🔒 Privacy Policy

TaxFilingUK.com is operated by Srini ACA, trading as TaxFilingUK.com. For the purposes of UK GDPR and the Data Protection Act 2018, we are the Data Controller of your personal data.

To provide our accounting and tax filing services effectively, we may collect the following types of information:

• Personal Data: Name, email address, phone number
• Financial Documents: Bank statements, invoices, receipts, expense records
• Tax Information: Unique Taxpayer Reference (UTR), National Insurance (NI) number, residential and correspondence address
• Technical Data: IP address, browser type, device information, usage data and metadata

Your data is used exclusively for legitimate business purposes in accordance with UK data protection laws. We process your data on the following lawful bases:

Typical uses of your data include:

• Tax Return Preparation: Preparing and filing accurate self-assessment tax returns, corporate tax returns, VAT and payroll returns
• HMRC Communication: Submitting returns and corresponding with HM Revenue & Customs on your behalf (with proper authorization)
• Customer Service: Responding to inquiries, providing support, and maintaining client relationships
• Compliance & Record-Keeping: Maintaining statutory records as required by accounting, tax and professional regulations
• Service Improvement: Analyzing anonymised or aggregated usage data to enhance our offerings and user experience

We do not sell your personal data. However, to provide our services effectively, we may share your information with trusted third parties in the following circumstances:

• HM Revenue & Customs (HMRC): When you authorize us to act as your tax agent, we submit tax returns and communicate with HMRC on your behalf
• Subcontracted Accountants: In some cases, work may be delegated to qualified accountants or staff bound by strict confidentiality agreements
• Technology Service Providers: Secure platforms such as Stripe (payment processing), Capium, Xero, QuickBooks, FreeAgent and cloud hosting providers used to deliver our services
• Professional advisers & Legal Authorities: Our insurers, regulators, or law enforcement where required by law or to protect against fraud and illegal activities

Some of our technology service providers may store or process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as UK International Data Transfer Agreements or standard contractual clauses, to protect your personal data.

We take your data security seriously and employ industry-standard security measures:

• Encryption: All data is encrypted in transit using HTTPS/TLS, and stored on secure, GDPR-compliant cloud infrastructure with encryption at rest
• Secure Servers: Regular backups, monitored access and secure data centres
• Access Controls: Role-based access restrictions and multi-factor authentication (MFA) for administrative access
• Regular Reviews: Periodic security checks and updates to maintain best practice

We use cookies and similar tracking technologies to improve your experience on our website:

• Essential Cookies: Required for website functionality, security and login. These are always active and do not require consent.
• Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). These are used only with your consent.
• Marketing Cookies: Used to deliver relevant ads and measure the effectiveness of our campaigns (e.g., Google Ads, Meta/Facebook pixel). These are also used only with your consent.

Under UK GDPR and Data Protection Act 2018, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data, subject to statutory retention obligations
• Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format and/or ask us to transfer it to another controller
• Right to Object: Object to certain processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time

To exercise any of these rights, please contact us using the details provided at the end of this policy. We may need to verify your identity before responding to your request.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

When we make significant changes, we will:

• Post the updated policy on this page with a revised "Effective Date"; and
• Notify existing clients via email or through our platform if the changes materially affect your rights

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us: