Legal
Privacy Policy for Countify Clients and Website Visitors
How we collect, use and protect your personal data under UK GDPR.
Last reviewed: 23 May 2026
This Privacy Policy for Countify clients and website visitors explains how we handle personal data when you use our website, contact us, or instruct us for accounting and tax services.
SK and Company Accountants Ltd trading as Countify | SC589649 | ICO ZA683204
1. Who we are
Countify is a trading name of SK and Company Accountants Ltd, a company registered in Scotland under company number SC589649, with its registered office at 3rd Floor, St. Georges Building, 5 St. Vincent Place, Glasgow, G1 2DH.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we act as a data controller in respect of personal data we collect about you. This means we determine the purposes and means by which your personal data is processed.
We are registered with the Information Commissioner's Office (ICO) under registration number ZA683204. You can verify our registration at ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers.
Questions about this policy or how we handle your personal data should be directed to sales@countify.co.uk.
2. Information we collect
We may collect and process the following categories of personal data:
Contact and identity information
- Name, email address, telephone number, postal address and business name provided when you contact us, submit an enquiry or instruct us as a client.
- Professional information including job title, company role and company registration number.
Financial and accounting information
- Financial records you supply or that we receive on your behalf, including invoices, bank statements, payroll records, tax returns, accounts and related documentation.
- HMRC and Companies House reference numbers and correspondence.
- Salary, dividend and pension information for payroll and personal tax clients.
Identity and anti-money laundering verification information
- Proof of identity, such as passport, driving licence or national ID card.
- Proof of address, such as a utility bill, bank statement or similar document.
We are required to collect and verify this information under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 before providing services.
Special category data
In limited circumstances, the financial records you provide may contain special category data, for example health information in an employment context or data revealing trade union membership in payroll records. We process such data only where strictly necessary to perform the services you have engaged us for and where we have a lawful basis under UK GDPR Article 9, specifically:
- Processing is necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f)).
- You have given explicit consent (Article 9(2)(a)).
- Processing is necessary for carrying out obligations under employment law (Article 9(2)(b)).
We do not seek out special category data and will only hold it where it is contained within records you supply to us in the course of an engagement.
Technical and website data
Limited technical information when you use this website, such as IP address, browser type, device type, pages visited and time spent. See our Cookies Policy at www.countify.co.uk/cookies for full details.
3. Lawful basis for processing
We rely on one or more of the following lawful bases under UK GDPR Article 6:
| Lawful basis | When we use it |
|---|---|
| Contract (Article 6(1)(b)) | To deliver the accounting and tax services set out in your engagement letter, including preparing accounts, filing tax returns, processing payroll and providing VAT services. |
| Legal obligation (Article 6(1)(c)) | To comply with our obligations under HMRC regulations, Companies House requirements, the Money Laundering Regulations 2017, ACCA professional standards and other applicable law. |
| Legitimate interests (Article 6(1)(f)) | To operate and improve our website, prevent fraud and financial crime, manage our business relationships, and communicate with you about services relevant to your engagement. We have balanced these interests against your rights and determined they do not override your fundamental rights and freedoms. |
| Consent (Article 6(1)(a)) | Where you have actively opted in to receive marketing communications from us. You may withdraw consent at any time by emailing sales@countify.co.uk or clicking unsubscribe in any marketing email. |
4. How we use your personal data
We use your personal data for the following purposes:
- To provide accounting, tax, bookkeeping, payroll and related professional services under your engagement letter.
- To communicate with you about your engagement including sending you documents, requests for information and engagement correspondence.
- To comply with our legal and regulatory obligations including anti-money laundering checks, HMRC and Companies House filings, and ACCA regulatory requirements.
- To send you service-related updates such as changes to tax legislation, filing deadlines or HMRC guidance relevant to your affairs. These communications are sent on the basis of legitimate interests and are not marketing.
- To send you marketing communications only where you have given explicit consent or where we have an existing client relationship and you have not opted out.
- To operate, maintain and improve this website using technical data.
- To prevent and detect fraud and financial crime.
- To manage our business records, billing and administration.
5. Who we share your data with
We do not sell your personal data. We share personal data only where necessary and under appropriate contractual safeguards. Recipients may include:
5.1. Regulatory bodies and government authorities
- HMRC for tax returns, VAT filings, PAYE submissions and other regulatory filings made on your behalf.
- Companies House for annual accounts, confirmation statements and other statutory filings.
- ACCA in connection with our regulatory obligations as an ACCA-regulated firm.
- Other regulators where required by law or court order.
5.2. Technology and service providers
We use the following categories of software provider to deliver our services, each acting as a data processor under written data processing agreements:
| Category | Examples | Purpose |
|---|---|---|
| Cloud accounting | Xero, QuickBooks Online, FreeAgent | Bookkeeping and accounts preparation |
| Practice management | IRIS Elements, TaxCalc, Engager | Tax return preparation and client management |
| Payroll software | BrightPay Cloud | Payroll processing and RTI submissions |
| Company secretarial | Inform Direct | Companies House filings |
| Cloud storage | Google Workspace | Secure document and file storage |
| Communications | Microsoft Outlook, Google Workspace | Email and document sharing |
| Website hosting | Next.js / hosting provider | Website operation |
5.3. Professional advisers and business transfers
We may share data with our legal advisers, insurers and auditors where necessary for the operation of our practice, subject to confidentiality obligations.
In the event of a merger, acquisition or sale of the practice, your personal data may be transferred to the successor entity. We will notify you in advance and ensure the same standard of protection continues to apply.
5.4. Overseas contractors
Some of our professional work is carried out by authorised contractors based outside the United Kingdom, recruited and controlled directly by us, based in Pakistan, who assist with bookkeeping, accounts preparation, payroll processing, administrative tasks and other professional work under our direct supervision and instruction.
These personnel are subject to confidentiality obligations and are permitted to access client data solely to the extent necessary to carry out the work we assign to them. Access is provided through the same secure cloud-based systems used by our UK team including Google Drive and cloud accounting platforms, and is subject to the same access controls and security standards described in section 8 of this policy.
We have taken steps to ensure that appropriate contractual safeguards are in place governing the processing of personal data, in accordance with our obligations under UK GDPR Article 28. The transfer of personal data to Pakistan in connection with this arrangement is covered by the international transfer safeguards described in section 6 below.
If you have any concerns about the processing of your data by our overseas contractors, please contact us at sales@countify.co.uk.
6. International transfers
Some of our software providers and authorised contractors operate outside the United Kingdom. Where your personal data is transferred outside the UK, whether to software infrastructure or to our overseas contractors, we ensure that appropriate safeguards are in place as required by UK GDPR Chapter V.
In particular, personal data processed by our Pakistan-based contractors involves a transfer to a country that does not currently benefit from a UK adequacy decision. We address this through contractual safeguards as described below.
The transfer mechanisms we rely on include:
- International Data Transfer Agreements (IDTAs), the UK Government-approved standard contractual clauses for transfers to countries without a UK adequacy decision. This mechanism covers transfers to our Pakistan-based contractors.
- UK adequacy regulations where the ICO has determined that the destination country provides an adequate level of protection, for example transfers to EEA countries covered by UK adequacy decisions.
- UK GDPR Article 49 derogations in limited circumstances, where one of the specific derogations applies, for example where the transfer is necessary for the performance of a contract with you.
You may request further information about the specific safeguards in place for any particular transfer by contacting us at sales@countify.co.uk.
7. How long we keep your data
We retain personal data for as long as necessary for the purposes for which it was collected and to comply with our legal and regulatory obligations. Our standard retention periods are as follows:
| Data type | Retention period | Basis |
|---|---|---|
| Client accounting and tax records | 6 years from end of engagement | HMRC and ACCA retention requirements |
| Anti-money laundering records | 5 years from end of business relationship | Money Laundering Regulations 2017 |
| Payroll records | 3 years from end of tax year (HMRC minimum) | Income Tax (PAYE) Regulations 2003 |
| Companies House filing records | 6 years from date of filing | Companies Act 2006 |
| Prospective client enquiries (non-converting) | 12 months from date of enquiry | Legitimate interests - sufficient to follow up |
| Marketing contact data (consented) | Until consent is withdrawn or unsubscribed | Consent-based - withdrawn on request |
When data is no longer required we delete or destroy it securely in accordance with our data destruction procedures.
8. How we keep your data secure
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration. These measures include:
- All client data is stored in encrypted, password-protected cloud systems with role-based access controls. Only staff who need access to your data for service delivery purposes can access it.
- We use industry-standard cloud accounting and practice management platforms with their own security certifications, including Xero, QuickBooks, IRIS Elements and BrightPay Cloud, all of which maintain ISO 27001 or equivalent security standards.
- Staff access to client systems is controlled through individual user accounts with strong password requirements and, where available, two-factor authentication.
- We do not transmit sensitive client documents by unencrypted email where secure alternatives are available.
- Physical access to our office premises is restricted.
While we take all reasonable steps to protect your personal data, no system is completely secure. If you believe your personal data has been compromised, please contact us immediately at sales@countify.co.uk.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it and, where required, notify you directly.
9. Cookies
Our website uses limited cookies and similar technologies to ensure the website functions correctly and to support basic site preferences. For full details of the cookies we use, what they do and how to manage your preferences, please read our Cookies Policy at www.countify.co.uk/cookies.
10. Your rights under UK GDPR
You have the following rights in relation to your personal data. To exercise any of these rights please contact us at sales@countify.co.uk. We will respond within one month of receiving your request.
| Right | What it means |
|---|---|
| Right of access | You have the right to request a copy of the personal data we hold about you, known as a Subject Access Request. We will provide this free of charge within one month. |
| Right to rectification | You have the right to ask us to correct any inaccurate personal data we hold about you, or to complete any incomplete data. |
| Right to erasure | You have the right to ask us to delete your personal data in certain circumstances, for example where we no longer need it and are not required by law to retain it. |
| Right to restriction | You have the right to ask us to restrict how we use your data in certain circumstances, for example while a dispute about accuracy is resolved. |
| Right to object | You have the right to object to our processing of your data where we rely on legitimate interests or where we use it for direct marketing. We will stop processing unless we have compelling legitimate grounds that override your interests. |
| Right to portability | Where we process your data by automated means on the basis of contract or consent, you have the right to receive your data in a structured, machine-readable format. |
| Right to withdraw consent | Where we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. |
11. Automated decision-making
We do not use automated decision-making or profiling, including by artificial intelligence, that produces legal or similarly significant effects on you. All decisions affecting your affairs are made by our qualified professional staff.
12. Children
Our services are directed at businesses and adults. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected personal data from a child, please contact us at sales@countify.co.uk and we will delete it promptly.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the services we provide. The "Last reviewed" date at the top of this page shows when the policy was last updated. We encourage you to review this page periodically.
Where changes are material, we will take reasonable steps to notify you, for example by email to clients or by a prominent notice on the website.
14. How to contact us and make a complaint
If you have any questions about this Privacy Policy, wish to exercise any of your rights or have a concern about how we handle your personal data, please contact us:
- sales@countify.co.uk
- Post
- Countify Privacy Team, 3rd Floor, St. Georges Building, 5 St. Vincent Place, Glasgow, G1 2DH
- Telephone
- 07515 646845
- For the attention of
- Kamran Ishaq FCCA, Director
We will acknowledge your request within 5 business days and respond in full within one month.
Right to complain to the ICO
If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
- Website
- www.ico.org.uk
- Telephone
- 0303 123 1113
- Post
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns directly before you contact the ICO, but you are entitled to raise a complaint with the ICO at any time.
End of Privacy Policy - countify.co.uk