02087718661 ts@thorntonspringer.co.uk

Privacy Statement and Cookie Policy


Privacy Policy


Thornton Springer's Group of Companies is a firm of chartered accountants and business advisers who are bound by our professional body’s relevant professional codes and regulations, including client confidentiality and the protection of client data.


We have adopted a risk-based approach to data protection, whereby our policies and procedures only cover those areas which apply to our use of personal information.


This privacy policy explains how we use any personal information we collect about you when you use our services.


It is your responsibility to share this policy with your employees whose information we hold as part of our service to you.




- What information do we collect?

- How do we collect your information?

- How do we use your personal information?

- Who we share your personal information with.

- How long we keep your information.

- Transferring your information overseas.

- Marketing.

- Updating, correcting and accessing your personal information.

- Security.

- Communication with you via email.

- Changes to our privacy policy.


What information do we collect?


We collect only the information necessary to perform the services that you have requested from us as agreed in the signed engagement letter.


The information we collect may include:

Your name, date of birth, NI number, passport number, address, email address, telephone number, job title, personal financial details and any other information we need in order to provide you with the services you require from us.


In some circumstances depending on the service we are providing to you, we may need more sensitive personal data like information about your physical or mental health, the commission or alleged commission of any offence by you, any proceedings for an offence committed or alleged offence committed by you, your membership of a Trade Union, etc.


You do not have to provide us with any personal information and you may at any time ask us to restrict or stop processing the personal information which you have supplied to us.


If however you decide not to supply us with the personal information we require or to restrict or stop us from further processing your personal information, we may not be able to provide you with the services that you have requested us to do.


How do we collect your information?


We collect your personal information directly from you or a third party acting under your instruction or on your behalf.


We collect your information in line with relevant regulations and law. This may relate to any of our services you apply for, currently use or have used in the past.


Where we perform payroll services for your company, we usually collect employee information that you as the employer make available to us. We only collect employee information to the extent that is needed in order to perform the services you require from us.


How do we use your personal information?


We use the personal information you give us to perform services that you request from us. These services are stipulated in the letter of engagement that you agree to.


We cannot do any processing outside of the engagement letter without separate instruction from you.


We have no automated decision-making procedures in place. All decision-making is done by actual people.


Who we share your personal information with


We may share your information with third parties in order to provide our agreed service to you. These third parties include, but are not restricted to HM Revenue & Customs for taxation purposes, Companies House, pension companies regarding auto-enrolment, credit and identity check agencies as part of law enforcement and our regulators and supervisory authorities like the Financial Conduct Authorities (FCA) and The Institute of Chartered Accountants in England and Wales (ICAEW).


You may request that we share your personal information with a specific third party.


How long we keep your information


We may keep your information for as long as you have a relationship with us. After the relationship ends, we continue to keep it only where we may need it for our legitimate purposes e.g. our legal obligation under HMRC or responding to requests from regulators.


You may at any time request from us to destroy your personal information before or after the end of your relationship with us. Keep in mind that we will no longer be able to supply the services you requested from us once your personal information has been destroyed. We can only comply with this request where there is no overriding legal obligation that we are bound by.


Documents and records relevant to your tax affairs are required by law to be retained for a period of 6 years.


Although certain documents may legally belong to you, we may destroy correspondence and other papers that we store electronically or otherwise that are more than six years old, except documents we think may be of continuing significance.


You have a legal responsibility to retain documents and records relevant to your financial affairs, so we will return any original documents to you if requested.


Transferring your information overseas


We may export personal information you supply to us outside the EU/EEA/UK for the purposes of storage and data processing as we do not have control over the location where certain cloud based accounting and other systems store data. We will ensure all such information exports is compliant with relevant data protection legislation. Where cloud based services are to be used you may be subject to cloud services terms and conditions.




Generally we do not send any marketing information to you unless you registered on our website where you have explicitly selected to receive marketing and other information from us.


If you are registered on our website you may change your personal preferences regarding the information you receive from us, at any time. It is your responsibility to review and update these preferences on your profile.


Updating, correcting and accessing your personal information.


It is your responsibility to make sure the personal information we have is up to date and accurate at all times. You can update or correct your personal information at any time by informing us to do so and supplying us with the corrections and updates.


At any point in time you may access your data and supplementary information that is in our possession. We will do our best to provide your personal information to you within 30 days at no charge.


You may at any time ask us to restrict or stop processing your personal information in order to update or correct the information. Keep in mind that such an action may prevent us from performing the service that you have requested from us.




We follow strict security procedures (including appropriate technical and organisational measures) regarding the storage and disclosure of your personal information to safeguard against unauthorised or unlawful processing, destruction, damage, access or loss. We store electronic information you provide to us on secure servers and take appropriate measures to ensure that information disclosed to us is kept accurate and safe.


Physical paperwork is stored on our premises where we have put appropriate security measures in place to ensure the safety of your personal information. These measures include a state of the art security system, key code access, etc.


Security relating to your use of our website is contained in a separate Privacy Notice on the website itself under the Privacy Statement. You can find our web address in this document under ‘Changes to our privacy policy’.


All our security measures are reviewed and updated on a regular basis.


Communication with you via email


Communicating with you via email has always involved risk. There is a risk that emails sent over the internet may be intercepted, there is no guarantee that an email received over an insecure network has not been altered during transit and attachments could contain a virus or malicious code.


You may prefer that we discontinue using emails for communication and information exchange with you. If so, we are happy to respond by an alternative method. We will agree this with you in person, by telephone or in writing via post.


Keep in mind that such an action could prevent us from performing the service that you have requested from us effectively and efficiently.


Changes to our privacy policy


We keep our privacy policy under regular review and we will place any updates to this policy on our web page. This privacy policy was last updated in 2018.


Our website policy follows below:


Our Privacy Statement

This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.


Information about us

We are Thornton Springer
67 Westow Street London SE19 3RW United Kingdom
VAT No 220 1247 28 Company Registration No OC311705 Registered in England and Wales

For more information, please see our “contact us” page and/or the footer of this website.

This Website is designed and hosted on behalf of Thornton Springer by PracticeWEB a trading division of Sift Media Limited (company registration number 05923499) a subsidiary of Sift Limited (company registration number 03230061) who provide some of the information which is on this Website. This Website may have links to another website hosted by Sift Limited ("Sift Website") which enables you to access third party services.

In these terms and conditions: "Sift Limited" means Sift Limited (company registration number 03230061) whose registered office is is Charlotte Place, Queen Charlotte Street, Bristol, BS1 4EX and any company which is at the relevant time a subsidiary or holding company of Sift Limited and any subsidiary of any such holding company (and “subsidiary” and “holding company” shall have the meanings set out in sections 736 and 736A of the Companies Act 1985).

Your Data

What we collect

We do not collect any personal information about website users other than:

  • information provided by Users when completing forms on the website including but not limited to the contact and website registration form.
  • that facilitated by the use of "cookie" technology. "Cookies" are designed to enhance your online visit and permit you to access the full service within the website.

How we collect your data

Each time you visit our site or interact with the emails we send to you, we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, operating system and platform.
  • information about your visit, including the URL clickstream to, through and from our site (including date and time); pages, resources and/or products you viewed or searched for; page response times, errors, length of visits to certain pages, page interaction, and methods used to browse away from the page.
  • information about your interaction with our emails, including whether you have opened the email, the number of times the email is accessed, and your interaction with email content including the links you have clicked.

We may also build a picture of your digital data profile, by taking information on you from public sources, such as your publicly available social media information and other third party sources such as Companies House. We do this to help us direct more targeted information and content to you.

Data from other sources

We may receive information about you if you use any of the other websites we or any of our group companies operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We also receive information about you from third party telemarketing companies. We or our partners will only contact you where you have given the telemarketing companies your consent for us to do so.

Using your data

We may process your data because:

  • we are legally obliged to e.g. to confirm your identity.
  • the processing is necessary for the performance of the contract with you to provide our services; or
  • it is in ours or a third party’s legitimate interests to do so.

In some instances, we will rely on your consent to process personal data and when we do this, it will be flagged to you at the time.

If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Data security & storage

This website takes every precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and offline, with the data being stored on secure servers located within the European Economic Area (“EEA”). There are technological and operational security systems in place that provide protection for personally identifiable information from loss or misuse.

When our registration form asks users to enter information, that information is encrypted and is protected with the best encryption software in the industry – SSL.

Our primary hosting provider is certified to ISO 27001 . This family of standards helps us manage your information and keep it safe and secure.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

If you have any questions about the security at our website, you can send an email to ts@thorntonspringer.co.uk.


We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements.


Thornton Springer would like to send you information about products and services of ours that we think you may like. If you have agreed to receiving marketing, you may always opt out at a later date.

You have the right at any time to stop Thornton Springer from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please send an email to ts@thorntonspringer.co.uk.

Your data protection rights

Thornton Springer would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Thornton Springer for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that Thornton Springer correct any information you believe is inaccurate. You also have the right to request Thornton Springer to complete the information you believe is incomplete.

The right to erasure – You have the right to request that Thornton Springer erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Thornton Springer restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Thornton Springer’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Thornton Springer transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please email ts@thorntonspringer.co.uk.


A cookie is a small text file written to your hard drive that contains information about you. Cookies do not contain any personal information about users.

The website provider Practiceweb uses cookies to personalise your experience of the website. Most web browsers allow you to control how cookies are accepted by adjusting your web browsers settings. If you set up your browser to reject the cookie, you may still use the website.

Services delivered via the website such as video or embedded content from external providers may also place cookies on your machine (computer).

By continuing to use this site you are deemed to be accepting the terms and conditions and consenting to the website placing cookies on your machine (computer) as set out in the Cookies information page.


We do not knowingly collect personal data from anyone under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personal information to us, please contact us at ts@thorntonspringer.co.uk.

Where processing of personal data is based on consent, if we learn that this data belongs to someone under the age of 13, we will cease processing and will take reasonable measures to delete the applicable information from our records, unless the consent is provided by a parent or guardian.

Privacy policies on other websites

Where links are provided to other websites it should be noted that they are not and cannot be governed by our privacy statement. We cannot guarantee your privacy when you access other websites, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

If we decide to change our privacy policy, we will post those changes on this page so our users are always aware of the information we collect and how we use it.

This privacy policy was last updated on the 30th of September 2021.

How to contact us

If you have any questions about our company’s privacy policy, please do not hesitate to contact us:

Contacting appropriate authorities

Should you wish to report a complaint or if you feel that our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office. Details are available here https://ico.org.uk/global/contact-us.

Notices and disclaimers

These disclaimers also extend the above rights to our website provider www.practiceweb.co.uk – see service agreement, terms and conditions