing the processing of personal data, in accordance with our obligations under UK GDPR Article 28. The transfer of personal data to Pakistan in connection with this arrangement is covered by the international transfer safeguards described in section 6 below.

If you have any concerns about the processing of your data by our overseas contractors, please contact us at sales@countify.co.uk.

6. International transfers

Some of our software providers and authorised contractors operate outside the United Kingdom. Where your personal data is transferred outside the UK, whether to software infrastructure or to our overseas contractors, we ensure that appropriate safeguards are in place as required by UK GDPR Chapter V.

In particular, personal data processed by our Pakistan-based contractors involves a transfer to a country that does not currently benefit from a UK adequacy decision. We address this through contractual safeguards as described below.

The transfer mechanisms we rely on include:

  • International Data Transfer Agreements (IDTAs), the UK Government-approved standard contractual clauses for transfers to countries without a UK adequacy decision. This mechanism covers transfers to our Pakistan-based contractors.
  • UK adequacy regulations where the ICO has determined that the destination country provides an adequate level of protection, for example transfers to EEA countries covered by UK adequacy decisions.
  • UK GDPR Article 49 derogations in limited circumstances, where one of the specific derogations applies, for example where the transfer is necessary for the performance of a contract with you.

You may request further information about the specific safeguards in place for any particular transfer by contacting us at sales@countify.co.uk.

7. How long we keep your data

We retain personal data for as long as necessary for the purposes for which it was collected and to comply with our legal and regulatory obligations. Our standard retention periods are as follows:

Data typeRetention periodBasis
Client accounting and tax records6 years from end of engagementHMRC and ACCA retention requirements
Anti-money laundering records5 years from end of business relationshipMoney Laundering Regulations 2017
Payroll records3 years from end of tax year (HMRC minimum)Income Tax (PAYE) Regulations 2003
Companies House filing records6 years from date of filingCompanies Act 2006
Prospective client enquiries (non-converting)12 months from date of enquiryLegitimate interests - sufficient to follow up
Marketing contact data (consented)Until consent is withdrawn or unsubscribedConsent-based - withdrawn on request

When data is no longer required we delete or destroy it securely in accordance with our data destruction procedures.

8. How we keep your data secure

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration. These measures include:

  • All client data is stored in encrypted, password-protected cloud systems with role-based access controls. Only staff who need access to your data for service delivery purposes can access it.
  • We use industry-standard cloud accounting and practice management platforms with their own security certifications, including Xero, QuickBooks, IRIS Elements and BrightPay Cloud, all of which maintain ISO 27001 or equivalent security standards.
  • Staff access to client systems is controlled through individual user accounts with strong password requirements and, where available, two-factor authentication.
  • We do not transmit sensitive client documents by unencrypted email where secure alternatives are available.
  • Physical access to our office premises is restricted.

While we take all reasonable steps to protect your personal data, no system is completely secure. If you believe your personal data has been compromised, please contact us immediately at sales@countify.co.uk.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it and, where required, notify you directly.

9. Cookies

Our website uses limited cookies and similar technologies to ensure the website functions correctly and to support basic site preferences. For full details of the cookies we use, what they do and how to manage your preferences, please read our Cookies Policy at www.countify.co.uk/cookies.

10. Your rights under UK GDPR

You have the following rights in relation to your personal data. To exercise any of these rights please contact us at sales@countify.co.uk. We will respond within one month of receiving your request.

RightWhat it means
Right of accessYou have the right to request a copy of the personal data we hold about you, known as a Subject Access Request. We will provide this free of charge within one month.
Right to rectificationYou have the right to ask us to correct any inaccurate personal data we hold about you, or to complete any incomplete data.
Right to erasureYou have the right to ask us to delete your personal data in certain circumstances, for example where we no longer need it and are not required by law to retain it.
Right to restrictionYou have the right to ask us to restrict how we use your data in certain circumstances, for example while a dispute about accuracy is resolved.
Right to objectYou have the right to object to our processing of your data where we rely on legitimate interests or where we use it for direct marketing. We will stop processing unless we have compelling legitimate grounds that override your interests.
Right to portabilityWhere we process your data by automated means on the basis of contract or consent, you have the right to receive your data in a structured, machine-readable format.
Right to withdraw consentWhere we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

11. Automated decision-making

We do not use automated decision-making or profiling, including by artificial intelligence, that produces legal or similarly significant effects on you. All decisions affecting your affairs are made by our qualified professional staff.

12. Children

Our services are directed at businesses and adults. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected personal data from a child, please contact us at sales@countify.co.uk and we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the services we provide. The "Last reviewed" date at the top of this page shows when the policy was last updated. We encourage you to review this page periodically.

Where changes are material, we will take reasonable steps to notify you, for example by email to clients or by a prominent notice on the website.

14. How to contact us and make a complaint

If you have any questions about this Privacy Policy, wish to exercise any of your rights or have a concern about how we handle your personal data, please contact us:

Post
Countify Privacy Team, 3rd Floor, St. Georges Building, 5 St. Vincent Place, Glasgow, G1 2DH
Telephone
07515 646845
For the attention of
Kamran Ishaq FCCA, Director

We will acknowledge your request within 5 business days and respond in full within one month.

Right to complain to the ICO

If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Telephone
0303 123 1113
Post
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns directly before you contact the ICO, but you are entitled to raise a complaint with the ICO at any time.

End of Privacy Policy - countify.co.uk