Beans Privacy Notice

We are Beans Accountants Limited (Company Registration No. 07057479) and our registered office is at The White House, Greenall’s Avenue, Warrington, WA4 6HL.

We are a Controller for the purpose of the UK General Data Protection Regulation, effective from 1 January 2021.

Our representative for the purpose of data protection compliance is Michael Braun who can be contacted at

For the purpose of this notice “Beans”, “us”, “we” and “our” refer to Beans Accountants Limited.

This Policy was last updated in May 2022.

The purpose of our Privacy Notice

We respect your privacy and your rights to control your personal data (“data”). We will always protect your data, be clear about the data we collect from you and the reasons why. We do not and will not sell your data to third parties.

We will only use your data when the law allows us to, which is usually:

  • Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • Where we need to perform the contract for services we are about to enter into, or have entered into with you;
  • Where we need to comply with a legal or regulatory obligation.

This Privacy Policy (the ‘Policy’) explains the data we collect from you, why we collect it and how we use it. It explains how we protect your data and what the choices you can make about the data we collect.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data, we may not be able to perform the contract we have, or are trying to enter into, with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Please read this Policy carefully.

Types of information we collect, why and how

We will only collect personal data from you that we consider to be necessary in the context and purpose in which it’s given. You may be asked to provide when:

  • Enquiring about Beans and our services;
  • Engaging with Beans;
  • Forming a company;
  • Using our services.


We may also collect personal data from you about someone else. In those cases, you must ensure that you are authorised to disclose that data to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such personal data for the purposes described in this Policy. You must, therefore, take reasonable steps to ensure that the third party concerned is aware of and consents to the various matters detailed in this Policy. Where requested to do so, you must assist us with any requests by the third party to access or update the personal data you have collected from them and provided in connection with our Services.


Enquiring about Beans and our services.

When enquiring about us, you may visit our website or speak to one of our team members, either informally or in a scheduled meeting. If you have asked us to prepare a proposal, we may ask for additional information so we can determine the service that is best for you. On these occasions you may voluntarily provide personal information about yourself.

What we collect? The personal information collected may include full name, phone numbers, home and business addresses, email addresses, business type and income details. We will also collect other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences, purchase enquiry history.

Why do we collect this data? To help make recommendations to you about our services or to follow up your enquiry. We will also use this data to give you access to our business guides and to inform you about events and networking opportunities. Additionally, your IP address helps us to understand geographic information about our website visitors.

How do we collect this data? Data is collected through forms, surveys, email, telephone or in person.


Engaging with Beans

If you agree to engage us for our services, we will ask you for information relating to you and/or your business. The information required will depend on the type of service. You may also be asked to provide information about third parties i.e. additional employees, partners, directors or shareholders. We may also seek your permission to contact external third parties to gain information such as professional clearance.

What do we collect? The personal information collected may include full name, home/business postal address, registered office address, business name/type, phone numbers, email addresses, job title, date of birth, place of birth, title, nationality, marital status, national insurance number, tax codes, HMRC UTR numbers, government-issued identification, including passport numbers, sanction and watch list data, details of any other business involvement including shareholding, payment card information, bank account data, usage data and statistics, connection data, other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences, purchase enquiry and history of services.

Why do we collect this data? We will collect the data to:

  • Verify your identity for legal/regulatory compliance and crime prevention;
  • Carry out our obligations to provide services you’ve engaged us to deliver;
  • Configure your accounting or payroll software correctly;
  • Make sure we provide the right support and advice; and to:
  • Analyse data for management and marketing purposes.

What are the requirements to collect data for legal/regulatory compliance and crime prevention purposes?

As with other professional services firms, we are required to identify our clients for the purposes of the UK anti-money laundering legislation. We may request from you, and retain, such information and documentation as we require for these purposes and/or make searches of appropriate databases. If we are not able to obtain satisfactory evidence of your identity, we will not be able to proceed with the engagement.

Any personal data received from you to comply with our obligations under the Money Laundering, Terrorist Financing and Transfer for Funds (Information on the Payer) Regulations 2017 (MLR 2017) will be processed only for the purposes of preventing money laundering, terrorist financing or proliferation financing. No other use will be made of this personal data unless use of the data is permitted by law or under enactment other than the MLR 2017 or UK GDPR, or we have obtained the consent of the data subject to the proposed use of the data.

How do we collect this data? Data is collected through forms; surveys; email; telephone or by post.


Forming a Ltd company

If you are asking us to form a limited company you will be asked to provide information relating to yourself, the limited company you want to form and related third parties such as additional directors or shareholders.

What do we collect? The personal information collected may include full name, home/business postal address, phone numbers, email addresses; registered office/service address, date of birth, title, nationality, company details, share structure, persons of significant control, authentication data (eg passport number, national insurance number); place of birth, payment card information.

Why do we collect this data? We will collect the data to:

  • Verify your identity for legal/regulatory compliance and crime prevention;
  • Check company name availability and ensure the company is formed correctly with the correct company officers and company information;
  • Provide the right guidance, answer your questions and to complete the transaction.

How: Data is collected through a form with additional information collected by email; or telephone.


Using our services

During the course of your engagement, we may ask you to provide additional information and to keep us informed of any changes to your circumstances or that of your business. You may also require additional services or products.

What do we collect? The type of personal information collected may include changes in marital status, changes of home/business postal address, other sources of income, investment activities, changes to your company structure (eg changes to company officers), usage data and statistics, connection data, other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences, purchase enquiry and history of services provided.

Why do we collect this data? We will collect the data to:

  • Carry out our obligations to provide services you’ve engaged us to deliver;
  • Support you in managing your affairs and to provide the right guidance;
  • Ensure you continue to be engaged to the right service for you;
  • Notify you about changes to our services and make suggestions to you about other services.
  • Updating our client records
  • Analyse data for management and regulatory purpose.


How do we collect this data? Data is collected through forms, surveys, email, telephone, text message, or by post.


How do we use your data

We also use the data we collect to provide you with our services and to communicate with you in the following way:

Providing and enhancing our services

Data is used to provide and improve our services and perform essential business operations. This includes developing new features, research, testing and providing client support.

Regulatory compliance

Data is used to ensure that we comply with relevant regulations and laws. This includes verifying your identity if you engage us to provide services. Verification involves:

(a) a full electoral roll search (your consent is not required for this); and

(b) credit reference agencies placing a search footprint on your electronic file and your data being accessed by third parties for the specific purpose of anti-money laundering, credit assessment, ID verification, debt collection, asset reunification, tracing and fraud prevention.

Security, Safety, and Dispute Resolution

Data is used to protect the security and safety of our services and our clients, to detect and prevent fraud, to resolve disputes and enforce our agreements.

Business Operations

Data is used to run business operations to provide you with our services. We will also perform analyses and profile our user base so we can report on the performance of our business and make informed decisions and improve our services to you.

Communication, Marketing and Advertising

Data is used to communicate with you. We may contact you by email or other means of electronic communication to inform you about our services, invite you to take part in a survey, notify you about promotions, business activities, events and changes to our services. If you become a client, you will also receive service-related communications such as system and service support communications, policy, security or software updates.

We also use cookies and similar technologies to provide the most relevant products and information to you.


When we may share or disclose your data

We do not sell data about our clients. We only share or disclose your data as authorised in this Policy to the following types of third parties:

Suppliers: We work with a variety of third party suppliers to perform services such as website hosting, telephone and email communications. We share your personal data as necessary to complete any transaction or provide services to you. These suppliers work on our behalf for the purposes described in this Policy. We impose contractual obligations on our suppliers to ensure data is secure, protected and treated in accordance with this Policy and we will take all steps reasonably necessary to maintain compliance with these obligations.

Subcontractors: We subcontract elements of its service provision to other parties. We will always ensure that we have appropriate contractual arrangements in place.

Affiliates/Partners: Your information will only be passed to the relevant service provider if you express interest in a third-party service in writing or by talking to a Beans team member. These third parties may then send communications to you and provide information on services that you have expressed an interest in. If, at any time, you wish to opt-out of further communications, please follow the instructions in their marketing communications or consult their own privacy policies for further information about unsubscribing. We do not accept any liability arising from the operation of these third-party privacy policies, so please check these policies carefully prior to activating a service.

Legal/Regulatory Bodies: To the extent that we are duty-bound by any applicable legal or regulatory requirement to cooperate with any competent legal or governmental authority or agency, we shall do so in accordance with applicable law. This may involve disclosure of your personal data and we will have no legal liability for such disclosures. Please note that, depending on circumstances, We may be forbidden from advising you of the fact that your personal data has been disclosed to or requested by such third parties.

Under Section 330 of the Proceeds of Crime Act 2002 we have a duty to report to the Serious Organised Crime Agency (SOCA) if we know, or have reasonable cause to suspect, that you or anyone connected with your business is or has been involved in money laundering. Failure on our part to make a report where we have knowledge, or reasonable grounds for suspicion, would constitute a criminal offence. We are obliged by law to undertake this reporting to SOCA, but are under no obligation to make you aware of this reporting. In fact, we may commit the criminal offence of “tipping off” under Section 333 of the Proceeds of Crime Act 2002 if we were to inform you that a report had been made. In this situation neither our directors nor our staff may enter into any correspondence or discussions with you regarding such matters.

Other Parties: with whom it might be necessary to complete a financial or corporate transaction such as a merger or sale of asset.

How to access and control your data

You can review, edit or delete your personal data by contacting us by email to We will respond to any request to access or delete your personal data as soon as possible, but certainly within 14 days.

Communication, marketing and advertising preferences


After you have signed up for our services you will receive service-related emails from us, which are necessary to enable us to provide our services. We may also communicate with you from time to time by SMS text message, but will only use this to alert of you of significant information about our services. We will not use SMS text message for marketing purposes. If you do not wish to receive SMS text messages please email us at or advise by phone.

You will always have the ability to opt-out of receiving non-service related messages. You can also ask to opt-out of having personal identifiable information used for certain purposes, including promotional communications and newsletters. You can exercise your right to prevent such processing by following the opt-out instructions, on the emails we use to communicate with you collect your data. You can also exercise the right at any time by contacting us at We will respect your choice, and we will stop sending you non-service related emails once you unsubscribe or update your preferences. It may take up to 14 days to process your request.


Cookies and Other Similar Technologies

A ‘cookie’ is a small data file that is sent to your computer’s cookie file when you visit a website. When you visit the website again the cookie allows that site to recognise your browser. A cookie will not give us access to your computer or any information about you other than the data you choose to share with us.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

When you visit our website you can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website. You can learn about how to control cookie settings on popular web browsers, by visiting:

Google Chrome
Internet Explorer

Marketing and Advertising

We use several marketing tools in support of our advertising efforts.

In accordance with the Digital Advertising Alliance Principles, we may work with third party advertisers that use cookies and similar technologies to provide more relevant advertising about our services on our website and across the internet. To provide this ‘interest-based advertising’, the parties combine non-personal data about your online activities acquired over time which helps cater advertising that we deliver to you.

Examples of this may include a Beans advertisement on a Facebook page, or a Google-owned page such as a search results page. We do not share your data as part of this process.

If you wish to opt-out of interest-based advertising, click here.

If you have opted out of receiving communications from us, we will not use your email for interest-based advertising, although you may still be subject to certain interest-based advertising depending upon your browser and device settings.

Links to other websites

Our websites may contain links to other websites of interest. However, once you have used these links to leave our site you should note that we do not have any control over that website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statements applicable to those websites.

Where we store and process data

By submitting your personal data, you agree to its transfer, storing and processing.

Some of our third-party service providers are based outside the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

If you access our services outside the EEA, it shall be your responsibility to ensure that any access outside of the EEA which results in a transfer of personal data complies with the provisions of the Data Protection Legislation. You should only do so in a secure environment which means that your browser must support the encryption security used in connection with our services.


How we secure your information

We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data. Most personal data is stored electronically on servers or computer systems with controlled access and controlled environments. Other personal data may be kept in paper form within our office, although copies are securely destroyed after use and they have been scanned into computer systems.

While no service is completely secure, we have put in place appropriate security measures to prevent personal data loss, theft, misuse and unauthorised access, disclosure, alteration and destruction or other such incidents that might affect the security of your personal data.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


If you have engaged to become as a client, we will provide you with a secure environment to provide your records electronically, approve documents and to retrieve reports. These systems can be accessed with your individual user login and password. To protect the confidentiality of data, you must keep your password confidential and not disclose it to any other person. Please alert us immediately if you believe your password has been misused. Additionally, always logout and close your browser when you finish your session, especially if you’re on a public computer. You are ultimately responsible for administering and safeguarding any passwords or memorable words created to control access. Please note, we will never ask you to disclose your password in an unsolicited phone call or email.

We cannot guarantee the security of your personal data while it is being transmitted to us if you don’t enter or import it from a secure environment or secure mobile device.

Where any suspected personal data breach has occurred, we will notify you and any applicable regulator of a breach where we are legally required to do so.


If you have any questions about the security of your data, you can contact us at

Our retention of your information

We retain personal data for as long as necessary to provide our services or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly.

For example, the default standard retention period for accounting records is six years plus current, otherwise known as six years + one. This is defined as six years after the last entry in a record followed by first review and/or destruction to be carried out in the additional current (+ one) accounting year.

We are required to retain the identification received from you to comply with our obligations under the Money Laundering, Terrorist Financing and Transfer for Funds (Information on the Payer) Regulations 2017 (MLR 2017) verification for 5 years after any business relationship or transaction has ended. We have procedures in place to ensure these details are retained and destroyed securely.

If we need to alter, restrict processing of your data, or remove your data we will inform you.

Your rights

You can find detailed information about your rights under Data Protection legislation on the UK Information Commissioner’s website at

You have the right to withdraw consent, at any time and you may always opt not to disclose certain data, but that may impede our ability to provide our services, or it may mean you will not be able to access certain services.

You have:

  • The right to be informed– You have the right to obtain confirmation whether your personal data is being processed by Beans or a third party processor. Through this Policy we explain the data we may gather, how it is used and why.
  • The right of access– You have the right to access personal data we hold about you. You can make a request for access to the data we hold about you by emailing

There is no charge for this service. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive and we may also charge a reasonable fee to comply with requests for further copies of the same information.

We will provide copies of the personal data we hold about you without delay and at the latest within one month of receipt. The period of time for response may be extended by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why.

  • The right to rectification– You have the right to your personal data being corrected if it is inaccurate or incomplete. If you think your personal data needs to be corrected email
  • The right to erasure(also known as the right to be forgotten). You can withdraw your consent and request the deletion or removal of your personal data. We have in place processes to regularly review the data we hold and ensure that it is removed when it is no longer appropriate to hold it. However if you wish to make a request for your personal data to be removed, you can do this by emailing
  • The right to restrict processing. Under certain specific circumstances, such as when you contest the accuracy of your personal data, you have a right to ‘block’ or suppress processing of personal data. If this is requested we are permitted to store your personal data, but not further process it. In the unlikely event that you wish to restrict processing you can do this by emailing
  • The right to data portability. You have the right to data portability allowing you to obtain and reuse your personal data for your own purposes across different services. To allow you to move, copy or transfer personal data easily please contact your Beans Accountant or email
  • The right to object. You have the right to object to:
    • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • direct marketing; and
    • processing for purposes of scientific/historical research and statistics.

In relation to Beans, only the direct marketing ground is applicable. If you wish to object to Beans direct marketing please email

  • Rights in relation to profiling and automated decision making.

We do not intend to use automated decision making in relation to your personal data.

If you exercise any of your rights and your personal data has been shared with third parties, we will notify the third parties that you are exercising your rights as relevant to them.

If you wish to complain about our handling of your personal data, please contact our Data Protection Officer, providing full details of your complaint and including any relevant documentation, by:

  • email; or
  • letter to the Data Protection Officer, Beans Accountants Ltd, The White House, Greenall’s Avenue, Warrington, WA4 6HL.

You have the right to lodge a complaint with the Information Commissioner Officer, details of how to do this are given at their website:

Changes to our Policy

Our Privacy notice may be updated at any time, so please check it regularly. We may for example change the way we process your information or there may be a change in law. Visiting our website and/or using our services after any modification to this Policy will constitute your acceptance of such modification and updates. The date of the most recent update of this policy is shown at the top of the Notice.

If we make significant changes to this notice then we will show this clearly on our website.

Privacy Policy