Privacy Notice
Last updated: July 2026
This Privacy Notice explains how Beyond The Moon Accountants Ltd collects, uses, stores and protects personal data.
Who we are
Organisation name: Beyond The Moon Accountants Ltd
Trading name: Submit My Accounts / Submitmyaccounts.co.uk
Company number: 14205278
Registered office: 269 Scott Ellis Gardens, London, England, NW8 9RT
Email: Team@submitmyaccounts.co.uk
ICO registration reference: ZC177883
Website: www.submitmyaccounts.co.uk
For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018, Beyond The Moon Accountants Ltd is usually the data controller for personal data processed in connection with the accountancy, tax, payroll, bookkeeping, advisory and related services we provide.
Where we process personal data strictly on behalf of another controller, for example where we process payroll information on a client’s instructions, we may act as a processor. Where this applies, our processing will be governed by our engagement terms or a separate data processing agreement.
1. About this Privacy Notice
The Data Protection Act 2018 and the UK General Data Protection Regulation impose legal obligations on organisations that process personal data.
This Privacy Notice explains:
-
what personal data we collect;
-
how we collect personal data;
-
why we use personal data;
-
the lawful bases we rely on;
-
who we may share personal data with;
-
how long we keep personal data;
-
your rights; and
-
how to contact us or complain.
We may update this Privacy Notice from time to time. The latest version will be made available on our website or provided to you on request.
2. Personal data we may collect
Depending on the services we provide to you, we may collect and process the following types of personal data:
-
your name, address, telephone number and email address;
-
date of birth;
-
National Insurance number;
-
Unique Taxpayer Reference;
-
HMRC references;
-
VAT registration details;
-
PAYE references;
-
Companies House details;
-
business and trading details;
-
bank account details;
-
income, expense and accounting records;
-
tax return information;
-
payroll information;
-
pension and employment information;
-
CIS information;
-
bookkeeping and VAT records;
-
identity documents and verification information required for anti-money laundering checks;
-
information about directors, shareholders, partners, employees, subcontractors and other individuals connected with your business;
-
correspondence between you and us;
-
information provided through our website contact forms, email, phone, social media or other communication channels;
-
information provided by third parties, such as HMRC, Companies House, previous accountants, payroll providers, bookkeeping software providers, employers, banks, solicitors, financial advisers or other professional advisers.
Where necessary for payroll, employment tax, statutory sick pay, statutory maternity pay or similar services, we may also process limited health-related information, such as sickness or absence information. We will only process this type of information where it is necessary and lawful to do so.
We do not usually collect criminal offence data unless it is necessary for a specific legal, regulatory or professional reason.
3. How we collect personal data
We may collect personal data:
-
directly from you;
-
from your business, employer, company, partnership or organisation;
-
from directors, employees, shareholders, subcontractors, suppliers or other people connected with your business;
-
from HMRC, Companies House or other public bodies;
-
from your previous accountant or adviser;
-
from bookkeeping, payroll, tax or accounting software;
-
from banks, lenders, solicitors, financial advisers or other professional advisers;
-
from our website, email, phone, social media, online forms or client onboarding process.
4. Why we use your personal data
We use personal data for the following purposes:
-
to respond to enquiries;
-
to onboard clients;
-
to carry out identity verification and anti-money laundering checks;
-
to provide accountancy, tax, bookkeeping, payroll, VAT, CIS, company secretarial, advisory and consultancy services;
-
to prepare and submit tax returns, accounts, VAT returns, payroll submissions and other filings;
-
to correspond with HMRC, Companies House and other relevant authorities;
-
to manage our relationship with you;
-
to invoice you and collect payment;
-
to maintain client records;
-
to comply with legal, regulatory and professional obligations;
-
to comply with our professional obligations, including as an ACCA member or practice where applicable;
-
to investigate or defend complaints, claims, disciplinary matters or legal proceedings;
-
to maintain professional indemnity insurance and deal with insurers where required;
-
to send service updates or information about similar services where permitted by law;
-
to improve our services and manage our business.
5. Lawful bases for processing
We rely on one or more of the following lawful bases when processing personal data:
Contract
We process personal data where this is necessary to take steps before entering into an engagement with you or to perform our contract with you. This includes providing accountancy, tax, bookkeeping, payroll, VAT, CIS and advisory services.
Legal obligation
We process personal data where necessary to comply with legal obligations. This includes obligations relating to tax law, company law, anti-money laundering rules, professional regulations, HMRC requirements and Companies House requirements.
Legitimate interests
We may process personal data where necessary for our legitimate interests, provided your rights and freedoms do not override those interests. Our legitimate interests include:
-
managing and improving our business;
-
keeping accurate client records;
-
recovering unpaid fees;
-
responding to enquiries;
-
preventing fraud;
-
defending legal claims;
-
dealing with complaints;
-
maintaining professional standards;
-
communicating with existing clients about similar services.
Consent
In limited circumstances, we may rely on your consent. For example, we may ask for consent before sending certain types of marketing communications. Where we rely on consent, you can withdraw your consent at any time.
Special category data
Where we process special category data, such as health information for payroll or statutory payment purposes, we will only do so where we have a lawful basis under UK GDPR and a relevant condition under data protection law.
6. What happens if you do not provide information
If you do not provide information we reasonably require, we may not be able to provide services to you.
For example, we may be unable to act for you if we cannot complete anti-money laundering checks, verify your identity, prepare tax returns, process payroll, maintain records or comply with legal and professional obligations.
7. Who we may share personal data with
We may share personal data with:
-
HMRC;
-
Companies House;
-
pension providers;
-
payroll providers;
-
bookkeeping, accounting and tax software providers;
-
cloud storage and IT service providers;
-
identity verification and anti-money laundering service providers;
-
banks, lenders or finance providers where authorised or required;
-
solicitors, barristers, financial advisers or other professional advisers;
-
previous or successor accountants;
-
subcontractors or consultants who assist us in providing services;
-
professional indemnity insurers;
-
tax fee protection or investigation insurance providers;
-
our professional body, including the Association of Chartered Certified Accountants, where applicable;
-
the Office for Professional Body Anti-Money Laundering Supervision, where applicable;
-
regulators, supervisory authorities or law enforcement agencies;
-
courts and tribunals;
-
the Information Commissioner’s Office;
-
any third party you ask us or authorise us to communicate with.
We will only share personal data where it is necessary, lawful and proportionate.
If you ask us not to share information with a third party where we are legally or professionally required to do so, we may not be able to continue acting for you.
8. International transfers
We generally aim to use UK-based or reputable service providers. However, some third-party software, cloud, email, storage, communication, identity verification, accounting or IT service providers may process or access personal data outside the UK.
Where personal data is transferred outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place. This may include relying on UK adequacy regulations, approved contractual protections or other safeguards permitted by data protection law.
9. How long we keep personal data
We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, tax, accounting, insurance and professional requirements.
Our normal retention periods are as follows:
Tax, accounts and compliance records
We usually retain tax, accounts and compliance records for at least six years from the end of the relevant tax year or accounting period.
Anti-money laundering records
We usually retain anti-money laundering records for five years after the end of the business relationship, unless a longer period is required or permitted by law.
Payroll records
We usually retain payroll records for at least six years, unless a different legal or professional retention period applies.
Advisory work
Where ad hoc advisory work has been carried out, we usually retain relevant records for six years from the end of the engagement.
Ongoing client relationships and permanent tax records
Where we have an ongoing client relationship, we may retain records that are needed for future tax, accounting or advisory work throughout the relationship and for a reasonable period afterwards. This may include capital gains tax base cost information, claims, elections, historic tax information, company records and other information that may be needed in the future.
Legal claims and disputes
Where records may be relevant to a complaint, dispute, investigation, claim or legal proceeding, we may retain them for longer where it is lawful and necessary to do so.
When personal data is no longer required, we will securely delete, destroy or anonymise it.
10. Security
We take reasonable steps to protect personal data from unauthorised access, loss, misuse, alteration or disclosure.
These steps may include:
-
secure IT systems;
-
password protection;
-
access controls;
-
cloud security controls;
-
secure client communication methods;
-
staff and subcontractor confidentiality obligations;
-
professional and technical safeguards.
No method of electronic transmission or storage is completely secure. However, we aim to use appropriate safeguards that reflect the nature of the information we process.
11. Marketing
We may contact existing clients about similar services where permitted by law.
We may also send marketing communications where you have consented to receive them.
You can opt out of marketing communications at any time by contacting us at Team@submitmyaccounts.co.uk.
We will not sell your personal data to third parties for marketing purposes.
12. Automated decision-making and profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
13. Your rights
Under data protection law, you may have the following rights:
-
the right to access personal data we hold about you;
-
the right to have inaccurate personal data corrected;
-
the right to have incomplete personal data completed;
-
the right to request erasure of personal data in certain circumstances;
-
the right to restrict processing in certain circumstances;
-
the right to object to processing in certain circumstances;
-
the right to data portability in certain circumstances;
-
the right to withdraw consent where we rely on consent;
-
the right to complain to the Information Commissioner’s Office.
These rights are not absolute and may be subject to legal, regulatory or professional restrictions.
14. Subject access requests
You have the right to request access to personal data we hold about you. This is known as a subject access request.
Please send subject access requests to Team@submitmyaccounts.co.uk.
To help us deal with your request, please provide enough information to allow us to identify you and locate the relevant data. We may ask for proof of identity where it is reasonable and necessary to do so.
We will normally respond within one month of receiving your request. If your request is complex or you have made several requests, we may extend the response period by up to a further two months. If we need to extend the time, we will tell you and explain why.
In some circumstances, we may be allowed or required to refuse all or part of a request. If this applies, we will explain the reason where we are permitted to do so.
15. Right to rectification
If you believe personal data we hold about you is inaccurate or incomplete, please contact us as soon as possible.
We will take reasonable steps to correct or complete the information where appropriate.
16. Right to erasure
In certain circumstances, you may ask us to delete personal data we hold about you.
We may not always be able to comply with such a request, for example where we need to retain information to comply with legal, tax, accounting, regulatory, professional, insurance or legitimate business requirements.
If we cannot comply with your request, we will explain why where we are permitted to do so.
17. Right to restrict processing and right to object
In certain circumstances, you may ask us to restrict the processing of your personal data or object to our use of it.
If you make such a request, we will consider it and respond in accordance with data protection law.
18. Right to data portability
In certain circumstances, you may have the right to receive personal data you have provided to us in a structured, commonly used and machine-readable format.
This right only applies where the processing is based on consent or contract and is carried out by automated means.
19. Withdrawal of consent
Where we rely on consent to process your personal data, you can withdraw that consent at any time.
Withdrawing consent will not affect the lawfulness of processing carried out before consent was withdrawn.
In some circumstances, we may still be able or required to process your personal data on another lawful basis, such as legal obligation or legitimate interests.
20. Where we act as processor
In some cases, we may process personal data on behalf of a client who is the controller. For example, this may apply where we process payroll data on the client’s instructions.
Where we act as processor, we will process the personal data only in accordance with the controller’s documented instructions, unless required by law to do otherwise.
We will also assist the controller, where appropriate, with data subject rights requests, security obligations, breach notifications and deletion or return of personal data at the end of the engagement.
21. Complaints
If you are unhappy with how we use your personal data, please contact us first so that we can try to resolve the matter.
You can contact us at Team@submitmyaccounts.co.uk.
You also have the right to complain to the Information Commissioner’s Office, which is the UK supervisory authority for data protection matters.
22. Changes to this Privacy Notice
We may update this Privacy Notice from time to time.
Any updated version will be made available on our website or provided to you on request.
This Privacy Notice was last updated in July 2026.

