Flower Banner Image.

GDPR & Privacy Policy.

Find out more about our GDPR and privacy policy below and gain a comprehensive understanding of how we handle and protect your information. Our commitment to safeguarding your privacy is reflected in our GDPR compliance, outlining the measures we employ to ensure the secure processing and storage of personal data.

GDPR & Your Privacy

Privacy Policy (GDPR)

Version 1.8 | Dated: 14 March 2024

For all GDPR related matters please contact us by any of the means below:

By Mail: Richard McNeilly, Chief Executive Officer, Dains Accountants Limited, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX. By Email: privacy


Our business is made up of different legal entities, details of which can be found below ("Dains Group"). This privacy policy is issued on behalf of the Dains Group so when we mention "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Dains Group responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us via our engagement terms or otherwise in writing.

  • Dains Accountants Limited registered in England and Wales. Registered Company number 13775282. Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Dains Audit Limited – Registered in England and Wales. Registered Company number 13775287.  Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Dains Probate Limited - Registered Company number 15094778. Registered office 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • HSKS Greenhalgh Ltd Company number 07686667. Registered office: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • HSKSG Audit Limited, Company number is 12612063. Registered office: Dains 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Isosceles Finance Limited - Registered in England and Wales. Registered Company number: 03610160. Registered office One, High Street, Egham, UK, TW20 9HJ.

  • William Duncan + Co (Group) Limited registered in Scotland. Registered Company number: SC706241. Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY.

  • William Duncan + Co Limited registered in Scotland. Registered Company number: SC465227. Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY. William Duncan + Co (Audit) Limited registered in Scotland. Registered Company number: SC739965. Registered office Ellersley House, 30 Miller Road, Ayr KA7 2AY.

  • William Duncan (Business Recovery) Ltd registered in Scotland. Registered Company number: SC413558. Registered office – 18 Bothwell Street Glasgow G2 6NU.

  • Opto Group Limited Company Number 11735424. Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Lavat Consulting Limited trading as PSTAX. Company Number 04810070, Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX

  • S3TAX Limited trading as S3Tax.  Company Number 13882665. Registered office address: Dains, 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Magma Partners Limited Company Number 10498735. Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Magma Audit LLP Company Number OC370086: Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • Magma Trusts & Estates Limited, Company Number 09425334. Registered office: 2 Chamberlain Square, Paradise Circus, Birmingham, B3 3AX.

  • McInerney Saunders Audit Limited Company number 747740. Registered office: 38 Main Street, Swords, Dublin, Ireland.

  • McInerney Saunders Professional Services Limited Company number 747730. Registered office: 38 Main Street, Swords, Dublin, Ireland.

  • McInerney Saunders Chartered Accountants Company Number 255322. Registered office: 38 Main Street, Swords, Dublin, Ireland.

If any member of the Dains Group processes your data in a way that is different to that set out in this policy then that member will notify you separately in writing.

Where we process personal data other than in connection with an engagement, for example if you provide us details via our website then the Data Controller will be Dains Accountants Limited.

The privacy policy explains how we use any personal information we collect about you when you use this website and our wider services. Further information in relation to job applicant privacy can be found here.

Glossary of Terms

What is personal data?

Personal data relates to any information about a living person that makes you identifiable which may include (but is not limited to):

  • Names and contact information eg addresses, emails and telephone numbers

  • National Insurance Numbers

  • Employment history

  • Employee numbers

  • Credit History

  • Personal taxation information

  • Payroll and accounting data

What are “special categories” of personal data?

Special category data is sensitive personal data including:

  • Medical conditions

  • Religious or philosophical beliefs and political opinions

  • Racial or ethnic origin

  • Sex life or sexual orientation

  • Political opinions and trade union membership

  • Genetic data

  • Biometric data

What is a Data Controller?

The “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

What is a Data Processor?

A “data processor” is a person or organisation which processes personal data for the controller.

What is Data Processing?

Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of this include: staff management and payroll administration; access to/consultation of a contacts database containing personal data; shredding documents containing personal data; sending promotional emails; using a photo of a person on a website; storing IP or MAC addresses; or video recording (CCTV). 

What do we mean by Business Clients?

Public Limited Companies, Private Limited Companies, LLP incorporated partnerships, trusts and foundations, local authorities and government institutions.

What do we mean by Consumer Clients?

Private clients, individuals, sole traders, unincorporated partnerships, trusts and foundations.

What is a lawful basis?

In order to process personal data there must be a lawful basis to do so.  The following lawful bases are relevant to us:

Legitimate interest: means the interest of an organisation in conducting and managing its business. In assessing whether an interest is legitimate, an organisation must ensure that it considers and balances any potential impact on the data subject (both positive and negative) and the data subject's rights before it process personal data for those interests. An organisation should not use personal data for activities where its interests are overridden by the impact on the data subject (unless it has consent from the data subject or is otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract: means processing of personal data where it is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into such a contract.

Comply with a legal obligation: means processing personal data where it is necessary for compliance with a legal obligation that a party is subject to.

What are Cookies?

Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information.  This information is then used to track visitor use of the website and to create statistical reports on website activity.  For more information visit www.aboutcookies.org or www.allaboutcookies.org.

What information do we collect about you and how?

We as a Data Controller, are bound by the requirements of the UK General Data Protection Regulations (UK GDPR).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Contact Data includes billing address, delivery address, email address and telephone numbers.

  • Financial Data includes bank account and payment card details.

  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. Please see the sections below on IP addresses and link tracking for more information.

  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Usage Data includes information about how you use our website, products and services.

  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature or service. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We collect Criminal Offence Data as follows:

  • in connection with job applications in accordance with our Job Applicant Privacy Policy; and

  • for forensic accounting cases, where required by: the police, the insolvency service or other competent authority and which is necessary for the administration of justice, preventing or detecting unlawful acts, or protecting the public against dishonesty.  In these circumstances we would be unable to obtain your consent as it may prejudice the work of the police, the insolvency service or other competent authority.   

We do not collect any Special Categories of Personal Data about you (unless you apply for a job with us, in which case we explain what Special Category data we collect in our Job Applicant Privacy Policy..

If You Fail To Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service we are providing to you, but we will notify you if this is the case at the time.

How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

    • enquire about or request our services;

    • create an account or fill in a form on our website;

    • sign up to an event we are organising;

    • subscribe to our service or publications;

    • enter a survey we have organised;

    • request marketing to be sent to you; or

    • give us feedback or contact us.

  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below for further details.

  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

Data from the following parties:

  • your employer with whom we have a business relationship;

  • analytics providers (please see the section on analytics below);

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.

When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes, they will not use your data for any purposes and will only hold the data in line with our policy on data retention.


You can set your browser not to accept cookies and the below websites tell you how to remove cookies from your browser.  Please note in a few cases some of our website features may not function because of this.

View our full cookie policy here.

How will we use the information about you and why?

We take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement, and supporting Schedules and for the purposes we have identified below.  We will only use this information subject to your instructions, data protection law and our duty of confidentiality.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

Please see the glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes For Which We Will Use Your Personal Data

We have set out below, a description of all the ways we plan to use your personal data.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

  • Updating and enhancing client records, including registering you or your business as a new client;

  • To provide services to you or your business, including the management of payments and charges, and collect and recover money owed to us;

  • Analysis for management purposes;

  • Carrying out credit checks in relation to you  and to detect and cut fraud.];

  • Completing statutory returns;

  • Legal and regulatory compliance, including anti-money laundering checks

  • Crime prevention;

  • To manage our relationship with you or your business including notifying you about changes to our terms or privacy policy; to send you updates on our business and areas of interest to you and to invite you to seminars and other events;

  • To administer and protect our business;

  • To deliver relevant website and other content to you;

  • To use data analytics to improve our website or services;

  • To make suggestions and recommendations to you about services that may be of interest to you. 

For Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”.  Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason, and we are not harming any of your rights and interests.

For Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods and services you have requested, or to fulfil obligations under an employment contract.  This also includes steps taken at your request before entering a contract.

Anti-money Laundering

We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport.  This data will only be processed for the purposes of preventing money laundering and terrorist financing,  as otherwise permitted by law or with your express consent.

Website Collected Data

We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services.  If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.

Creating Preferences

We may analyse your personal information to create a record of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively.

Sharing Data with Third Parties

We may share your information within the Dains group of companies where there is an appropriate reason to do this.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf.  However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, sub-contracted finance personnel, statutory compliance services, administration and processing services and marketing services.

All our group companies and third-party service providers are required to take appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

The UK GDPR allows personal data to be shared with law enforcement authorities (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions. The UK GDPR and the DPA 2018 allow for this type of data sharing where it is necessary, proportionate, and appropriately authorised.

We will not share your information for marketing purposes with companies so that they may offer you their products and services.

Transferring your information outside of the United Kingdom

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the UK.  Where we transfer your data to organisations inside the European Economic Area ("EEA") they are subject to similar protections as in the UK. 

Some of our third-party providers may be located outside of the UK and also outside of the EEA.  Where this is the case, we ensure a similar degree of protection is afforded to you by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or

  • Where we use certain service providers, we may use specific contracts approved for use in the UK and/or the EEA which give personal data the same protection it has in the UK and/or the EEA.

We will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. 

If you use our services while you are outside the UK or the EEA, your information may be transferred outside the UK or the EEA to give you those services.


Personal data



Google analytics & adwords

IP addresses, domains

The cloud

Signed data processing terms


Name, company, tel, emal, answers to form questions

Amazon Web Services for our hosting. The main servers are located in Virginia, USA and backup servers in Frankfurt, Germany.  Company is based in spain

EU SSC agreement




Name, company, tel, email, answers to form questions

Data stored in the US, hosted on AWS  Data is only stored for 7 days then deleted.

Signed data processing addendum


Name, Bank card number, bank account info, email, billing address

Standard contractual clauses & signed DPA addendum


A full list can be provided on request by contacting privacy@dains.com

 Security precautions in place about data collected

When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we take appropriate measures to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make appropriate effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.


We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and cut fraud and credit risk.

Marketing and Opting Out

We would like to send you information about our services which may be of interest to you.  You may opt out at any point as set out below.

You have a right at any time to stop us from contacting you for marketing purposes.  To opt out please email: [privacy@dains.com] or simply click the unsubscribe link at the bottom of the email.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service or other transactions.

How long will we hold your data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Contracted Services: We usually hold your data for 7 years in line with our regulatory requirements. However, there may be valid legislative reasons why we have to retain the information for longer.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please see below for more details:

Subject Access Requests (requesting access or correction of data)

If you would like a copy of some or all your personal information, please email or write to us using the details at the top of this document.  We will respond to your request within one month of receipt of the request.

We want to make sure your personal information is accurate and up to date.  You may ask us to correct or remove information you think is inaccurate by emailing or writing to the address at the top of this document.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Withdrawal of Consent

Where we hold data based on consent, individuals have a right to withdraw consent at any time.  To withdraw consent to our processing of your personal data please contact us using the details at the top of this document.

Objections to processing of personal data

It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply.  In some cases we may be able to deny your request where we have compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.

Request restriction of processing of personal data

This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data's accuracy.

  • Where our use of the data is unlawful but you do not want us to erase it.

  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Data Portability

It is also your right to receive the personal data which you have given to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

(a)    The processing is based on consent or on a contract, and

(b)    The processing is carried out by automated means.

Your Right to be Forgotten

Should you wish for us to completely delete all information that we hold about you please contact us using the details at the top of this document.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Other websites

Our website contains links to other websites which are not necessarily controlled or administered by us.  This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.


If you feel that your personal data has been processed in a way that does not meet the UK GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority.   The supervisory authority will then tell you of the progress and outcome of your complaint.  The supervisory authority in the UK is the Information Commissioner’s Office.

Changes to our Privacy Policy

We keep our privacy policy under regular review, and we will place any updates on this web page.  This privacy policy was last updated on 14 March 2024.

How to contact us

Please contact us if you have any questions about our privacy policy or information, we hold about you using the details at the top of the page