Under UK Data Protection law, we are required to explain to you what personal data we collect and what we do with it.

We are also encouraged to keep our privacy statement concise and in plain English


We have issued newsletters on an e-mailing list since about 2006.

From the outset the newsletter was “opt in” – you only get it if you want it and there is an unsubscribe button if you don’t want it anymore.  The data is kept in a separate package from all other personal data, is managed and accessed by one team member, and has never and will never be used for anything other than sending out our newsletters.

This is the only information we use for marketing purposes.  We share it with no-one (except the Information Commissioners if they wish to see it).


Social media is exempt from GDPR.  Nevertheless, we do not interfere in any way with the information “collected”, we do not use it for separate campaigns of any sort, and all that we do is issue newsletters, opinion, share articles and provide updates on our firm, including job vacancies and new arrivals.  We do not knowingly share the personal information with anyone.


Social media is exempt from GDPR.  Nevertheless, we do not interfere in any way with the information collected, we do not use it for separate campaigns of any sort, and all that we do is issue newsletters, and share articles, opinion and updates on our firm.  We do not knowingly share the personal information with anyone although we now know Facebook may well do so.

Anti-money laundering (“AML”)

AML requirements are exempt from GDPR.  We do collect information from commercial providers of identity information on all clients, and we keep it up to date, as we are required to do by law.  We are required to keep a record of the information and within that maintain a classification as to the risk we think that our individual client represents in accordance with the AML legal requirements.

We are required by law to keep the information confidential, which we do.  However, we are supervised by the Chartered Institute of Taxation for anti-money laundering purposes, and we may be required to show them the records we keep.  It is also possible that the National Crime Agency may seek access to the records.  We do not share the information with anyone else.


We are required by law to maintain records for GDPR purposes.  The key content, apart from some of your personal data, is your acceptance of our privacy policy, which for clients is indicated by the signing of the contract between us (the engagement letter) or else the opt in on the newsletter (where clients choose to receive the newsletter), and for other newsletter recipients, their opt in.

Our clients

Communication between us and our clients is confidential, and we take all reasonable steps to keep confidential your information except where we are required to disclose it by law, by regulatory bodies, by our insurers or as part of an external peer review. Unless we are authorised by you to disclose information on your behalf this undertaking applies during and after our engagement.

We may, on occasion, subcontract work on your affairs to other tax or accounting professionals or seek counsel’s opinion. The subcontractors and counsel will be bound by our client confidentiality terms.

Clients – Data Protection law and the collection of personal data

We confirm that we comply with the provisions of the UK Data Protection legislation when processing personal data about you and your family. In order to carry out our services to our clients and for related purposes such as updating and enhancing our client records, analysis for management purposes and statutory returns, legal and regulatory compliance and crime prevention we may obtain, process, use and disclose personal data about you.

We gather personal data on our clients such as is necessary to comply with Anti-Money laundering legislation, professional rules and regulations, for contractual purposes, our own business purposes (principally so that we can send you a bill) and for the work which we do.  Tax work, especially tax investigation work, involves having access to your personal data – we cannot do the work you engage us to do without it.  But we only use it for the job you have asked us to do.

How we collect information and where we store it

As a rule, where we can we collect information electronically, and otherwise we scan the information you give us and then either destroy the hard copy and securely dispose of it, or else return it to you.  Scanned and electronic information is retained on “the cloud” in environments which we are assured are both secure and GDPR compliant.  We constantly review online security.

We retain very little paper at all.  In the main we work on screen in password protected and, where it is available, encrypted packages.  Sometimes we cannot avoid printing something out to work on it.  The hard copies are retained securely by the individual consultant.

In tax litigation, large quantities of paper are generated and used within the litigation process (in this I include ADR).  We only print off what we need or what has been required by the tax Tribunal.  We maintain an electronic copy of all bundles and securely destroy paper copies following the hearing.  We are always looking for an opportunity to have a paperless hearing -it hasn’t happened.

Our office building is alarmed with electronically protected entrances.  Our office within the building remains locked when staff are not present and is alarmed.  Our largely empty filing cabinets are locked whenever the office is not occupied.

Who else has access to your data?

Our client data is between us and the taxman.  Strictly the Chartered Institute of Taxation as our money laundering supervisor could see some of it, and the Information Commissioners Office could see some of it.  If either event happens, we will take advice before releasing information.

We will only disclose your personal information where we are required to disclose it by law, by regulatory bodies, by our insurers or as part of an external peer review.  There are exceptions, being in the extremely rare event where we must take a client to court for non-payment of fees and if we either need to defend ourselves in the courts or else to take a civil action other than for non-payment of fees in the courts.

Data Controller

This is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files.

Steve Botham CTA MAAT MIEx
Covertax Chartered Tax Advisers
number three
Siskin Drive
Middlemarch Business Park

Telephone: 0845 643 5450

Data Processors

The ‘data processor’ is the natural or legal person, public authority, agency or other body, which processes personal data on behalf of the data controller.

Every member of staff is a data processor whether by communicating with HMRC or by entering your details onto our Practice Management System (for example).

Omissions or clarification

If you believe that we have omitted anything, or that something requires clarification, please contact us and we will address it.


As a firm of tax consultants, privacy has always been important to us and client confidentiality has always been at the heart of our contract with clients.

We do not disclose to anyone who our clients are, other than when we are required to by law, not even in our newsletters.  We do not use clients’ information in any form of sales or marketing material.  If we are ever asked for a reference, we always contact the potential referee first for their permission.

Last updated: 18 April 2018