top of page

Middleton Professional Accounts Services

Our contact details

Name: Luke Middleton – GDPR Lead

Phone Number: 01633 441405



Our privacy policy is simple…

  • We do not share any personal information we collect with any other organisation or individual, unless required to verify certain information under anti-money laundering regulations.

  • Any information you provide to us is kept completely confidential no matter how or why you provided it.

  • Only employees or contractors we specifically employ to complete the duties and services we provide to you have access to your information and only to perform those duties and services.

To find details of this policy please read on…


What type of information we have:


We currently collect and process the following information:

  • Your contact details; Name, e-mail address, phone number and physical address (phone number and physical address are both optional).

  •  Our website may ask for your payment / credit or debit card details in order to process a payment for a service you have purchased; this data is not stored by our website or shared with any other party.

  •  Our website uses cookies to collect information to analyse how many individual visitors our website and its pages has. The cookies collect information in a way that does not directly identify anyone.

  • We can process card payments over the phone; this data is not stored, written down or recorded – it is entered immediately and directly to our payment provider.

  • If we provide Accountancy Services or Tax Advice to ongoing customers, we are required – by law – to conduct anti-money laundering (AML) checks. This requires us to verify your identity, address and business details. Depending on the risk your business poses, different levels of checks will be checked. As such we will collect documents or information on you or your business.

How we get the information and why we have it:


Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • For us to contact you in response to your message, query or phone call.

  • To help us provide the service you purchased / booked to you.

  • We take your contact information from the “Contact Us” form, online booking form on our website or an online form e-mailed to you via our Dubsado CRM.

  • Or we obtain this information by asking you, when we speak to you over the phone, via text message, instant messaging service (i.e. social media) or videoconference (i.e ZOOM).


We do not receive or obtain personal information indirectly, from any other source. Only the information you provide to us is the only information we have.


Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You can remove your consent at any time. You can do this by contacting Luke Middleton on any of the details shown at the top of this document.

  • We have a contractual obligation.

  • We have a legal obligation.

  • We have a legitimate interest.


What we do with the information we have:


We use the information that you have given us in order to:

  • Provide the service / contractual obligation we have toward you.

  • Send you information about new services we may be able to offer you and your business – this will only be tailored and applicable for you and your business needs.

  • We use QuickBooks Online Accounting software in order to fulfil some of our services. Your information may be input into this software, but it is not directly shared with them.


We do not share this information with anyone outside our organisation.

  • For enhanced AML checks (high AML risk), we may verify your information with third party companies such as Equifax or Experian, to ensure your information is correct.


How we store your information:

  • Your information is securely stored electronically in the QuickBooks & Dubsado CRM Servers (for clients) and within our company Microsoft OneDrive server. To ensure your information is properly secured, we password protect all folders relating to client personal and company information and any other personal contact information. We also ensure we have up to date and quality virus protection software on all of our devices that have access to your information. 

  • As a client, we keep all your company financial and personal information only on our Quickbooks online & Dubsado CRM accounts. This ensures no information or data is lost, damaged or stolen as a hard copy. Once you inform us you no longer want / need our services and are not transferring your data to another Quickbooks online profile, you will be made “Inactive” on our Quickbooks profile. Once this happens your data will be kept on the account for 1 year. Whilst being “Inactive” both us and you still have access to that data, but you cannot edit it. At which time, if you have not been reactivated, your data will automatically be deleted from their servers. If you advise that you wish to transfer your information to another Quickbooks Online profile (i.e another accountant / bookkeeper), this data will be transferred, and we will no longer have access to any of your company and financial data. In both cases, when you inform us you no longer require our services, we will ask what, if any, of your information, you would like us to keep, and for how long (in case you would like us to inform you of any new services or price changes we may have in the future). Then once that period is up, we will then dispose of your information by deleting it from our online servers.

  • For anyone we are required to conduct AML checks for, all important documents and information will be held securely on Dubsado CRM’s server that is only accessible by the Money Laundering Reporting Officer (MLRO) and their deputy officer.

As a Virtual service, we do not keep hard copies of any information. Anything we may need to print for ease of work is securely shredded and destroyed promptly when the work is completed.



Your data protection rights:


Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.

  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at / 01633 441405 if you wish to make a request.

How to complain:

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:     


Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

bottom of page