Privacy Policy

  1. Purpose of this notice

In the course of its business, the Firm needs to gather and use certain information about individuals. This will include clients, prospective clients, suppliers and other business contacts, and employees and prospective employees, as well as other people that we have a relationship with, may need to contact, or with whom we need to deal.

This policy describes how this personal data must be collected, processed, transferred, handled and stored in order to meet the requirements of data protection law, in particular the General Data Protection Regulation (GDPR).

The procedures and principles set out below must be followed at all times by the Firm, its employees and all those within its scope as set out below.

  1. About Us

Morris Accountancy Services Limited are independent chartered accountants. We are registered in England and Wales as a company under number: 10982390 and our registered office is at 18 Worsley Crescent, Offerton, Stockport, SK2 6AE.

For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. In relation to the majority of our data, we are data controllers, although where we are responsible for, for example, looking after a client’s payroll, they are the data controller and we are ‘data processors’. A data processor means ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’. Our responsibilities as data processors are dealt with later in the policy.

  1. How we may collect your personal data

Most of the personal information we process is provided to us directly by you via email, telephone, post (or social media) and website forms, for one of the following reasons:

  • to enable us to provide a quote in respect of the services we provide;
  • to enable us to supply professional services to you as our client;
  • for the administration of employment contacts;
  • to comply with our legal obligations in relation to tax and money laundering;
  • to comply with professional obligations to which we are subject as a member of the Association of Chartered Certified Accountants.
  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
  • To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.

We also collect your personal information from third parties and/or publicly available resources (for example, from your employer or from Companies House).

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can “remember” you on your return visit.

We don’t collect or store your personal information (for example, your name or address) so this information can’t be used to identify who you are. The cookies simply enable us to see behaviour on the website to help us improve your experience. 

  1. The kind of information we hold about you

The information we hold about you may include the following:

  • your personal details (such as your name and/or address);
  • details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
  • details of any services you have received from us;
  • our correspondence and communications with you;
  • Financial data which may include your bank account details;
  • information about any complaints and enquiries you make to us;
  • information from research, surveys, and marketing activities;
  • information we receive from other sources, such as publicly available information, information provided by your employer OR our clients.

We do not collect any Sensitive Data about you. Sensitive data concerns a person’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics used for identification purposes, health, sex life or sexual orientation.

  1. How we use personal data we hold about you

We may process your personal data for purposes necessary for the performance of our contract with you OR your employer and to comply with our legal obligations.

This may include processing your personal data as data processors, where you are an employee, subcontractor, supplier or customer of our client. We do not expect to receive any data which is sensitive personal data and we will only process the personal data provided in accordance with the data controller’s instructions and our contract with them. We do not disclose the data or transfer it to any third party without the explicit permissions of the data controller, unless we are legally obliged to do so.

We may process your personal data for the purposes of legitimate interests, except where those interests are overridden by the fundamental rights and freedoms which require the protection of personal data. This includes management purposes and defending or investigating claims.

If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.

You may receive marketing communication from us via email. You have the right to withdraw consent to marketing at any time by emailing us at

Data retention
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for.

For tax purposes records must be kept as follows:

  • Tax return information must be retained for 7 years from the end of the tax year to which the information relates.
  • where ad hoc advisory work has been undertaken it is our policy to retain information for 7 years from the date the business relationship ceased
  • where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but will be deleted 7 years after the end of the
    business relationship unless you as our client ask us to retain it for a longer period.

Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

  1. Data sharing

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. If you ask us not to share your personal data with such third parties we may need to cease to act.

“Third parties” includes third-party service providers and other members of our firm’s network:

  • HMRC
  • Tax Insurance providers
  • Professional indemnity insurers
  • ACCA
  • Any third party with whom you require or permit us to correspond
  • An alternate appointed by us in the event of incapacity or death
  • Accounting software providers such as Xero, Quickbooks and Moneysoft
  • The police and law enforcement agencies
  • Courts and tribunals
  • The Information Commissioner’s Office

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

  1. Transferring personal data outside the European Economic Area (EEA)

Your personal data will be processed in the UK only.

  1. Data Security

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Procedures are in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

  1. Rights of Access, Correction, Erasure and Restriction

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below. We will rectify the information within one month of the request. Occasionally it may take us longer than a month if your request is particularly complex, we will notify you and keep you updated.

Under certain circumstances, by law you have the right to:

  • Access and obtain a copy of your data on request.
  • Request correction of the personal data we hold.
  • Request us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing of your personal data where we are relying on a legitimate interest as the legal ground for processing.

If you want to exercise any of the above rights, please email our data protection point of contact on

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

  1. Changes to this notice

Any changes we may make to our privacy notice in the future will be provided to you via a notice on our website.

This privacy notice was last updated on 05 May 2021.

  1. Contact us

If you have any questions or would like to speak to us about the manner in which we process your personal data, please email Vanessa Morris on

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. ICO registration number: ZA849919