Last updated: 10/02/2025
Lewis & Co Accountants is committed to protecting the privacy and personal data of individuals who visit this website or contact us. We take our responsibilities under data protection law seriously and handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains in detail how we collect, use, store, share, and protect personal data, and outlines the rights individuals have in relation to that data.
1. Data controller
For the purposes of data protection law, the data controller is:
Lewis & Co Accountants
Email: hello@lewisaccountants.co.uk
Lewis & Co Accountants determines the purposes and means of processing personal data collected through this website.
2. Scope of this policy
This Privacy Policy applies to:
- Visitors to this website
- Individuals who contact us via email or contact forms
- Individuals whose personal data is collected as part of an enquiry
This policy does not apply to personal data processed in the course of a formal accountant–client relationship, which is governed by separate engagement terms and professional obligations.
3. Categories of personal data we collect
We may collect and process the following categories of personal data.
3.1 Data provided directly by you
When you contact us, we may collect:
- Name
- Email address
- Any information you choose to include in your message
You are responsible for ensuring that information you provide is accurate and up to date.
3.2 Automatically collected data
When you visit this website, we may automatically collect:
- IP address
- Browser type and version
- Operating system
- Referring URLs
- Pages visited and interactions with the site
- Date and time of access
This data is collected using cookies and similar technologies.
3.3 Special category data
We do not intentionally collect special category personal data through this website. You should not submit sensitive personal data unless explicitly requested.
4. Purposes for processing personal data
We process personal data only where necessary and for specific, legitimate purposes, including:
- Responding to enquiries and communications
- Providing information about our services when requested
- Operating, maintaining, and improving this website
- Monitoring usage and performance of the website
- Ensuring website security
- Complying with legal, regulatory, or professional obligations
We do not use personal data collected via this website for unsolicited marketing.
5. Lawful bases for processing
Under UK GDPR, we rely on the following lawful bases:
5.1 Consent
Where you contact us voluntarily, we process your personal data based on your consent.
5.2 Legitimate interests
We process certain data based on our legitimate interests in:
- Operating and securing the website
- Responding to enquiries
- Improving website functionality
We ensure that our legitimate interests do not override your rights and freedoms.
5.3 Legal obligation
Where required, we process data to comply with applicable legal or regulatory obligations.
6. Data retention
We retain personal data only for as long as necessary for the purposes for which it was collected.
- Enquiry data is retained for a reasonable period to allow follow-up and record keeping
- Technical and usage data is retained in line with standard website analytics retention periods
Data is securely deleted or anonymised once it is no longer required.
7. Data sharing and disclosure
We do not sell, rent, or trade personal data.
We may share personal data with third parties only where necessary, including:
- Website hosting providers
- IT and email service providers
- Website analytics providers
All third parties are required to:
- Process data only on our instructions
- Implement appropriate security measures
- Comply with UK data protection law
We may disclose personal data where required by law or to protect our legal rights.
8. International data transfers
We do not intentionally transfer personal data outside the United Kingdom.
Where third-party service providers process data outside the UK, appropriate safeguards are in place, including adequacy decisions or standard contractual clauses where required.
9. Data security
We implement appropriate technical and organisational measures to protect personal data, including:
- Secure hosting environments
- Access controls
- Regular monitoring and updates
While no system is completely secure, we take reasonable steps to protect personal data from unauthorised access, loss, or misuse.
10. Your data protection rights
Under UK GDPR, you have the right to:
- Request access to your personal data
- Request rectification of inaccurate or incomplete data
- Request erasure of personal data
- Request restriction of processing
- Object to processing based on legitimate interests
- Request data portability where applicable
- Withdraw consent at any time
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Requests can be made by contacting us using the details above.
11. Cookies and tracking technologies
This website uses cookies and similar technologies. Full details are provided in our Cookie Policy.
12. External links
This website may contain links to external websites. We are not responsible for the content or privacy practices of third-party sites.
13. Changes to this policy
We may update this Privacy Policy at any time. Any changes will be published on this page with an updated revision date.
14. Contact
If you have any questions about this Privacy Policy or how your personal data is handled, please contact: