Privacy Policy

1. Who We Are

Garnvale Ltd is a UK-based accountancy practice operated by Andreea Solcoci, based in Rugby, Warwickshire. We are the data controller for the personal information we collect about you.

We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact for data matters: privacy@garnvale.co.uk

2. What Data We Collect

The data we collect depends on how you interact with us. We only ever collect what we genuinely need.

When you visit our website

• Technical data: IP address, browser type, device type, pages visited (via essential cookies)
• Form data: anything you voluntarily enter in our contact, booking or sign-up forms

When you become a client

• Identity data: full name, date of birth, address, photo ID for AML/KYC checks
• Contact data: email, phone number, postal address
• Financial data: bank statements, invoices, receipts, tax records, payroll information
• Business data: Companies House records, VAT numbers, UTR numbers, Government Gateway credentials (held securely)
• Communication data: emails, messages, call notes

3. How We Use Your Data

We use your personal data to:

• Provide the accounting services you've engaged us for
• Prepare and file your tax returns, VAT, CIS and statutory accounts
• Act as your HMRC agent for tax matters
• Comply with our legal obligations (AML, tax law, professional standards)
• Respond to your enquiries and provide customer support
• Send service updates, deadline reminders and important notices
• Improve our website and services

We do not use your data for marketing without your explicit consent. We do not sell your data to third parties under any circumstances.

4. Legal Basis for Processing

Under UK GDPR, we rely on these lawful bases:

5. Sharing Your Data

We only share your data with carefully selected parties needed to deliver our service:

• HMRC — for tax filings, VAT returns, CIS, payroll RTI
• Companies House — for statutory accounts and confirmation statements
• Xero — our primary accounting software (UK GDPR compliant)
• GoCardless — for processing your Direct Debit subscription payments
• Professional advisors — solicitors or tax specialists, only with your prior consent
• Law enforcement — only where legally required

All third parties are bound by their own UK GDPR obligations and we have data processing agreements where required.

6. How Long We Keep It

7. Your Rights

Under UK GDPR, you have the right to:

• Be informed — about how we use your data (this policy)
• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion (subject to legal retention requirements)
• Restrict processing — in certain circumstances
• Data portability — receive your data in a transferable format
• Object — to certain types of processing
• Withdraw consent — at any time, where consent is the basis
• Complain to the ICO — at ico.org.uk or 0303 123 1113

To exercise any of these rights, email privacy@garnvale.co.uk. We respond within 30 days.

8. Security

We take data security seriously. Your data is protected by:

• 256-bit encryption in transit and at rest
• Two-factor authentication on all client systems including Xero
• Encrypted password management
• Regular security audits and updates
• Access limited to authorised personnel only
• Secure UK-based and EU-based cloud infrastructure

9. Cookies

Our website uses minimal cookies. We use essential cookies for site functionality (like remembering your language preference) and basic analytics. See our full Cookie Policy for details.

10. Changes & Contact

We may update this policy from time to time. The "Last updated" date at the top will reflect changes. Material changes will be notified to existing clients via email.

Questions or data requests:

• Email: privacy@garnvale.co.uk
• Post: Garnvale Ltd, Rugby, Warwickshire, United Kingdom
• ICO: ico.org.uk/make-a-complaint