DM Accounting & Consultancy Services

Privacy Policy

Privacy Notice

 

Thank you for your interest in DM Accounting & Consultancy Services.

 

1. Glossary

“we”, “our”, “us”: DM Accounting & Consultancy Services (trading name for Deshune Morrison)

ICO: Information Commissioner’s Office

UK GDPR: UK General Data Protection Regulation and the Data Protection Act 2018

General Corporate Operations: Fraud prevention, Security over our technology use; Debt Recovery; Maintaining and Improving effectiveness of Services, and Administration (including meeting our professional and legal obligations – examples include UK GDPR, AAT, UK AML, HMRC) following a balancing test to confirm your rights are not overridden.

Data: Refers to Personal Data as defined under GDPR, including any information that may directly or indirectly identify yourself being the data subject

“Data usage”, “Use data”, “Do with data”, phrases of the like: Refers to the collecting, using, storing, sharing, disclosure, protection of Personal Data.

AAT: Association of Accounting Technicians is an HM Treasury recognised accounting body which licenses our provision of accounting services in public practice, we are therefore regulated by AAT, in addition to the laws that governs England and Wales where relevant to our services.

UK AML: UK Anti-Money Laundering Regulations – Key laws: Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), Proceeds of Crime Act 2002, Terrorism Act 2000.

 

2. Who we are

Data controller: DM Accounting & Consultancy Services (trading name for Deshune Morrison)

ICO Registration Number: ZB933829

Contact Email: info@dm-acs.co.uk

 

3. Scope

This policy explains our general practices of our data usage. We are obliged to provide this information under UK GDPR.

Please review the following information carefully.

 

4. What data is used and why

We use the following types of data for the provision of our accounting and consultancy services, as well as our general corporate operations.

  • Identity verification and contact details: Name; Business and Residence Addresses; Phone Number; Email Address; Proof of identification and address documents (e.g. Passports; Driving Licences; Bank Statements; Source of Funding documentation; Source of Wealth documentation).
  • Business and financial information: Company registration details; Tax information; Bank Account Details; Invoices; Accounting Statement and Records; Payroll data.
  • Transactional and service records: Correspondence; Records of meeting and decisions; Service history; Purchase and Payment records.
  • Marketing preferences: Communication method preferences; Newsletter preferences.
  • Usage data: Browser type and version; Device type and operating system; Referral URLs and Site usage activity (via analytics tools).
  • Information relating to compliments and/or complaints: Contact details listed in ‘Identity verification and contact details’ required to respond to compliments and/or complaints; any information not listed elsewhere within this list which is relevant to the situation behind the individual compliment and/or complaint.

 

5. How we collect your data

  • Receiving of Enquiry Messages sent via our website
  • Discovery calls and onboarding process
  • Accountant’s Professional Clearance Letter
  • Direct communications with yourself (e.g. via Email, Phone Call)
  • Third-party integration (e.g. Microsoft, Calendly, Xero)
  • Cookies and similar tracking technologies

 

6. How we use your data

  • Provision of our Accounting and Consultancy services
  • Verification of identity for AML compliance
  • Response to enquiries
  • Sending of service communications
  • Invoice and payment reminders/requests
  • Improve our website and provision of services
  • Meet our legal and professional obligations (examples include GDPR, AAT policies, HMRC, UK AML)

 

7. Lawful Basis

Under UK GDPR, we must have a “lawful basis” for data usage. We’ve listed below the lawful bases under UK GDPR. You can find out more about lawful bases on the ICO’s website.

We process personal data based on the following legal bases:

  • Contractual: To provide the agreed upon services as set out on engagement documentation
  • Legal Obligation: AML Due Diligence Checks, HMRC compliance, Record-keeping
  • Legitimate Interest: General Corporate Operations
  • Consent: We have permission for data usage (example, marketing emails) only after providing the information necessary on the specific matter the data usage is regarding. Permission is deemed valid to us as clear consent only after necessary information is provided. Please note that you can withdraw consent at any time – we kindly ask that you notify us of your consent withdrawal via email to the email address provided in Point 2 of this policy.).

 

8. Sharing your data

While we’ll never sell or rent your data, we may share your data with third parties for general corporate operation purposes only if completely necessary. All parties would be bound to handle your data securely either by contractual agreement or in general under GDPR rules. Parties we may share your data with are as listed below:

  • Regulators (example: HMRC, AAT)
  • AML Compliance Platforms
  • Software Providers (Xero, Microsoft)
  • Your prior Accountant (if any) – to request Accountant’s Professional Clearance Letter
  • Accounting, Legal, and other professional advisors
  • Subcontractors, only under confidentiality agreements
  • Debt collection agencies

International Data Transfers

We may transfer personal data outside the UK and European Economic Area (EEA) when using trusted service providers such as Xero and Microsoft. These transfers are classified as “restricted transfers” under UK GDPR and are governed by Part 3, Chapter V of the Regulation and sections 17A and 74A of the Data Protection Act 2018. Transfers are permitted only where the destination country benefits from a UK adequacy regulation, or where appropriate safeguards are in place—such as the International Data Transfer Agreement (IDTA), standard contractual clauses, or Binding Corporate Rules. Where relevant, our processors participate in recognised frameworks such as the EU-U.S. Data Privacy Framework and the UK Extension, offering additional assurance. We conduct regular risk assessments in line with ICO guidance to ensure that your data remains protected and your rights are upheld.

We will only transfer or allow processing of personal data outside the country in which a customer has contracted where one of the following conditions applies:

  • You have given specific consent.
  • The destination country has an adequacy decision (EU GDPR) or adequacy regulation (UK GDPR).
  • The transfer is governed by unaltered standard contractual clauses.
  • The transfer is made under approved Binding Corporate Rules.
  • The transfer falls within one of the exemptions under GDPR Article 49.

 

9. Data Retention

We keep your data for as long as necessary to meet the relevant purposes for which we collected the data, including for the purpose of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the data, as well as the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your data, and whether we can those purposes could be achieved through other means, along with the applicable legal requirements.

We may need to keep different types of information about you for different time periods, depending on your circumstances.

We will retain information relating to complaints and disputes for up to seven years following the resolution of the complaint or dispute. This information may include data about the complainant, the subject of the complaint, and anyone else who was involved in the matter, as well as the details of the complaint and the outcome.

And in all cases, data may be retained for longer for research and archiving purposes or if it cannot be deleted for legal, regulatory, statistical, or technical reasons. In these cases, steps will be taken to ensure that data is held securely and processing is restricted.

 

10. Your data rights

Under GDPR, if you make a request, we must respond without undue delay within one calendar month of the date we received it. Please note, however, we must receive all necessary information before we can begin handling your request – the time needed by us to handle your request will only start from the date we receive this information. For more complex requests, we must respond within three calendar months.

We will always endeavour to respond to your request as quickly as possible.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Your data rights are as follows:

  • Your right of access: You have the right to ask us for copies of your data. You can request other information such as details about where we get your data from, and who we share your data with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification: You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure: You have the right to ask us to delete your personal information. 
  • Your right to restriction of processing: You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing: You have the right to object to the processing of your personal data. 
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
  • Your right to withdraw consent: When we use consent as our lawful basis you have the right to withdraw your consent at any time.

 

11. Cookies and tracking

This site uses third-party website tracking technologies to aid our continual service improvements, and display advertisements according to users’ interests. You have the option to clear our cookies by going onto your browser settings. Please see our cookie notice for more information.

 

12. Third-Party Links

Our website may contain links to external websites. We do not take responsibility for privacy practices nor content of those websites.

 

13. How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details provided in Point 2 of this privacy policy.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you have the right to also make a complaint to the ICO. 

The ICO’s address: 

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint

 

Latest Update - 21/10/2025

Please note this policy is subject to change at any time. Any changes made to our Privacy Policy will be updated on this page, so we suggest checking this page routinely for updates.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.