Privacy notice

1. Purpose of this notice

Ellacotts LLP (‘the Firm’, ‘we’, ‘us’, ‘our’ and ‘ours’) is committed to protecting and respecting your privacy. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the GDPR, the data controller is Ellacotts LLP.  We are registered in England and Wales as a limited liability partnership under number OC319580 and our registered office is at 23 West Bar, Banbury OX16 9SA.  In some cases, for example where we undertake payroll services we may also act as the data processor.

The person responsible for Data Protection is the Managing Partner, David Stevens.

2. Definitions

“Personal data” is any information that relates to a living individual who can be identified from that information. Processing is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.

“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.

3. Why we have a privacy statement

Ellacotts is committed to privacy for everyone who uses our services – we appreciate that you do not want the personal information you provide to us to be distributed indiscriminately. We will only use your personal information to deliver the services you have requested from us, and to meet our legal responsibilities.

In accordance with the General Data Protection Regulation we are required to comply with certain rules which are designed to ensure that any data you provide to us is processed with due care and attention.

4. How we collect information from you

We obtain information about you when you engage us to deliver our services and when you use our website.   You may give us information about you by corresponding with us by telephone, email, our secure portal, post, social media or otherwise.

We collect most of this information from you. However, we may also collect information:

  • from publicly accessible sources, e.g. Companies House or HM Land Registry
  • directly from a third party, e.g. HMRC
  • from a third party with your consent, e.g. your bank or building society, another financial institution or advisor; consultants and other professionals, your employer and/or trade union, professional body or pension administrator.

We may also obtain information about your employees in the course of our work with you.

5. The data that we collect

The personal data we collect from you will vary depending on which services you engage us to deliver.

The data we collect might include your name, nationality, address, date of birth, e-mail address, phone number(s), your Unique Tax Reference (UTR) number, your National Insurance number, passport details, bank details, details of personal assets and income including your employment status, salary and benefits, pension arrangements, your IP address, information to enable us to check and verify your identity and any additional information we may require to provide our services to you.

You are under no obligation to provide any such information, however, this will affect the quality of the services we are able to provide you with if you choose not to.

6. How we use personal data we hold about you

We may process your personal data for purposes necessary for the performance of our engagement with you, and to comply with our legal obligations.

In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:

  • provide accountancy, taxation and related services to you
  • contact you by post, email or telephone
  • verify your identity where this is required
  • understand your needs and how they may be met
  • maintain our records in accordance with applicable legal and regulatory obligations
  • process financial transactions
  • prevent and detect crime, fraud or corruption

We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you.  The period of retention required varies with the applicable legislation, however to ensure compliance with all such requirements it is the policy of the Firm to retain all data for a period of 20 years from the end of the period concerned.

7. Why we collect and process sensitive personal data

We collect and process Sensitive Personal Data only so far as is necessary and in compliance with all applicable legislation. By registering your details with us, you consent to us collecting and processing the Personal Data supplied by you and disclosing this information in connection with the services provided.

8. Access to your information

Your information will be shared internally where necessary. Any Partners and employees with access to your information have a duty of confidentiality under the ethical standards that the Firm is required to follow.

The Firm will not transfer your data to countries outside the European Economic Area.

9. Who we share your personal data with

Where the Firm engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.  Activities carried out by third-party services providers include IT and cloud services, professional advisory services, and administration services.

10. How you can access and update your information

Keeping your information up to date and accurate is important to us.  We commit to regularly review and correct where necessary, the information that we hold about you.  If any of your information changes, please email or write to us, or call us using the ‘Contact information’ noted below.

You have the right to ask for a copy of the information the Firm holds about you.

11. Data Security

The Firm takes the security of your data seriously. The Firm has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its Partners and employees in the performance of their duties. All our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. Your choices

We may occasionally contact you by post / email / telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further.  If you do not wish to receive such information from us, please let us know by contacting us as indicated under ‘Contact information’ below.

13. Right to withdraw consent

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time

Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

14. Your rights

You have the following rights, which you can exercise free of charge:

  • access and obtain a copy of your data on request;
  • require the Firm to change incorrect or incomplete data;
  • require the Firm to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the Firm is relying on its legitimate interests as the legal ground for processing; and
  • ask the Firm to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the Firm’s legitimate grounds for processing data.
  • withdraw consent to use your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in ‘Contact information’ below if you wish to exercise any of these rights.

15. How do we let you know if our policy changes?

Any policy changes, either due to business reasons or future changes in legislation, will be published on our website and, if substantial, may be promoted on the website or through other communication methods.

This privacy notice was last updated in May 2018.

Contact information

If you have a query or wish to make a compliant about this statement or any procedures as set out in it please contact the Managing Partner, David Stevens  at

Ellacotts LLP
Countrywide House
23 West Bar
OX16 9SA


We seek to resolve directly all complaints about how we handle your personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office at

Information Commissioner’s Office
Wycliffe House
Water Lane

Telephone – 0303 123 1113 (local rate) or 01625 545 745