Pay online

Privacy notice

Contact us


Client login

 01332 202660






The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.  We are committed to protecting your privacy and complying with data protection legislation.

Adrian Mooy & Co Limited is a data controller within the meaning of the GDPR and we process personal data. The firm’s address is: Adrian Mooy & Co Limited, 61 Friar Gate, Derby, DE1 1DJ  - tel 01332 202660

This notice sets out how we collect, use and disclose any personal data that you provide to us to enable us to provide you with our services.

Your personal information is an important part of our service.  It lets us provide our services to you including managing your account with us and any other financial information.

Where we act as a data processor on behalf of a data controller (for example, when processing payroll) we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.


What type of personal data do we collect?

We may collect the following information:

  • Personal details in order to set you up as a client and adhere to money laundering regulations including: your full name, date of birth, contact details including address, email address and phone number.
  • Other information relevant to the types of client services we provide (e.g. tax, accountancy, audit).
  • Company information such as your company name, address and post code, number and details of employees, shareholders, website address.


How do we collect your information?

We collect information about you from different places including directly from you by signing up to our services / submitting an enquiry to us, from a third party acting on your behalf e.g. an intermediary or broker, from publicly available sources and when we generate it ourselves.


How is your information used?

The legal basis for processing your information is contractual and will enable us to supply professional services to you as our client. Depending on the services required, we may use your information to:

  • contact you by email, telephone or post
  • verify your identity
  • enable us to supply professional services to you as our client e.g. prepare your tax return
  • maintain our records in accordance with legal and regulatory obligations
  • fulfill our obligations under relevant laws in force so as to prevent and detect crime, fraud, or corruption
  • comply with professional obligations to which we are subject as a member of the Association of Chartered Certified Accountants

If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement agencies.

We’ll only use your information where we’re allowed to by law e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.


Persons/organisations to whom we may give personal data

We may share your personal data with:

  • our employees, agents and/or professional advisors. Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
  • HMRC
  • any third parties with whom you require or permit us to correspond
  • subcontractors
  • an alternate appointed by us in the event of incapacity or death
  • tax insurance providers
  • professional indemnity insurers
  • our professional body (the Association of Chartered Certified Accountants) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”).

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.


Retention of personal data

Whilst you are a client at Adrian Mooy & Co Limited we’ll keep your information for as long as we deem necessary. After ceasing to be a client we’ll keep it where we may need it for our legal and legitimate purposes e.g. to help us respond to queries or complaints, or for other reasons e.g. fighting fraud and financial crime and responding to requests from professional bodies and regulators.


Your rights

You have a number of rights relating to your information e.g. to see what we hold, to ask us to share it with another party, ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint etc.

You can request a copy of the information that we hold about you at any time by contacting us. We will not normally charge for this and will in most cases aim to provide this within one month.

Please let us know if the personal data that we hold about you needs to be updated or amended, and we will commit to doing this promptly.

You may also request that we erase your personal data where (a) we were not entitled under the law to process it, or (b) it is no longer necessary to process it for the purpose it was collected, or (c) it was processed in breach of the GDPR. To request erasure of any data you should contact us. If you request that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.

You have the right to receive personal data we hold about you in a structured, commonly used, machine readable format.


Security Steps

The security of your personal data is very important to us. We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.

All of the personal data we process is processed within the UK, however for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.

In some cases we may transfer your personal data to countries outside the European Economic Area. Where we do so we will ensure that such transfers are compliant with data protection legislation and that appropriate measures are put in place to keep your personal data secure.

We will notify you if a data security breach occurs which may affect you if the breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.



If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us.

If you are not happy with our response, you have a right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House

Water Lane





Telephone - 0303 123 1113 (local rate) or 01625 545 745



01332 202660

Member of the Association of Chartered Certified Accountants


61 Friar Gate  Derby  DE1 1DJ