Privacy Policy

1. Introduction Apex Bookkeeping Ltd (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. We are registered with the Information Commissioner’s Office (ICO) under registration number ZB695692. This policy explains how we collect, use, and disclose your personal data through our website (www.apexbooks.uk) and our professional services.

​

2. The Data We Collect We process the following categories of data strictly for the purposes of our licensed services:

• Identity and Contact Data: Name, business address, email, and telephone numbers.

• Compliance Data: Information required for Anti-Money Laundering (AML) checks, including government-issued identification and biometric verification processed via our AML provider (Xama).

• Financial and Transaction Data: Bank statements, invoices, VAT records, and CIS data.

• Payroll Data: Employee names, National Insurance numbers, and salary details for PAYE.

• Special Category Data: We process data such as trade union membership or health data only where strictly necessary for payroll processing and where appropriate safeguards under UK GDPR are in place.

​

3. Roles: Controller vs. Processor

• Data Controller: We act as a Controller for data used to manage our relationship with you and for our own regulatory compliance (e.g., AML records and statutory tax files required by HMRC).

• Data Processor: When performing administrative processing of payroll or VAT under your direct instruction, we act as a Data Processor. These obligations are governed by the Data Processing Agreement (DPA) within your Engagement Letter.

​

4. Legal Basis for Processing We process data under the following legal bases:

• Contractual Necessity: To perform the bookkeeping, VAT, PAYE, or CIS services.

• Legal Obligation: To comply with the Money Laundering Regulations 2017 and HMRC reporting requirements under the Taxes Management Act 1970.

• Legitimate Interests: For the effective management, security, and professional licensing reviews of our business.

​

5. Data Security & "Portal-First" Policy

• Secure Exchange: All financial and payroll records must be exchanged via our secure portal (Engager). We do not accept sensitive records via unencrypted email.

• Encryption: Data is stored in secure, cloud environments with multi-factor authentication (MFA) and industry-standard encryption.

​

6. Disclosures & International Transfers We may share your data with:

• HMRC: As your authorised agent for VAT, PAYE, and CIS submissions.

• Regulators: The Institute of Certified Bookkeepers (ICB) for mandatory practice monitoring.

• Service Providers: MTD-compatible software (e.g., Xero, QBO, Engager, Xama).

• International Transfers: Where data is processed outside the UK/EEA by these providers, we ensure standard contractual clauses (SCCs) or International Data Transfer Agreements (IDTAs) are in place.

​

7. Data Retention

• Statutory Records: We retain data relevant to your tax obligations for seven years to comply with HMRC requirements.

• AML Data: Identity verification records are kept for five years after the end of the business relationship.

​

8. Your Legal Rights Under UK GDPR, you have the right to access, correct, erase, restrict, or object to the processing of your personal data. You also have the right to lodge a complaint with the ICO (www.ico.org.uk).

​

9. Contact Details Apex Bookkeeping Ltd, 2nd Floor College House, 17 King Edwards Road, Ruislip, HA4 7AE.

​

Email: info@apexbooks.uk