Introduction
Canmore Group Ltd ("Canmore", "we", "us" or "our") is committed to protecting the privacy and security of personal data.
This Privacy Notice explains how we collect, use, store and protect personal data when providing accounting, bookkeeping, taxation, payroll, advisory and related professional services.
We are the data controller for the purposes of UK data protection legislation, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
Who We Are
If you have any questions about this Privacy Notice or how we process personal data, please contact us:
The Information We Collect
We may collect and process the following categories of personal data:
Identity Information
- Name
- Date of birth
- Nationality
- Passport details
- Driving licence details
- Other identification documents
Contact Information
- Residential address
- Business address
- Email address
- Telephone number
Financial Information
- Bank account details
- Accounting records
- Payroll information
- Tax information
- Income and expenditure records
Business Information
- Company details
- Shareholding information
- Director and officer details
- Beneficial ownership information
Compliance Information
- Anti-money laundering verification records
- Sanctions screening results
- Know-your-client documentation
Technical Information
When visiting our website, we may collect:
- IP address
- Browser type and version
- Device information
- Website usage data
How We Collect Personal Data
We collect personal data:
- Directly from clients and prospective clients
- From directors, shareholders, employees and authorised representatives
- From previous professional advisers where authorised
- From HM Revenue & Customs, Companies House and other government bodies
- From identity verification and anti-money laundering providers
- From publicly available sources
How We Use Personal Data
We use personal data to:
- Provide professional accounting and tax services
- Prepare accounts, tax returns and other statutory filings
- Process payroll and CIS services
- Communicate with clients and regulatory authorities
- Conduct anti-money laundering and identity verification checks
- Comply with legal and regulatory obligations
- Manage our business and professional relationships
- Defend or establish legal claims
- Improve our services and website
Lawful Bases for Processing
We process personal data on one or more of the following lawful bases:
Performance of a Contract
Where processing is necessary to provide services requested by a client.
Legal Obligation
Where processing is required to comply with legal or regulatory obligations, including:
- Anti-Money Laundering Regulations
- Tax legislation
- Companies Act requirements
- Professional and regulatory obligations
Legitimate Interests
Where processing is necessary for our legitimate business interests and those interests are not overridden by individual rights and freedoms.
Consent
Where consent is required by law, we will obtain it before processing personal data.
Anti-Money Laundering Requirements
As an accountancy service provider, we are legally required to conduct customer due diligence and anti-money laundering checks before commencing work and periodically throughout our engagement.
This may include:
- Verifying identity
- Verifying address details
- Verifying beneficial ownership
- Screening against sanctions lists
- Assessing money laundering risk
We may use third-party providers to carry out these checks. Failure to provide requested information may prevent us from acting for you.
Disclosure of Personal Data
We may disclose personal data to:
- HM Revenue & Customs
- Companies House
- Professional advisers
- Regulatory bodies
- Anti-money laundering verification providers
- Cloud software providers
- IT support providers
- Legal advisers
- Courts and law enforcement agencies where required
We do not sell personal data to third parties.
International Transfers
Where personal data is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
Data Security
We implement appropriate technical and organisational measures designed to protect personal data against:
- Unauthorised access
- Loss
- Misuse
- Alteration
- Disclosure
- Destruction
Access to personal data is limited to those who have a legitimate business need to know.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
In most cases, client records will be retained for a minimum period of six years following the end of our professional relationship, although longer retention periods may apply where required by law, regulation or legitimate business needs.
Your Rights
Under UK data protection legislation, individuals may have the right to:
- Access personal data
- Request correction of inaccurate data
- Request erasure of personal data
- Restrict processing
- Object to processing
- Request transfer of personal data
- Withdraw consent where processing is based on consent
These rights are subject to certain legal limitations and exemptions. Requests should be submitted to privacy@canmore.group.
Complaints
If you have concerns regarding our handling of personal data, please contact us at privacy@canmore.group in the first instance.
You also have the right to complain to the Information Commissioner's Office (ICO):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Changes to this Privacy Notice
We may update this Privacy Notice from time to time. Any changes will be published on our website and will take effect from the date of publication.
Last Updated: 1 January 2026