Privacy Policy

Last updated: 07 July 2026 | Version: 2.0

Mouktaris & Co (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share and protect personal data, both through your use of our website mouktaris.webdezign.uk (the “Website”) and in the course of providing our professional services. Please read it carefully.

1. Important information and who we are

Mouktaris & Co is the trading name of Mouktaris & Co Ltd, a company registered in England and Wales under company number 12764019, whose registered office is at 156A Burnt Oak Broadway, Edgware, London, HA8 0AX. We are the “controller” responsible for your personal data. We are registered with the Information Commissioner’s Office (ICO) under registration reference ZB511121.

In this Policy, “Data Protection Legislation” means all law applicable to the processing of personal data, including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), each as amended (including by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 and the Data (Use and Access) Act 2025).

We have not appointed a statutory Data Protection Officer. Our data protection point of contact is responsible for enquiries about this Policy and our use of your personal data. You can contact us by email at [email protected] or by post at the address above.

This Policy supplements, and does not override, any privacy notice contained in our engagement letters or other communications, and should be read together with our Website Terms of Use and our Cookie Policy. The Website is not directed at children and we do not knowingly collect personal data relating to children under 13.

2. The personal data we collect about you

“Personal data” means any information about an individual from whom that person can be identified. We may collect, use, store and transfer the following kinds of personal data, grouped as follows:

  • Identity Data – e.g. title, name, any former names, date of birth, and (where relevant for our services) National Insurance number, Unique Taxpayer Reference and similar identifiers.
  • Contact Data – e.g. postal address, email address and telephone numbers.
  • Financial and Transaction Data – e.g. bank and payment details, tax and accounting information, and details of the services we have provided and amounts payable.
  • Engagement and Correspondence Data – records of our dealings with you, instructions, documents you provide, and our communications.
  • Technical and Usage Data – e.g. IP address, browser type and version, operating system, and information about how you interact with the Website (collected via cookies and similar technologies – see our Cookie Policy).
  • Marketing and Communications Data – your preferences for receiving marketing from us and your communication preferences.
  • Account and Login Data – where you register for or log in to our secure client portal, your username and the credentials and security information associated with your account.

In limited circumstances, principally to meet our legal and regulatory obligations (including anti-money laundering), we may also process special category data and criminal offence data. We only do so where a condition under the Data Protection Legislation applies. We also use aggregated data (such as statistical data) which does not identify you.

3. How we collect your personal data

We collect personal data:

  • Directly from you – when you complete the contact form on our Website, sign up to our newsletter or mailing list, register for or log in to our secure client portal, enquire about or engage our services, or correspond with us by email, telephone or post. For example, our contact form collects your name, email address, telephone number and the details of your enquiry; and our newsletter sign-up collects your name and email address and your consent to receive marketing.
  • Indirectly – from your employer or our client (where you are connected to them), and from third parties or publicly available sources such as Companies House, HMRC, introducers, and your previous adviser.
  • Through anti-money laundering checks – including from electronic identity-verification providers and credit and AML reference agencies where required. These checks may leave a record (“footprint”) on your file and with the provider; they are not a credit application and do not affect your credit rating.
  • Automatically – when you use the Website, through cookies and similar technologies (see our Cookie Policy) and through analytics and similar service providers.

Where you log in to our secure client portal, we collect your login credentials and related security and usage information in order to operate and protect the service. The client portal and any electronic-signature service are provided under separate terms made available to you as part of your engagement, and the way we handle the information you submit through them is dealt with in those terms and in your engagement letter.

4. How and why we use your personal data

The law requires us to have a lawful basis for using your personal data. We rely on one or more of: performance of a contract; compliance with a legal obligation; our legitimate interests (provided these are not overridden by your interests, rights and freedoms); and, where required, your consent. The table below summarises the main ways we use personal data and the lawful basis for each.

Purpose Data used Lawful basis
Respond to enquiries and prepare proposals for our services Identity, Contact, Correspondence Legitimate interests (to respond to enquiries and develop our practice); steps to enter into a contract
Provide our professional services under our engagement (accountancy, tax, audit, probate and advisory) Identity, Contact, Financial, Transaction, Engagement, and where relevant special category / criminal offence data Performance of our contract; legal and regulatory obligations
Meet legal and regulatory obligations, including anti-money laundering identity verification and reporting, and obligations to HMRC, Companies House and our regulator (ICAEW) Identity, Contact, Financial and AML-related data (including criminal offence data) Legal obligation; legitimate interests (preventing fraud and financial crime)
Administer our relationship, including billing, credit control and debt recovery, and notifying you of changes to our terms or policies Identity, Contact, Financial, Transaction Performance of contract; legal obligation; legitimate interests (running our practice and recovering sums due)
Operate, secure and improve the Website Technical, Usage Legitimate interests (keeping the Website available, secure and relevant); consent for non-essential cookies (see Cookie Policy)
Provide access to, and operate the security of, our secure client portal login Identity, Contact, Account and Login, Technical Performance of our contract; legitimate interests (securing access to our systems)
Send marketing about our services and events and seek your feedback Identity, Contact, Marketing and Communications Consent; or legitimate interests where permitted (e.g. existing clients), in each case with a right to opt out
Consider recruitment enquiries and applications Identity, Contact and recruitment information Legitimate interests (to consider you for current or future vacancies); steps to enter into a contract
Handle complaints and disputes and establish, exercise or defend legal claims Relevant data from the categories above Legal obligation; legitimate interests (managing claims)

Marketing

Where we send you marketing by email, we do so on the basis of your consent or, for existing clients in respect of similar services, our legitimate interests (the “soft opt-in”). You can ask us to stop sending marketing at any time using the unsubscribe link in any message or by emailing [email protected]. We will still send you service-related communications that are necessary to administer our relationship.

Anti-money laundering and financial crime

As accountants we are required to take steps to confirm your identity and to guard against money laundering and other financial crime. We may obtain additional personal data about you for this purpose and hold it on your file. Where we are required by law to make a report to the relevant authorities, we may be prohibited from telling you that we have done so.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason. If we need to use your personal data for an unrelated purpose, we will notify you and explain the lawful basis.

5. Sharing your personal data

We may share your personal data, where necessary and in accordance with the law, with:

  • HMRC, Companies House and other government and regulatory bodies;
  • your previous or incoming adviser, a new employer, and counterparties or their advisers where relevant to an engagement;
  • our professional advisers, sub-contractors and service providers – including providers of IT and cloud services, practice management, accounts production, payroll, bookkeeping and identity-verification software, and banking and professional services. We provide them only with the personal data they need and require them to protect it and use it only on our instructions;
  • our regulator, the ICAEW, including in connection with practice assurance, quality monitoring and anti-money laundering supervision;
  • a prospective buyer or successor in the event of a sale or restructuring of our business; and
  • any party where we are required to do so by law, or to prevent fraud, or to establish, exercise or defend legal rights.

We do not sell your personal data, and we do not share it with third parties for their own direct marketing without your consent.

6. International transfers

Some of our service providers process personal data outside the United Kingdom. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection by relying on an appropriate safeguard, namely either a transfer to a country covered by UK adequacy regulations, or the use of the UK’s International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the European Commission’s standard contractual clauses.

If you would like further information about the safeguards we use, please contact us at [email protected].

7. Data security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to those who have a business need to know, and they are subject to a duty of confidentiality. We have procedures to deal with any suspected data breach and will notify you and any applicable regulator where we are legally required to do so.

Where we provide you with, or you choose, a password or other credentials for any secure online service, you are responsible for keeping them confidential. Any secure client portal or electronic-signature service we provide is governed by separate terms made available to you as part of your engagement.

8. How long we keep your personal data

We keep your personal data only for as long as necessary for the purposes for which it was collected, taking into account our legal, regulatory, tax and accounting obligations and the potential need to establish or defend legal claims. In general:

  • where you engage us, we retain your data for approximately seven years after our engagement ends;
  • recruitment enquiries and applications are usually held for about one year; and
  • where you opt out of marketing, we retain a minimal record of your contact details to honour your request.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use it indefinitely without further notice.

9. Your legal rights

Under the Data Protection Legislation you have the right to: request access to your personal data; request correction of inaccurate data; request erasure; object to processing based on our legitimate interests, and to direct marketing at any time; request restriction of processing; request transfer of your data (portability); and, where we rely on consent, withdraw that consent at any time. You also have rights in relation to any automated decision-making and profiling.

Automated decision-making. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

You will not usually have to pay a fee. We may need to confirm your identity before responding. We aim to respond to all legitimate requests within one month; we will let you know if we need longer. To exercise any right, please contact [email protected].

10. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at [email protected] so that we can try to resolve it. You also have the right to complain to the ICO (the UK supervisory authority) at any time:

11. Changes to this Policy and your duty to inform us of changes

We keep this Policy under review and will post any updates on the Website, indicating the date of the most recent revision at the top. It is important that the personal data we hold about you is accurate and current; please let us know if it changes. This Policy was last updated on 7 July 2026.

12. Contact us

If you have any questions about this Policy or wish to exercise your rights, please contact us at [email protected], by post at Mouktaris & Co, 156A Burnt Oak Broadway, Edgware, London, HA8 0AX, or by telephone +44 (0)20 8952 7717.

13. Third-party links

The Website may contain links to third-party websites, plug-ins and applications. We do not control those sites and are not responsible for their privacy practices. When you leave our Website, we encourage you to read the privacy policy of each site you visit.

Scroll to top