Privacy Policy


Leonherman is a Chartered Accountancy practice which is regulated by the Institute of Chartered Accountants in England and Wales.  We provide bespoke accountancy services and business advice to a wide variety of clients and potential clients ranging from sole traders to limited companies.

We believe your right to privacy should be protected at all times. We are committed to protecting your privacy and we value the trust you place in us as an accountancy and business services provider.  As such the information we collect, both from our clients and from visitors through our website, is only that which is essential to deliver the service you have requested.

Our Privacy Policy outlines what you can expect from Leonherman concerning the treatment of your information, whether this be personal data or non-personal data.  Personal information or data is defined as that which can identify an individual such as a name, e-mail address, telephone number, bank details, accounting information or a Unique Tax Reference code “UTR”. 


The terms “Leonherman”, “The Firm”, “We” and “Our” contained within this policy refer solely to Leonherman and do not relate to any other individual, provider, supplier, company, organisation or entity.

The terms “You” and “Your” refer to individuals with whom the Firm has interactions and about whom the Firm may hold or process information or personal data.


The Firm engages in a variety of data processing activities which include but are not limited to the following:

  • Visitors to our website
  • Visitors to our office
  • Corporate clients
  • Personal clients
  • Suppliers
  • Employees
  • Former Employees
  • Applicants for Recruitment
  • Other individuals who may contact us and provide information requiring processing



What information do we collect?

When you opt to contact us via our website requesting further details of our services, we collect your contact information to enable us to answer your queries.

How do we collect information?

We collect your contact information on our website by asking you to input your details. We DO NOT use “Cookies” to track and record your activity on our website.

Security of information

Sending data via the internet is not always completely secure so we are unable to guarantee the security of your contact information whilst it is in transit to us.  Any information sent via the internet is therefore at your own risk.  Upon receipt of your contact information, we then have security processes and features in place to keep it secure.

Why do we collect information?

We collect your information via our website to enable us to effectively answer any queries you have regarding Leonherman and our range of services.

Do we share your information?

We do not share information collected via our website, unless you have given us explicit consent to do so.  Leonherman does not sell or rent information or data to third parties in any circumstance.

Your consent

Your consent authorising Leonherman to hold and process your personal contact information is expressly requested by ticking a checkbox on our website before any contact details you choose to provide can be submitted to us.  If you opt not to provide your consent then our website will be unable to submit your contact information to us and you will then need to contact us in another way such as by post or telephone.  You can withdraw your consent to us holding and processing your personal information or data at any time by contacting

Data holding and processing for website visitors

Contact information submitted by you when visiting our website will only be held and processed for the purpose of effectively dealing with your enquiries and queries and only for as long as consent is in place.  Once queries have been responded to, dependent upon the nature, there may be a need to collect further personal data or information from you in order for us to provide bespoke advice.  Should you choose not proceed to engage the Firm’s services, any personal information or data collected during the enquiries process will be securely destroyed.


There are security measures in place in and around our offices which include CCTV.  Images are captured and are only accessed and viewed by authorised individuals in the event of a request being received, ie to review an incident or security breach.  CCTV images in our office building are automatically overwritten after 48 hours.

A formal log of visitors to our offices is not retained.


 What information do we collect?

If you choose to engage the Firm’s services, only the necessary information and data relevant to the engagement will be collected, held and processed by the Firm.  Holding and processing your information and data will then only be done on a contractual basis in accordance with the engagement letter in order to allow us to effectively execute our contractual obligations, and also with regard to the legal and statutory requirements which Leonherman is obliged to comply with. 

How do we collect information?

Initial information is collected directly from the client and is limited to only the information necessary to the engagement and the services required an individual client.  We may subsequently collect data from other sources such as publicly available information or from other trusted and legal providers such as solicitors, banks, managing agents and HM Revenue & Customs (“HMRC”).

How is data stored?

Information and data provided to Leonherman is stored on our secure servers which are equipped with password and firewall protection.  In the event Leonherman needs to transmit information or documents to you, such as an engagement letter, business accounts or tax return, we use a secure client portal to do so.  Our clients are required to set a password to access the portal and your password should be kept confidential.  Leonherman will never ask for a password to be disclosed.

Data Processing

Your information and data will only be processed in order to:

  • Undertake the specific services which we are engaged to perform, ie preparing your Tax Return or producing a forecast for your business
  • Send you communications specific to the services we are engaged to perform
  • Alert you to important documents which have been sent to you via our client portal
  • Send you our e-shot updates to keep you informed of Government announcements and regulatory change which may affect your business or personal affairs

Data Retention

Leonherman has legal and statutory obligations to retain client information and data for a specific time period which are set down by various regulatory bodies such as HMRC.  Leonherman will securely hold and retain any client data or information for the statutory time limits required, and upon expiry it will be securely destroyed.  Unless we are legally required to do so or unless you request we do so, there will be no processing of client information or data during any statutory retention period.

Do we share your data?

Leonherman may share a client’s data when we receive specific instructions to do so and where data sharing forms part of the service we have been instructed to perform, for example submitting a Tax Return to HMRC.  We may also share client data with a cloud based accounting software provider in order to produce accounts or perform accountancy functions.  When sharing data with a software provider, the Firm will take reasonable steps to ensure that the provider is GDPR compliant.


What information do we collect?

We collect information and personal data from our suppliers and consultant in order for us to manage the relevant relationship or contract.

How do we collect information?

Information is provided to us by the relevant supplier or consultant.

How is data stored?

Information and data provided to Leonherman is stored on our secure servers which are equipped with password and firewall protection.

Data Processing

Data is used in order operate our business and manage relationships with suppliers and consultants, for example making payment for the services they provide.

Data Retention

Data relating to our suppliers and consultants is retained for as long as is necessary for the purpose the data was collected, ie whilst a supplier is providing a service.  Information and personal data may also be held for retention periods where this is a regulatory or legal requirement for the Firm.

Do we share information?

Information provided by suppliers and consultants is only shared for legitimate business purposes, such as with our bank to make payment of an invoice for services provided. 


As an employer, Leonherman is required to collect personal information and data from our employees in order to perform legal, regulatory and operational functions.  All data collected will be treated confidentially and will be stored on the Firm’s servers with password and firewall protection.  In the case of hard copy data, this will be retained in locked cabinets which have restricted access to key senior individuals within the Firm.  The data collected by the Firm will include but is not limited to:

  • Proof of identity documents to satisfy legal requirements of an employee’s right to work in the UK
  • Bank details to pay salaries
  • Contact details in order to make contact with our employees
  • Emergency contact information in the event of an accident or emergency at work

All personal information and data provided to Leonherman will only be used to perform the required legal, regulatory and operational functions of the Firm and will not be used for any other purpose.  Employee personal information or data will not be passed, sold or rented to any external organisation which is not connected with the Firm’s day to day operations. 

Our employees may request sight of their entries record on the Firm’s Data Processing Register which details any organisations which their personal data is shared with and the purpose of the data sharing.


Upon conclusion of an employment contract, Leonherman will only retain key information and personal data for legal and regulatory purposes.  The personal data to be retained on a former employee will be limited to:

  • Name
  • Address
  • Job title
  • Dates of employment with Leonherman
  • Any disciplinary action taken and not expired
  • Number of parental leave days taken

All other information and personal data relating to an employment contract will be securely destroyed.


Applicant information submitted to us by you in relation to an employment opportunity will only be processed in order to progress your application for the advertised role.  Contact information provided will only be used to contact you in relation to the role you have applied for.  Other details provided will be used to assess your suitability for the advertised role.  Applications will be shortlisted within 5 working days of receipt by us and all unsuccessful applicant data will be securely destroyed upon conclusion of shortlisting.  Unsuccessful applicant data will then be securely destroyed at each stage of the recruitment process. 

Speculative employment applications

If you choose to submit your data in relation to speculative employment with Leonherman, we will respond to you within 5 working days.  Contact information provided will only be used to contact you in relation to your application.  Other details provided will be used to assess your suitability for any available role(s).  If the Firm has no suitable vacancy, any personal information received from you will be securely destroyed.  No speculative employment applications or data of any kind will be retained by the Firm.


When an individual contacts us and provides information or personal data, such as a telephone number for a return call, this data will only be retained and/or processed for legitimate business purposes and for an appropriate timeframe relative to the purpose it was provided for.


Article 21 of the General Data Protection Regulations gives an individual the right to object to processing of personal data.  In our normal day to day activities, Leonherman will only process data where there is a legitimate business reason or a legal, regulatory or other lawful requirement for processing.  However, should you have an objection to a processing activity undertaken by the Firm, please write to us outlining your concerns at   Your request will be addressed within 20 working days.

Direct Marketing

We will not target any individual with direct marketing unless we have your explicit consent to do so.  If you wish to withdraw your consent to receive marketing or news updates, you can do so at any time.  Please contact us at  Your request will be processed within 10 working days of receipt.


Should you note any inaccuracies or wish to make any changes to your personal information or data held by Leonherman, please direct your request to  Requested changes will be made with 10 working days of receipt.


The General Data Protection Regulations provide individuals with the following rights:

The right to be informed.  Leonherman will keep you informed of any changes we make regarding the way data is held or processed.

The right of access to any information which Leonherman holds about you.  Should you wish to exercise your right to access, please contact us at  We will respond to you within 10 working days of receipt of any request but it may take us up to 30 days to provide you with our full response.  We will of course keep you updated during any access to information request process.

The right to rectification.  Please notify us if you note any inaccuracies or wish to make any changes to data held by us

The right to erasure, sometimes known as the right to be forgotten.  Under the terms of our Privacy Policy, individuals who have made initial enquiries either through our website or by telephone will be automatically securely erased or forgotten upon conclusion of the initial enquiries process.  Leonherman is though required to retain information or data relating to clients and former employees for specific time limits for regulatory and legal purposes before it can be securely destroyed.

The right to request restriction on processing.  For former clients and employees, the Firm will automatically restrict the processing of data to that which is required for legal and regulatory purposes. Please notify us if you wish to make a restriction on processing request

The right to data portability.  Please notify us if you wish to make a request to obtain and reuse personal information which you have provided to us by writing to

The right to object.  Leonherman will only process data where there is a legal or regulatory basis for so doing.  We will not target any individual with direct marketing unless we have consent to do so

You have the right to withdraw your consent to your personal information or data being held or processed by Leonherman.  You can do this at any time by contacting us at  


We hope that we have adequately outlined within this Privacy Policy how we hold, use and process information or data.  However, if you have any further questions, please contact us at   

Last Reviewed 24 May 2018