Privacy Policy

Last updated: February 2026

ICO Registration

Paul Lawlor is registered with the Information Commissioner's Office (ICO)

Registration: Z9029603

This privacy policy explains how I collect, use, and protect your personal information in compliance with the UK GDPR and Data Protection Act 2018.

1. Introduction

Paul Lawlor ("I", "me", or "my") is committed to protecting your privacy and respecting your personal data. This privacy policy explains how I collect, use, disclose, and safeguard your information when you visit my website or use my services.

I am a chartered accountant providing accountancy services and charity independent examinations. I take my data protection obligations seriously and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information I Collect

I only collect information that is necessary for providing my professional services and responding to your enquiries.

2.1 Information You Provide

When you contact me through my website, I may collect:

Name – to address you properly
Email address or phone number – to respond to your enquiry
Message content – to understand your needs and provide appropriate services

2.2 Information Collected Automatically

Like most websites, my hosting provider may collect technical information such as:

IP address
Browser type and version
Operating system
Referring website
Pages visited and time spent on pages

This information is used for website maintenance, security, and statistical analysis to improve the service. I do not use tracking cookies for marketing purposes.

3. How I Use Your Information

I only use your personal data for legitimate business purposes. The legal basis for processing your information depends on how you interact with me.

                Legal Bases for Processing
                Contractual Necessity – when you engage my services, I need your data to fulfil our contract
Legitimate Interests – responding to enquiries and maintaining professional communications
Legal Obligation – complying with accounting, tax, and anti-money laundering regulations
Consent – when you explicitly consent to data processing through my website forms

            

3.1 Specific Purposes

I use your information to:

Respond to your enquiries and provide quotes
Deliver professional accountancy and charity examination services
Maintain accurate financial and client records
Comply with legal and regulatory obligations (e.g., HMRC, Charity Commission, Anti-Money Laundering)
Communicate with you about services you have requested
Improve my website and services

4. Data Sharing and Disclosure

I respect your privacy and will not sell, rent, or trade your personal information. However, I may need to share your information in specific circumstances:

Marketing and Lead Management Partner

Paul Lawlor FCA works with CC32 Services Ltd as our marketing and lead management partner. CC32 Services Ltd processes website analytics and advertising data on our behalf to help us reach charities that may benefit from our independent examination services.

Data Controller: Paul Lawlor FCA remains the data controller for your information.

Data Processor: CC32 Services Ltd acts as a data processor under our instructions, processing data only for the specific purposes outlined in this policy.

For more details about CC32 Services Ltd, please visit cc32.uk

4.1 When Sharing May Occur

Professional Advisors – with your accountant, solicitor, or other professional advisors (with your consent)
Regulatory Bodies – when required by law (HMRC, Charity Commission, ICO, professional bodies)
Legal Requirements – to comply with court orders, legal proceedings, or anti-money laundering checks
Service Providers – with IT hosting, email, or other essential service providers under strict confidentiality agreements

I will only share your information when necessary and will take appropriate steps to ensure your data remains protected.

5. Data Retention

I retain your personal information only for as long as necessary for the purposes outlined in this policy.

5.1 Retention Periods

Enquiry Data – retained for 2 years from last contact if no engagement occurs
Client Records – retained for at least 6 years after the end of our professional engagement (in accordance with HMRC requirements and professional guidelines)
Charity Examination Records – retained for 7 years in accordance with Charity Commission guidance
Website Analytics – anonymous data may be retained indefinitely for statistical purposes

After the retention period expires, your data will be securely deleted or anonymised unless I am required by law to retain it longer.

6. Your Data Protection Rights

Under UK GDPR, you have certain rights regarding your personal information. These rights include:

                Your Rights
                Right to be Informed – you have the right to know how I use your data (this policy)
Right of Access – you can request a copy of your personal data
Right to Rectification – you can request correction of inaccurate or incomplete data
Right to Erasure – you can request deletion of your data (subject to legal obligations)
Right to Restrict Processing – you can request I limit how I use your data
Right to Data Portability – you can request your data in a machine-readable format
Right to Object – you can object to certain processing activities
Rights Related to Automated Decision-Making – I do not use automated decision-making or profiling

            

6.1 How to Exercise Your Rights

To exercise any of these rights, please contact me using the details below. I will respond to your request within one month (or up to three months for complex requests). I will not charge for accessing your data unless the request is manifestly unfounded or excessive.

7. Data Security

I take appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing, accidental loss, destruction, or damage.

7.1 Security Measures

Secure password protection for digital records
Encrypted communications where appropriate
Secure physical storage for paper records
Regular security updates and backups
Staff training on data protection (if applicable)
Confidentiality agreements with any third parties who handle your data

Despite my best efforts, no method of transmission over the internet is 100% secure. While I strive to protect your data, I cannot guarantee absolute security.

8. Cookies and Tracking

My website uses cookies and similar technologies to enhance your browsing experience and understand how the website is used.

8.1 Google Analytics

My website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to collect information about how visitors use my website, including:

Pages visited and time spent on pages
Browser type and version
Operating system
Referring website
Approximate geographic location (based on IP address)

Google Analytics collects this information anonymously. No personally identifiable information is collected unless you explicitly provide it (e.g., through the contact form).

8.2 How Google Uses Your Data

Google processes the data collected by Google Analytics to:

Analyze website traffic and usage patterns
Provide reports and statistics on website performance
Improve the website and user experience

Google may also transfer this data to third parties where required by law, or where such third parties process the data on Google's behalf. Google does not associate your IP address with any other data held by Google.

8.3 Your Cookie Choices

Cookie Consent Banner: When you first visit my website, you will see a cookie consent banner asking you to accept the use of Google Analytics cookies. You can:

Accept – Allow Google Analytics cookies to help improve the website
Decline – Opt-out of Google Analytics cookies (the website will still function)
Change your mind – You can update your cookie preferences at any time using the cookie settings link in the footer

Browser Settings: You can also control or delete cookies through your browser settings. However, doing so may affect website functionality.

8.4 Opting Out of Google Analytics

You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. This add-on prevents your data from being collected by Google Analytics on any website you visit.

For more information about Google Analytics and privacy, please visit:

8.5 Essential Cookies

In addition to Google Analytics, my website may use essential cookies that are necessary for the website to function properly. These cookies do not collect personal information and are used for:

Remembering your cookie preferences
Maintaining security and preventing fraud
Ensuring smooth website operation

I do not use marketing or advertising tracking cookies. I do not sell your information to third parties for marketing purposes.

9. Third-Party Websites

My website may contain links to third-party websites (e.g., regulatory bodies, professional associations). I am not responsible for the privacy practices or content of these websites. I encourage you to read the privacy policies of any third-party sites you visit.

10. Children's Privacy

My services are not directed to children under 18, and I do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided me with personal information, please contact me, and I will delete such information.

11. Changes to This Privacy Policy

I may update this privacy policy from time to time to reflect changes in my practices, legal requirements, or for other operational reasons. I will notify you of any material changes by:

Posting the new policy on this page
Updating the "Last updated" date at the top of this policy
Emailing you if you are an existing client (for significant changes)

Your continued use of my website or services after the updated policy becomes effective constitutes acceptance of the revised policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or my handling of your personal information, please contact me:

Email paul.lawlor@acharteredaccountant.com

Phone 01322 277 725

Post

65 The Base, Victoria Road
Dartford, DA1 5FS

12.1 Right to Lodge a Complaint

If you believe I have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113
Email: casework@ico.org.uk

Summary

I am committed to protecting your privacy and handling your personal data with care and respect. This privacy policy is designed to be transparent about my data practices and to help you understand your rights. If you have any questions, please don't hesitate to contact me.