Hillson & Co Ltd

Accounting for small & medium size businesses

Chartered Certified Accountants

01202 868 768

Data Protection

Our Privacy & Cookie Policy



This Policy sets out the obligations of Hillson & Co Ltd, Chartered Certified Accountants, a company registered in England and Wales under number 4713880, registered office at 42 Monsal Avenue, Ferndown, Dorset BH22 8LB, regarding data protection and the rights of clients, client employees, staff and suppliers in respect of their personal data under the General Data Protection Regulation (GDPR).

How the law protects you

We are committed to protecting and respecting your personal data and privacy. This privacy and cookie policy relates to our use of any personal data we collect from you from any of our services. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data.

In addition to this Privacy Policy, your privacy is protected by law. The General Data Protection Regulation (GDPR) that came into force on 25 May 2018 ensures that we use your personal information only if we have a proper reason to do so.

The law says we must have one or more of these reasons for using your data:

  • To fulfil a contract we have with you to provide our services
  • Where it is our legal duty
  • When it is in our legitimate interest
  • When you consent to the use of the data

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.


Only necessary cookies are set by our website; these cookies cannot identify you or your computer. We do not make use of any third party statistical, tracking, marketing or any other software or related cookies.


Under the GDPR your rights are:

  • To be informed – we must make available this privacy notice with the emphasis on transparency over how we process your data.
  • Access – you are entitled to find out what details we may hold about you and why.
  • Rectification – we are obliged to correct or update your details.
  • Erasure – this is also known as the right to be forgotten.
  • Restrict processing – you have the right to ‘block’ or suppress the processing by us of your personal data.
  • Data portability – you have the right to obtain and reuse your personal data that you have provided to us.
  • Object – you have the right to object to us processing your data in relation to direct marketing and or profiling.
  • Rights in relation to automated decision making and profiling – we do not use automatic decision making or processing.

If you would like to request further information regarding data protection, or wish to contact us to exercise any of your rights under the GDPR, please contact:

Lisa Hillson, Hillson & Co Ltd
42 Monsal Avenue, Ferndown, Dorset BH22 8LB

Telephone 01202 868768 or 07881 903279
Email hillsonandco@yahoo.com


We will collect personal data from you should you choose to submit an enquiry via a form on this website, the submitted data is sent to us via email; such data will include, but may not be limited to, your name, business name and email address. We collect and process this data to interact with you in relation to your enquiry.

We will collect personal data from you in relation to the provision of our services to you, including details relating to your tax affairs, bank accounts, investments, payroll information, accounting records and other statutory returns.

The personal data we process may include your (or your employer’s or our client’s) name, address, date of birth, family relationships and email addresses. We may require documentary details from you such as a driving licence, passport or birth certificate, in order to comply with our obligations under identification, money laundering and anti-terrorism legislation.

Our collection methods are:

  • via our website ;
  • through engagement (or potential engagement) of our services;
  • by communications, including email, telephone, post or social media;
  • networking;
  • through engagement of service providers;
  • via third parties and/or publicly available resources (for example from your employer or from Companies House).


We use information held about you to:

  • respond to any initial contact you might make via our website or by email;
  • provide services to you (or your employer or our client) under a contract, as set out in a Letter of Engagement between us;
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or by Legitimate Interests;
  • notify you about changes to our services;
  • fulfil our legal obligations including money laundering and identification checks, complying with anti-terrorism financing and Criminal Finances Act legislation;
  • use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;
  • enable us to invoice you for our services and investigate/address any disputes that may have arisen.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.


We will never sell, share or rent any part of your Personal Data with any third party for marketing purposes.


Your information will be retained by us except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you.

We use third party service providers such as agents, subcontractors and other organisations to help us provide services to you. These would include cloud based accounting and payroll providers and cloud based storage companies.

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions. We will take reasonable steps to ensure that your data is protected to the same high level that we protect it.


We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.


Under GDPR you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case by case basis and must be submitted in writing to Lisa Hillson (for contact details see section 3 of this policy).


We will correct or update your data at the earliest opportunity provided you make the request in writing to Lisa Hillson (for contact details see section 3 of this policy), clearly specifying which data is incorrect or out of date.


We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you of a suspected breach where we are legally required to do so.


We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you. Such requests must be in writing to Lisa Hillson (for contact details please see section 3 of this policy). If we do hold your personal data we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • confirm that your data is being processed;
  • verify the lawfulness and the purpose of the processing;
  • confirm the categories of personal data being processed;
  • confirm the type of recipient to whom the personal data have been or will be disclosed,
  • let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification to prove who you are in order to access your data. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.


You have the right to complain about the processing of your personal data. Please contact Lisa Hillson in the first instance:

Telephone 01202 868768 or 07881 903279

Email hillsonandco@yahoo.com

If you are dissatisfied with the way your complaint has been handled you have the right to complain to the Information Commissioners Office (ICO):

ICO helpline: 0303 123 1113

ICO website: ico.org.uk/make-a-complaint


We keep our privacy policy under regular review; please check back regularly to ensure you are aware of changes to it. We may bring your attention to this policy from time to time to help ensure you are aware of its contents.

First published 15th June 2018