skip to navigationskip to main content

Privacy Policy

The Richards Sandy Partnership is committed to respecting our clients’ privacy, protecting your information from misuse or unauthorised disclosure and complying with privacy laws. The Richards Sandy Partnership values its reputation and aims to maintain high ethical standards in the conduct of our business affairs.

This client privacy notice explains how we use any personal information we collect from you when you enter into a contractual agreement with us to provide accountancy services.

Business Summary

We process personal information to enable us to provide accounting, auditing and related services, to maintain our own accounts and records and to support and manage our employees. Specifically:

  • Bookkeeping
  • VAT filing
  • Management accounts
  • Periodic accounts reviews
  • Preparation and filing of annual accounts
  • Preparation and filing of annual tax returns
  • Company secretarial services
  • Payroll processing
  • Company pension processing
  • Profit improvement consultancy
  • Personal and business tax planning
  • Business start-up advice
  • Business disposals
  • Business retirement strategies
  • Probate services

The Richards Sandy Partnership employs between 30 and 35 staff in Worcester.

Data Controller Details

  • Email Address:
  • Telephone Number: 01905 611 666
  • Postal Address:

Thorneloe House

25 Barbourne Road




Data Protection Officer

  • Name: Dan Jackson
  • Email Address:
  • Telephone Number: 01905 611 666

Data We Collect When We Enter Into A Client Agreement

This client privacy notice relates to our use of any personal information we collect from you during the setting up and agreement of accountancy services i.e. the commencement of a contract.  Data collected:

  • Name
  • Email Address
  • Telephone Number
  • Postal Address
  • Employer
  • UTR
  • NI Number
  • Earning Records
  • Bank Account Details
  • Pension Details
  • Other Investment Details
  • ID documentation
  • Date of birth
  • Spouse’s name and date of birth
  • Marital status
  • Names and dates of birth of children

We collect personal data purely for performance of a contract.

We will not collect any information about you that is not required for the performance of a contract.

All of the information we collect is required for the performance of a contract.

The requirement to collect this data is absolute.  If we do not collect this data we cannot perform a contract.  You have the right to terminate a contract provided the notice period in the agreement is upheld.  We have a legal obligation to retain personal data pursuant to a contract for presentation to HMRC, for the duration set out below.

Why We Collect Personal Data

We collect information about you purely to perform a contract.  We also use it for business, regulatory and legal purposes, such as:

  • Dealing with any requests you make or questions you submit
  • Providing references to third parties with your express consent
  • Getting in touch if we need to tell you about something, like a change to our policies or issues with a service

Who Processes The Data We Collect (Who Are The Recipients Of Your Data?)

We will store and process your data following industry best practice and security.  We will take all reasonable steps to ensure that there are appropriate arrangements in place that include provisions covering the appropriate secure transfer, handling and processing of the personal information by other entities and third parties.  The majority of that processing takes place at The Richards Sandy Partnership in Worcester in the UK.  Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3rd parties contain the appropriate GDPR model clauses and that all our 3rd parties are also compliant with the GDPR.  This affords your data the same protection away from our organisation as it does within it.  The data we collect through our services may be processed by one or more of the following:

TechTeam (UK) Limited

Where We Might Send Your Personal Data (Geographically)

We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights.  We will only consider transferring your data outside of the EU where the transfer is:

  • Made with your explicit informed consent
  • Necessary for the performance of a contract between you and this organisation or for pre-contractual steps we need to take at your request
  • Necessary for the performance of a contract made in your interest between this organisation and another person
  • Necessary for important reasons of public interest
  • Necessary for the establishment, exercise or defence of legal claims
  • Necessary to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent


  • Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register)

How Long Do We Keep Your Data?

The data referenced above:

  • Is kept for as long as you remain contracted to our services
  • For six years plus the current year if you cease to be contracted to our services

Your Rights As An Individual In Respect Of The Data We Hold

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following.  You have the right to:

  • Request access to your data
  • Request rectification of your data where there are errors or inaccuracies or the data is not current
  • Request that the data we hold is removed entirely from our systems
  • Request us to restrict processing of your data
  • Object to our processing of your data
  • Request your data in a format that is commonly used/accepted
  • Send your data to another controller
  • Withdraw consent already provided at any time

The right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period.

You also have the right to complain to this organisation.

To exercise your rights above please contact the Data Protection Officer or Data Controller via any of the channels provided.

You also have the right to lodge a complaint with a supervisory authority. In this instance the ICO and their contact details are as follows: or call the ICO on 0303 123 1113.

Quick Links for exercising your rights :

  • DPO email Address:
  • DPO phone number: 01905 611 666
  • Controller email address:
  • Controller phone number: 01905 611 666

Data Sources – Where Did You Get My Data?

Any and all data we collect is collected directly from you, the individual.

We may collect further information from publicly available sources such as the Companies House register if we have a legitimate interest to be able to access those sources legally.

Do We Have A Statutory Or Legal Right To Hold This Data?

We have a statutory and/or legal right to hold the data you provide.

See: Your Rights As An Individual In Respect Of The Data We Hold.

Automated Decision Making, Profiling, And What That Means For You

Any and all data we collect is not subject to any automated decision making.  We do not profile you using your data.  Any actions taken by us or our systems are as a direct result of explicit requests or consents you have chosen.

There are no foreseeable consequences of any significance in respect of providing the data or being removed from the records, except that we will not be able to contact you.