top of page

Privacy Notice

Stanbridge Associates 

Updated 4 November 2020

This privacy notice provides an overview on how we use your personal data. By law we are required to make only safe and ethical use of the information that is provided and we believe it is important to ensure you understand how we use your data. This should be read in conjunction with the relevant notice about who you are to us, and considering the information provided in our policies covering privacy and data protection.

What Personal Data Do We Collect? 

Personal data is defined as information which directly or indirectly identifies an individual. The personal data we collect differs depending on who you are to us:

Why Do We Collect Your Personal Data?

The reason we collect personal data changes depending on the activity for which we need the information. 

Contract & Engagement

We collect personal data when you want to enter a contract with us whether by engagement for services or as an employee. 

Legitimate Interest

We hold this data to allow us to provide accountancy and tax compliance and tax advisory services (if applicable).

We also hold data in order to make ID checks under the Money Laundering Regulations, this may include a copy of your passport or driving licence and evidence of your address.

We hold this data to comply with our obligations as an employer.


We hold this data to comply with our obligations as a training office for ICAEW, ACCA and as an apprenticeship provider.

We hold this data to provide benchmarking and statistical data.

We hold this data to allow us to focus our communications with our clients and our potential clients


We process personal data where you have given consent for us to do so either as a client or potential client, an employee or potential employee, or student.

How Do We Protect Your Personal Data?

Stringent information security and personal data protection policies have been implemented. We have trained our workforce to ensure employees who come into contact with your personal data understand their obligations to adhere to our policies. We are committed to regular training in security and privacy best practice.

We apply appropriate technical and organisational measures in order to protect data, computing devices and the network from accidental / malicious activities or theft. Where appropriate, we encrypt our data and devices with confidential information securely destroyed when no longer required. We employ the use of Opensapce as a secure communication channel and encourage the use of this service.

Our offices are protected by physical access via swipe cards/thumbprint recognition and a staffed reception. As a small office facility, we are able to control visitors as they are by appointment only. Additional security measures are in place limiting access to our data centres including a locked room for our server.  We do use an external provider of IT and rely upon their data protection measures to ensure privacy complies with legal requirements.

Your Rights

Data protection laws give you a number of rights with respect to how organisations process your personal data.

Right To Be Informed

You have the right to be informed of the use that your personal data will be put to, together with details of the Data Controller and your rights. Where you provide your personal data directly to us you will be directed to our PRIVACY NOTICE available at the time your data is obtained.

Where we obtain your personal data from a third party, these details will be made available within a reasonable period of having obtained the data. If your personal data is to be used to communicate with you, these details will be provided at the relevant time when the communication takes 

place. We shall use the Openspace portal as our secure communication channel. If disclosure to another recipient is envisaged, we shall ensure we have appropriate authority to disclose or have the right to do so to fulfil our legal obligations. Such third parties may be an Independent Financial Advisor, HMRC; a spouse or for a reference (financial or personal).

Right To Access

You have the right to access and obtain a copy of your personal data held and processed by us, on request. 

We exercise a number of exemptions:

  • Money Laundering obligations. 

  • Employment references.

  • Contract negotiations.

  • Ongoing investigations into conduct were it would prejudice the outcome. 

You may exercise your right through the submission of a formal, written Subject Access Request to our Data Protection Office



administered by our practice manager,

Mrs Wright; or by post to our main address marked “PRIVATE”

Data Protection 
7 Lindum Terrace


Right To Rectification

You have the right to request a correction to inaccurate or incomplete personal data.

Right To Erasure (To Be Forgotten)

You have the right to request eradication of your personal data from our systems and records. This is not an absolute right and does not normally apply to purposes covered by Legal Obligation or which are necessary for the performance of a Contract.

Right To Restrict Processing

You have the right to request cessation of or restriction to the processing of your personal data. This could be for example, if your personal data is no longer necessary for purpose of processing.

Right To Data Portability

You have the right to request a copy, in a portable format, of the personal data which you have provided directly to the SAL and which is automatically processed.

Right To Object

You have the right to object to the processing of your personal data, where we rely upon Legitimate Interest as the lawful basis for processing.

Rights Related To Automated Decision Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing (including profiling), which may significantly affect yourself. 


If you are unhappy with how your personal data is processed by SAL, you have the right to complain to the Data Protection Office. If you remain unhappy, following our response to your complaint, you have the right to lodge a further compliant with our Supervisory Authority, The Information Commissioners Office (ICO).

The ICO’s address is: 

Information Commissioner's Office, 

Wycliffe House, Water Lane


SK9 5AF 

You can also contact them by telephone on

+44 (0)1625 545 745 or via their website at

Data Protection Office

The data protection office has been established to ensure compliance with data protection laws. We are registered with the Information Commissioner's Office (ICO) as a data controller for the processing of personal data (Z5765897).

bottom of page