Privacy Policy

Under the EU General Data Protection Regulations (GDPR), we are required to update the data protection references in our engagement letters with clients and, in the case of individual clients, provide certain details regarding Fairbook Business Services Limited (“the Firm”) and the collection and use of your personal data. This is set out in more detail below.
About Us
Fairbook Business Services Ltd is an accountancy practice. We are registered in England and Wales as a limited company under number: 06653197 and our registered office is at Ground Floor, Back Office, 12-14 Maunsell Road St. Leonards-On-Sea, East Sussex, England, TN38 9NN.

For the purpose of the Data Protection Legislation and this notice, we are the ‘data processor’. This means that we are responsible for processing personal data on behalf of a controller. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

We have appointed a Head of Privacy. This is our Data Protection Point of Contact who is Heather Okines and who is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact Heather you can do so by emailing

The kind of information we hold about you
The information we hold about you may include the following:
  • your personal details (such as your name, address and other contact details);
  • date of birth;
  • gender;
  • your national insurance number and/or Unique Tax Reference number;
  • your bank account details;
  • your driving license and or passport details; and
  • our correspondence and communications with you.
No special category of personal data is held by the Firm.

What are your rights?
If at any point you believe the information we hold or process on your behalf is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us at and we will investigate the matter.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any ‘sensitive personal data’. This information does, however, include information such as your name, address, email address and contact telephone number.
We make every practical effort to avoid collection of excessive or irrelevant data. If you believe that we have collected excessive information we encourage you to contact us to raise your concerns.
A full list of your rights under GDPR is as follows:
  1. The right to access the personal data we hold on you.
  2. The right to correct and update the personal data we hold on you.
  3. The right to have your personal data erased.
  4. The right to object to processing of your personal data.
  5. The right to data portability.
  6. The right to withdraw your consent to the processing at any time for any processing of personal data to which consent was sought.
  7. The right to object to the processing of personal data where applicable.
  8. The right to lodge a complaint with the Information Commissioner’s Office. You can contact the Information Commissioner’s Office via email or on 0303 123 1113, or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you want to exercise any of the above rights, please email Heather Okines on

Data Collection
We need to know basic personal data in order to provide you with our services, and to claim our right to be paid in return for our services, under our standard terms of business / contract we have with you. If you do not provide this information then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need in order to provide and oversee the services we have agreed to provide you with.
Use of Data
All the personal data we hold about you will be processed by our staff in the United Kingdom and no third parties will have access to your personal data unless there is a legal obligation for us to provide them with this or we have obtained your prior consent. We have set out below the legal bases for the Firm to process your data.

Some of our processing is necessary for compliance with a legal obligation. For example, the Firm is a regulated entity and therefore has a duty to act as a data controller and is obliged to report certain matters to its regulators or law enforcement agencies.

We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with providing you with services.

Where your information is used other than in accordance with one of these uses, we will first obtain your consent to that use.

With your permission we may also communicate with you information about other services we can offer you and update you about our activities.

We take all reasonable steps to ensure that your personal data is processed securely.

How long we keep it
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. 

When assessing what retention period is appropriate for your personal data, we take into consideration:
  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • whether the purpose of the processing could reasonably be fulfilled by other means.
  • We will generally keep your personal data for a minimum of 6 years, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information.
Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing or we will seek your consent.

Sharing your personal data
Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Which third-party service providers process my personal data?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, and banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.
Transferring personal data outside the European Economic Area (EEA)
We will not transfer the personal data we collect about you outside of the EEA.

Data Security
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Changes to this Notice
Any changes we may make to our privacy notice in the future will be updated on our website;

This privacy notice was last updated on 24 May 2018.