Our Privacy Policy
Last Updated: February 2026
In The Loop Accounts Ltd ("In The Loop Accounts", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website or engage our accounting services.
We are a company registered in England and Wales and act as the data controller for the personal data we process. This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws where we serve clients outside the UK.
1. Information We Collect
We collect and process the following categories of personal data:
1.1 Client Information
When you engage our accounting services, we collect:
Personal identification information (name, address, date of birth, contact details)
Business information (company name, registration details, VAT numbers, business structure)
Financial information (bank account details, income and expense records, invoices, receipts, tax information)
Employment information (payroll data, pension details, employment status)
Tax-related information (National Insurance numbers, tax codes, UTR numbers)
Any other information necessary to provide accounting, bookkeeping, tax preparation, or related services
1.2 Website Visitors
When you visit our website, we may collect:
Technical information (IP address, browser type, operating system, device information)
Usage data (pages visited, time spent on pages, navigation patterns)
Information submitted through contact forms (name, email, phone number, enquiry details)
1.3 Communications
We collect information from our communications with you, including emails, phone calls, video conferences, and any documentation or correspondence exchanged during the provision of our services.
2. How We Use Your Information
We use your personal data for the following purposes:
Service Delivery: To provide accounting, bookkeeping, tax preparation, payroll, and related services as agreed in our engagement letter
Legal and Regulatory Compliance: To comply with legal obligations including anti-money laundering checks, tax reporting requirements, and professional standards set by accounting bodies
Client Communication: To communicate with you about your account, respond to enquiries, and provide updates on regulatory changes that may affect you
Website Improvement: To analyse website usage and improve our online services and content
Marketing (with consent): To send you newsletters, updates, and information about our services where you have consented to receive such communications
Business Operations: To maintain our business records, manage client relationships, and improve our services
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Contractual Necessity: Processing is necessary to perform our contract with you and deliver the accounting services you have engaged us for
Legal Obligation: Processing is required to comply with legal obligations, including tax law, anti-money laundering regulations, and professional standards
Legitimate Interests: Processing is necessary for our legitimate business interests, such as maintaining business records, preventing fraud, and improving our services, provided these interests do not override your rights
Consent: Where we have obtained your explicit consent, such as for marketing communications
4. How We Share Your Information
We may share your personal data with the following third parties:
Government Authorities: HM Revenue & Customs (HMRC), Companies House, pension regulators, and other tax or regulatory authorities as required by law
Service Providers: Third-party service providers who assist us in delivering our services, such as cloud storage providers, accounting software platforms, payroll processors, and IT support services
Professional Advisors: Legal advisors, auditors, and other professional consultants where necessary for our business operations or to comply with legal obligations
Banks and Financial Institutions: Where necessary to process payments or comply with anti-money laundering requirements
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
We require all third parties to maintain appropriate security measures and to process personal data only as instructed by us and in compliance with applicable data protection laws.
5. International Data Transfers
We serve clients globally and may transfer personal data to countries outside the UK and European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place:
We only transfer data to countries deemed to have adequate data protection by the UK government, or
We use Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or
We obtain your explicit consent for the transfer
Some of our service providers may be located outside the UK, including cloud storage and software providers. We ensure these providers maintain appropriate security standards and comply with data protection requirements.
6. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, or disclosure. Our security measures include:
Encryption of data in transit and at rest
Secure file transfer protocols for document exchange
Password protection and multi-factor authentication
Regular security assessments and updates
Restricted access to personal data on a need-to-know basis
Staff training on data protection and confidentiality
While we implement robust security measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you promptly of any data breach that may affect your rights.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements:
Client Records: We retain client records for a minimum of 6 years after the end of our engagement, in accordance with professional accounting standards and UK tax law requirements
Tax Returns and Supporting Documentation: Retained for at least 6 years from the end of the relevant tax year, or longer if required by law
Anti-Money Laundering Records: Retained for 5 years after the end of our business relationship
Website Enquiries: Contact form submissions retained for up to 2 years unless a client relationship is established
Marketing Communications: Retained until you withdraw consent or we determine the data is no longer relevant
After the retention period expires, we securely delete or anonymise your personal data unless we are required to retain it for legal, regulatory, or legitimate business purposes.
8. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data, subject to legal and regulatory retention requirements
Right to Restriction: Request restriction of processing in certain circumstances
Right to Data Portability: Request transfer of your data to another service provider in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis
Please note that certain rights may be limited where we have legal or regulatory obligations to retain or process your data. For example, we cannot delete client records during the mandatory retention period required by law.
To exercise any of these rights, please contact us using the details in Section 12.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse website traffic. Cookies are small text files stored on your device that help us:
Remember your preferences and settings
Understand how you use our website
Improve website functionality and content
You can control cookie settings through your browser preferences. However, disabling cookies may affect the functionality of our website. For more information about the cookies we use, please refer to our Cookie Policy.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy and, where appropriate, by email or through a notice on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
In The Loop Accounts Ltd
Email: chris@intheloopaccounts.com
Website: www.intheloopaccounts.com
Address: Formal House, 60 St George's Pl, Cheltenham GL50 3PN, United Kingdom
13. Complaints
If you believe we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
We encourage you to contact us first so we can address your concerns directly.
In The Loop Accounts Ltd ("In The Loop Accounts", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website or engage our accounting services.
We are a company registered in England and Wales and act as the data controller for the personal data we process. This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws where we serve clients outside the UK.
1. Information We Collect
We collect and process the following categories of personal data:
1.1 Client Information
When you engage our accounting services, we collect:
Personal identification information (name, address, date of birth, contact details)
Business information (company name, registration details, VAT numbers, business structure)
Financial information (bank account details, income and expense records, invoices, receipts, tax information)
Employment information (payroll data, pension details, employment status)
Tax-related information (National Insurance numbers, tax codes, UTR numbers)
Any other information necessary to provide accounting, bookkeeping, tax preparation, or related services
1.2 Website Visitors
When you visit our website, we may collect:
Technical information (IP address, browser type, operating system, device information)
Usage data (pages visited, time spent on pages, navigation patterns)
Information submitted through contact forms (name, email, phone number, enquiry details)
1.3 Communications
We collect information from our communications with you, including emails, phone calls, video conferences, and any documentation or correspondence exchanged during the provision of our services.
2. How We Use Your Information
We use your personal data for the following purposes:
Service Delivery: To provide accounting, bookkeeping, tax preparation, payroll, and related services as agreed in our engagement letter
Legal and Regulatory Compliance: To comply with legal obligations including anti-money laundering checks, tax reporting requirements, and professional standards set by accounting bodies
Client Communication: To communicate with you about your account, respond to enquiries, and provide updates on regulatory changes that may affect you
Website Improvement: To analyse website usage and improve our online services and content
Marketing (with consent): To send you newsletters, updates, and information about our services where you have consented to receive such communications
Business Operations: To maintain our business records, manage client relationships, and improve our services
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Contractual Necessity: Processing is necessary to perform our contract with you and deliver the accounting services you have engaged us for
Legal Obligation: Processing is required to comply with legal obligations, including tax law, anti-money laundering regulations, and professional standards
Legitimate Interests: Processing is necessary for our legitimate business interests, such as maintaining business records, preventing fraud, and improving our services, provided these interests do not override your rights
Consent: Where we have obtained your explicit consent, such as for marketing communications
4. How We Share Your Information
We may share your personal data with the following third parties:
Government Authorities: HM Revenue & Customs (HMRC), Companies House, pension regulators, and other tax or regulatory authorities as required by law
Service Providers: Third-party service providers who assist us in delivering our services, such as cloud storage providers, accounting software platforms, payroll processors, and IT support services
Professional Advisors: Legal advisors, auditors, and other professional consultants where necessary for our business operations or to comply with legal obligations
Banks and Financial Institutions: Where necessary to process payments or comply with anti-money laundering requirements
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
We require all third parties to maintain appropriate security measures and to process personal data only as instructed by us and in compliance with applicable data protection laws.
5. International Data Transfers
We serve clients globally and may transfer personal data to countries outside the UK and European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place:
We only transfer data to countries deemed to have adequate data protection by the UK government, or
We use Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or
We obtain your explicit consent for the transfer
Some of our service providers may be located outside the UK, including cloud storage and software providers. We ensure these providers maintain appropriate security standards and comply with data protection requirements.
6. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, or disclosure. Our security measures include:
Encryption of data in transit and at rest
Secure file transfer protocols for document exchange
Password protection and multi-factor authentication
Regular security assessments and updates
Restricted access to personal data on a need-to-know basis
Staff training on data protection and confidentiality
While we implement robust security measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you promptly of any data breach that may affect your rights.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements:
Client Records: We retain client records for a minimum of 6 years after the end of our engagement, in accordance with professional accounting standards and UK tax law requirements
Tax Returns and Supporting Documentation: Retained for at least 6 years from the end of the relevant tax year, or longer if required by law
Anti-Money Laundering Records: Retained for 5 years after the end of our business relationship
Website Enquiries: Contact form submissions retained for up to 2 years unless a client relationship is established
Marketing Communications: Retained until you withdraw consent or we determine the data is no longer relevant
After the retention period expires, we securely delete or anonymise your personal data unless we are required to retain it for legal, regulatory, or legitimate business purposes.
8. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data, subject to legal and regulatory retention requirements
Right to Restriction: Request restriction of processing in certain circumstances
Right to Data Portability: Request transfer of your data to another service provider in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis
Please note that certain rights may be limited where we have legal or regulatory obligations to retain or process your data. For example, we cannot delete client records during the mandatory retention period required by law.
To exercise any of these rights, please contact us using the details in Section 12.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience and analyse website traffic. Cookies are small text files stored on your device that help us:
Remember your preferences and settings
Understand how you use our website
Improve website functionality and content