Policies

Privacy Policy

Last updated
October 6, 2026

Upscale Consultants Ltd respects your privacy and is committed to protecting your personal data.

This privacy policy explains how we collect, use, store and protect personal information when you visit our website, contact us, become a client, work with us, download our resources, attend our events, or otherwise interact with our business.

This policy applies to personal data processed by Upscale Consultants Ltd in connection with our website, enquiries, marketing activity, client onboarding, accounting, tax, finance, advisory and related services.

1. Who we are

Upscale Consultants Ltd is a UK-based accounting, finance and advisory business.

For the purposes of UK data protection law, Upscale Consultants Ltd is the data controller for the personal data we collect and use.

Our contact details are:

Upscale Consultants Ltd
Edinburgh House
170 Kennington Lane
London
SE11 5DP

Email: privacy@weupscale.com

If you have any questions about this privacy policy or how we use your personal data, please contact us using the details above.

2. The personal data we collect

We may collect and use different types of personal data depending on your relationship with us.

Identity and contact details

This may include your name, business name, job title, postal address, email address, telephone number and other contact information.

Business and financial information

Where you become a client or prospective client, we may collect information about your business, including accounting records, bookkeeping data, management accounts, statutory accounts, tax returns, VAT records, payroll records, bank transactions, invoices, receipts, budgets, forecasts, cash flow information, financial reports and other records needed to provide our services.

Tax and regulatory information

We may collect tax and regulatory information such as Unique Taxpayer References, National Insurance numbers, VAT numbers, PAYE references, Companies House numbers, director details, shareholder details, persons with significant control information, HMRC authorisation details, HMRC correspondence, Companies House filings and related records.

Anti-money laundering and client verification information

As an accountancy service provider, we may be required to carry out identity verification and anti-money laundering checks. This may include proof of identity, proof of address, company ownership information, source of funds or wealth information, beneficial ownership information, sanctions screening results and other due diligence information.

Website and technical data

When you use our website, we may collect technical information such as your IP address, browser type, device type, operating system, referral source, pages visited, time spent on pages, links clicked and how you interact with our website.

This information may be collected through cookies, analytics tools and similar technologies.

Communication data

We may keep records of emails, form submissions, messages, meeting notes, call notes, proposals, engagement letters, contracts, support requests and other communications with you.

Marketing and event data

If you subscribe to updates, download a guide, complete a form, attend a webinar, join an event, respond to a campaign or engage with our marketing content, we may collect your contact details, preferences, areas of interest, registration information and engagement activity.

Payment and billing information

We may process billing details, invoice records, payment status, direct debit information, payment references and related financial administration data.

We do not usually store full card payment details ourselves. Where card payments are used, those details are normally processed by a secure third-party payment provider.

3. How we collect personal data

We may collect personal data directly from you when you:

  • complete a form on our website;
  • book a call or consultation;
  • send us an email;
  • speak to us by phone or video call;
  • become a client;
  • sign a proposal, engagement letter or contract;
  • provide accounting, tax, payroll or business records;
  • upload documents to a secure portal or cloud system;
  • attend a webinar, workshop or event;
  • subscribe to our mailing list;
  • download a guide, checklist or other resource;
  • interact with our website or digital content.

We may also receive personal data from third parties, including:

  • HMRC;
  • Companies House;
  • cloud accounting platforms;
  • bookkeeping software providers;
  • payroll software providers;
  • banks and payment providers;
  • identity verification and anti-money laundering service providers;
  • professional advisers;
  • client employees, directors, shareholders or contractors;
  • public registers;
  • referral partners;
  • analytics and marketing platforms.

4. How we use your personal data

We use personal data for the following purposes.

To respond to enquiries

We use your contact details and enquiry information to respond when you contact us, request information, book a call or ask about our services.

To assess whether we can work with you

Before accepting a new client, we may use personal data to understand your requirements, prepare proposals, assess potential conflicts, carry out anti-money laundering checks and decide whether we can provide services to you.

To provide accounting, tax, finance and advisory services

We use client information to deliver the services agreed with you. This may include bookkeeping, management accounts, statutory accounts, corporation tax, VAT, payroll, forecasting, reporting, financial analysis, finance systems support, advisory work and related services.

To deal with HMRC, Companies House and other authorities

Where authorised or required, we may use your data to prepare and submit filings, communicate with HMRC, deal with Companies House, respond to regulatory requests and manage tax or company compliance matters.

To comply with legal and regulatory obligations

We may use personal data to comply with tax law, company law, anti-money laundering regulations, sanctions requirements, professional obligations, record-keeping requirements and requests from HMRC, Companies House, regulators or other relevant authorities.

To manage our client relationship

We use personal data to manage proposals, engagement letters, onboarding, billing, payments, service delivery, deadlines, reminders, renewals, client communications, complaints and general administration.

To operate and improve our website

We may use website and analytics data to understand how visitors use our website, improve user experience, monitor performance, troubleshoot issues and improve our content and services.

To send relevant updates and marketing

Where appropriate, we may use your contact details to send updates, insights, invitations, resources, webinar information, event information or details of services that may be relevant to you.

You can opt out of marketing communications at any time.

To protect our business and legal rights

We may process personal data where necessary to prevent fraud, manage risk, protect confidential information, resolve disputes, recover debts, enforce agreements, respond to complaints or defend legal claims.

5. Our lawful bases for processing personal data

Under UK data protection law, we must have a lawful basis for using your personal data. Depending on the circumstances, we may rely on one or more of the following lawful bases.

Contract

We process personal data where it is necessary to enter into or perform a contract with you, such as providing agreed accounting, tax, advisory or finance services.

Legal obligation

We process personal data where we are required to do so by law, including tax law, company law, anti-money laundering regulations, sanctions rules and professional record-keeping obligations.

Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms.

This may include responding to enquiries, managing client relationships, improving our services, keeping business records, protecting our business, recovering debts, managing risk and sending relevant business communications.

Consent

In some cases, we may rely on your consent, for example for certain marketing communications or optional cookies.

Where we rely on consent, you can withdraw it at any time.

Legal claims

We may process personal data where necessary to establish, exercise or defend legal claims.

6. Special category data

Special category data includes more sensitive information such as health information, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, biometric data, genetic data and sexual orientation.

We do not routinely request this type of information. However, it may sometimes appear in records provided to us, such as payroll records, benefits information, employee records, expenses, tax information, correspondence or supporting documents.

Where we process special category data, we will only do so where necessary, proportionate and permitted by law.

7. Criminal offence data

We do not routinely collect criminal offence data. However, we may process information relating to criminal offences, sanctions, fraud prevention or regulatory matters where required for anti-money laundering checks, sanctions screening, client due diligence, legal compliance, risk management or the protection of our business.

8. Who we share personal data with

We may share personal data with trusted third parties where necessary to provide our services, operate our business, comply with legal obligations or protect our rights.

These may include:

  • HMRC;
  • Companies House;
  • cloud accounting software providers, such as Xero, QuickBooks, FreeAgent or similar platforms;
  • bookkeeping and document management systems;
  • payroll software providers;
  • tax and accounts production software providers;
  • client onboarding and proposal software providers;
  • e-signature providers;
  • payment processors and direct debit providers;
  • banks and finance providers, where relevant;
  • identity verification and anti-money laundering service providers;
  • IT support and cyber security providers;
  • website hosting providers, including Webflow or similar providers;
  • email and productivity providers, such as Microsoft 365 or Google Workspace;
  • analytics providers, such as Google Analytics;
  • marketing and CRM platforms;
  • webinar, booking or event platforms;
  • professional advisers, including lawyers, insurers, consultants and other accountants;
  • regulators, law enforcement agencies or public authorities where required by law.

We only share personal data where we have a lawful reason to do so.

Where third-party service providers process personal data on our behalf, we require them to handle it securely and only in accordance with our instructions.

9. The systems and platforms we may use

To operate our business and provide our services, we may use secure third-party systems. These may include, but are not limited to:

  • Microsoft 365;
  • Google Workspace;
  • Webflow;
  • Google Analytics;
  • Google Tag Manager;
  • ScoreApp;
  • Calendly or other booking tools;
  • Xero;
  • QuickBooks;
  • FreeAgent;
  • BrightPay or other payroll software;
  • Ignition or proposal and engagement software;
  • secure document-sharing systems;
  • payment and direct debit platforms;
  • CRM and email marketing tools.

The specific platforms used may change from time to time as our business and services develop.

10. International transfers

Some of the systems and service providers we use may process or store personal data outside the UK.

Where personal data is transferred internationally, we will take reasonable steps to ensure appropriate safeguards are in place. These may include using providers with recognised data protection safeguards, appropriate contractual protections or other lawful transfer mechanisms.

11. How we keep your personal data secure

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • secure cloud systems;
  • access controls;
  • password protection;
  • multi-factor authentication;
  • encrypted communications where appropriate;
  • secure document-sharing methods;
  • limiting access to those who need it;
  • staff and contractor confidentiality obligations;
  • regular review of the systems we use;
  • data minimisation;
  • secure deletion or archiving where appropriate.

However, no method of transmission over the internet is completely secure. You should take care when sending sensitive information by email and use secure upload methods where available.

12. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to provide services, meet legal and regulatory obligations, resolve disputes and protect our legal rights.

Retention periods vary depending on the type of data and the nature of our relationship with you.

As a general guide:

  • client accounting and tax records may usually be retained for at least six years after the end of the relevant accounting or tax period;
  • company accounting records may usually be retained for at least six years from the end of the financial year to which they relate;
  • anti-money laundering and client due diligence records are generally retained for five years after the end of the business relationship;
  • engagement letters, advice records, working papers and key correspondence may be retained for a period necessary to meet legal, professional, tax, insurance and regulatory requirements;
  • enquiry records may be retained for a reasonable period after the enquiry is closed;
  • marketing data may be retained until you unsubscribe, object or the data is no longer relevant;
  • website analytics data may be retained according to the settings of the relevant analytics provider.

We may retain information for longer where required by law, regulation, professional obligations, insurance requirements, dispute resolution or legal claims.

13. Client files and working papers

In providing accounting, tax and advisory services, we may create working papers, calculations, reports, reconciliations, analysis, notes and other records.

Some records may belong to you, while others may form part of our own professional working papers. Where you request access to information, we will consider the request in accordance with data protection law, professional obligations, confidentiality duties and any contractual terms that apply.

14. Marketing communications

We may send you marketing communications where you have requested information from us, used our services, downloaded a resource, attended an event, subscribed to updates, or where we otherwise have a lawful basis to contact you.

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.

Even if you opt out of marketing, we may still send you service-related communications where necessary. These may include messages about your engagement, deadlines, invoices, tax matters, regulatory updates or important service information.

15. Cookies and analytics

Our website may use cookies and similar technologies to make the website work, improve functionality, understand website usage and support marketing activity.

Cookies may collect information such as your IP address, browser type, device type, pages visited, time spent on the site, referral source and interactions with our content.

We may use tools such as Google Analytics, Google Tag Manager, Webflow analytics or similar technologies to understand how visitors use the website.

Where required, we will ask for your consent before using non-essential cookies. You can also control cookies through your browser settings.

Essential cookies are used to make the website function properly. Optional cookies may be used for analytics, performance, personalisation or marketing.

16. Automated decision-making

We do not use personal data to make decisions about you that are based solely on automated processing and that have legal or similarly significant effects.

We may use software, automation or artificial intelligence tools to support our internal processes, improve efficiency, analyse information or assist with service delivery. Where we do so, we remain responsible for the work we perform and we apply appropriate human review where necessary.

17. Your data protection rights

Under UK data protection law, you have rights in relation to your personal data. These may include the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data in certain circumstances;
  • request restriction of processing;
  • object to processing in certain circumstances;
  • request transfer of your data to another provider, where applicable;
  • withdraw consent where we rely on consent;
  • complain to the Information Commissioner’s Office.

These rights are not absolute and may be subject to legal, regulatory, professional or contractual limitations.

For example, we may need to retain certain information to comply with tax, anti-money laundering, professional, insurance or legal obligations.

To exercise your rights, please contact us using the details in section 1.

18. Complaints

If you are concerned about how we handle your personal data, please contact us first so that we can try to resolve the matter.

You also have the right to complain to the UK Information Commissioner’s Office.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: ico.org.uk

19. Links to other websites

Our website may contain links to other websites. We are not responsible for the privacy practices, security or content of third-party websites.

You should read the privacy policies of those websites before providing personal data to them.

20. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services, legal obligations, systems or data protection practices.

The latest version will be published on our website with the updated date shown at the top of the policy.