GDPR Privacy Policy



Niaroo Business Services is the trading name of the company that is a controller and processor of data.

This privacy policy explains how we use any personal information that we collect about you, as a client of Niaroo Business Services

Also see the GDPR Glossary of Terms at the bottom of this document


How we use personal information about you

Niaroo Business Services takes the protection of personal data seriously and we always maintain our company to ensure that, at all times data is protected with appropriate procedural, organisational and technical measures, and that data is only collected and used for appropriate and legitimate purposes.

Niaroo Business Services will only use your personal information to provide the services previously agreed with you. We will only use this information in accordance with your instructions and current data protection regulations.

We may receive personal information from you that falls into the category of sensitive personal data, required in order to complete money laundering checks.  This information will only be used for the purpose of preventing money laundering and terrorist financing, by any express consent from you, or as otherwise required by law.


What personal data we may collect about you

Niaroo Business Services is bound by the requirements of the General Data Protection Regulation (GDPR).  As a client of Niaroo Business Services, we may need to ask for personal information about you, your family, partners, associates and employees. 

  • Personal information including addresses, contact details, date of birth, marital status, national insurance numbers and tax references
  • Any sensitive personal details required to satisfy money laundering requirements
  • Accounting information
  • Payroll information
  • Pension details


How will this data be processed?

Personal information is only processed by Niaroo Business Services to provide services such as:

  • Bookkeeping
  • Tax returns
  • Accounts preparation
  • Payroll
  • Pensions
  • Workplace benefits (P11D)

Please note that we may also process some of this personal information for the following purposes:

  • Updating our client records system
  • Statutory returns
  • Legal and regulatory compliance
  • Crime prevention



How long we keep your data for

We will typically hold your personal information for 7 years after the closure of your account in line with regulatory data retention requirements. Data may be retained longer than 7 years if required for legal purposes, for an on-going litigation (litigation hold), or where explicitly requested by you.


Sharing and transmitting personal data


Niaroo Business Services will at no time sell, share or disseminate any of the controller’s data to any third party, except where necessary for the legal basis for processing.

Your personal data may be transferred to appropriate third parties as follows:

  • HMRC for the purpose of complying with statutory requirements, e.g. filing tax returns, VAT returns, CIS returns and real-time reporting
  • Companies House for the purpose of statutory company reporting
  • Your payroll pension provider
  • Mortgage companies and landlord reference check agencies but only with your consent
  • Any other accountancy practice but only with your written consent


How we communicate with you

Niaroo Business Services may contact you using telephone numbers, email addresses or addresses ‘volunteered’ by you as part an initial communication with Niaroo Business Services or contained in the Letter of Engagement provided by Niaroo Business Services.

We may occasionally send text messages to your mobile phone number, but this will only be in relation to services agreed with you. These texts will never contain your personal details and will never be used for marketing purposes.

We will only send text messages to your mobile if you specifically agree to receive them in our Letter of Engagement.


Security of Data

Niaroo Business Services is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place various physical, electronic and managerial procedures to safeguard and secure the information.


Right of access to data about you

GDPR gives you the legal right to access personal data about you that is held by Niaroo Business Services.  It allows you to check the lawfulness of any data processing, to ask for incorrect data to be changed, and for data about you to be erased (within any legal or regulatory constraints).

To get a copy of this data, please make a Subject Access Request (SAR) to Catherine Gowans, Catherine will make a copy of the data available as quickly as possible, and this will be within 30 days of receipt of the SAR.

Subject Access Requests should be made in writing to:

Catherine Gowans, Niaroo Business Services, 59 Kilmundy Drive, Burntisland, KY3 0JP

Tel: 07880 695683 or 07880 695691



Glossary of Terms


Personal Data

Personal data refers to any information that could identify an individual, or when combined with other accessible data, could make that person identifiable. This may include (but is not limited to):

  • Names and contact information, for example emails, addresses and telephone numbers
  • National Insurance Numbers
  • Employment history
  • Employee numbers
  • Credit History
  • Personal tax
  • Payroll and accounting data


Sensitive Personal Data

Sensitive personal data may include:

  • Convictions
  • Biometric data such as the photo in an electronic passport


Data Controller

For the General Data Protection Regulation (GDPR), the term ‘data controller’ refers to the person or organisation that determines what data is required and controls how this personal data is processed.

In this instance, the data controller is Niaroo Business Services, 59 Kilmundy Drive, Burntisland, KY3 0JP


Data Processor

For GDPR, the term ‘data processor’ refers to a person or organisation which processes personal data for the data controller. In the case of Niaroo Business Services, this is likely to include HMRC, Companies House and pension providers.

Data Processing

Data processing is any operation performed upon personal data both manually and via an automated system. Example may include: collecting, recording, transmitting, storing, altering, using, disclosing, disseminating, erasing and destruction

Subject Access Request (SAR)

A subject access request is your legal right to request a copy of information about you held by the data controller. You can also ask the data controller, and through them, the data processor, to change personal information, where it is incorrect, or for the data to be erased (but this is within the constraints of any legal or regulatory requirements to retain the said data).