Privacy Policy

Thank you for trusting us with some information about you. We take that trust seriously and we want you to know how we use your information and why.



David Harland Limited

Company Registration Number if applicable


Email address

Data Retention Period(s) or the criteria we use to decide how long to keep your information

7 years

If applicable, card and payment processor (3rd party) names and their security policy links

Fiserv.Inc Privacy Notice and privacy rights | Fiserv

Cookie policy

Cookies are little code our website downloads to your device so we can track (anonymously) how visitors move through our site and help you get back to where you last left.

We like to figure out what works and what doesn’t, and keep improving what we do.

We monitor the volume of visitors to our website, how you found us, where you came from and which pages you view when visiting our site.   We do not know who you are unless you contact us and tell us.

If you arrive at our website through a referral from an affiliate, they will use cookies so we can join up the dots and send them a cup of coffee (or equivalent cash) if you decide to buy something from us.

We may use Facebook pixels to figure out what type of person visits our sites and who likes us so we can create advertising that appeals to our visitor and potential clients.

We use google analytics to figure out whether our site is working and to improve problem pages and make your customer journey easier.

None of this results in us contacting you or monitoring you in any personal or individual way – we just like to know who our typical visitor is and what they like.

We also monitor whether you are a client visiting the site again, so we can learn to offer you the support and help you need.

Necessary cookies can only be disabled by changing your browser settings.

The other cookies can be controlled by using the cookie consent pop up on this site. You can change your consent on later visits if you want to.

Please note that by deleting or disabling some cookies, your user experience may be affected, and you might not be able to take advantage of certain functions of our site, including identifying yourself as an existing client.

Third parties we share information with

Acobloom International Private Limited as a data-subprocessor

Do we transfer your data to any organisations/countries outside the EU/UK?


IF YES, is this only to ‘adequate’ countries (check THIS LINK if you are not sure)


IF NO, here is a summary of the safeguards we have put in place

Further information can be obtained from the person responsible for data

We have procured third parties to support us with our financial administration and service provision. Data or Cyber security is of utmost importance to AcoBloom, who have carried out the process of identifying the risk, implementing the security controls to mitigate risk in terms of physical security, Network security, Human resource training and confidentially and work from home security measures. 

Although, as per GDPR regulations as Data controller we continue to be responsible for GDPR compliance, but as data processor or data sub-processor our supplier considers themselves equally responsible for implementing organizational and Data security policies enabling privacy by design and default, demonstrating that data processing at their end is secured and protected enabling data controllers or data processors as applicable to be fully confident about data privacy and security while sharing our client’s data.

Do we use any automated decision making/profiling tools on your data? 

If YES you can get more information on how we do this from the person responsible for data


Person responsible for data within our business:
name and contact information

Deborah Edwards

Our data regulator contact details are:

The data regulators for EU and UK can be found via these links:


Are we obliged to collect ID or finance related data for Anti Money Laundering or other legally required purposes?


IF YES, your ID and Finance Data will only be used for these purposes

Meeting our AML responsibilities

Date this Policy last updated

August 2023


We process information about:

“Prospects” – contacts working at or connected with potential Clients; potential clients

“Clients” – who have bought goods or services from us, and “Client Contacts” who are individuals employed by or contracted to Clients;

“Suppliers”, “Associates” – suppliers or potential suppliers of goods or services to us;

“Affiliates/Referrers” – who have signed up to our affiliate scheme or who have referred Prospects to us;

“Employees” – Our employees if we have any. Employees should refer for data privacy information relating to their own data to their contract of employment.


We promise respectful treatment of the personal information of everyone we have contact with.  We want it to be simple and clear.

This Policy explains how we do that – when and why we collect information, how we use it, the situations when other people can see or use it, and how we keep it secure.

But just to set the scene in case you don’t want to read through all the details just now, we can be clear up front.

We don’t sell, rent or trade email lists with anyone else.

We’ve split this Policy into sections, depending on who you are.

Section A is for everyone and includes information about cookies on our websites.

Section B is for you if you are or work for a business prospect.

If you are a Client or a Client Contact, Section C is for you.

Section D is for you if we have information about you purely because we are providing services to a Client.

And if you’re a supplier, associate or Affiliate/Referrer, Section E is for you.


Whoever you are, our intention is to use your information to make things work smoothly for you in your experience of dealing with us. If that’s not how it turns out for you, please make sure to contact us. It’s best to put things in writing, which you can do by emailing the address above.

We keep this Policy under regular review, and we may revise it as time goes on. Please check back here from time to time to make sure you’ve got the latest information.


We’re committed to protecting your privacy and honouring your legal rights to control how we use your personal data.

We only collect and use personal data when we need to

  • because you have asked us to do something (for example, send you newsletters);
  • so that we can reply to queries or complaints;
  • to develop and manage our business relationships;
  • to help grow our business and fulfil our contracts;
  • to provide services to clients;
  • to calculate payments to associates or Affiliates/Referrers;
  • to meet our legal obligations.

We try to make sure the information we hold is accurate and up to date and is no more than we need to have.


The types of information that we will be processing depend on the nature of our relationship with you.

We may process information about you that you have yourself provided to us or published generally on the internet through social media or on other websites.

In all cases, we will have what identifying and communication information that is relevant and that we can sensibly obtain: that is, your name, email address, employer or business name, job title or position, contact address, social media addresses, and we may also capture some of the information published by you in your social media output to the extent that it may be relevant to our interactions.

If you are or work for a prospect, we will aim to obtain and process information that is relevant to our building a business relationship with you and doing business together, which may relate to your business and your personal interests.

If you are or work for a customer or supplier, we will also keep records of our interactions, the work we have done for you or commissioned from you, the progress of work, and financial and accounting records.

If we are processing information about you purely because we are providing services to others, please see Section D below.  Please note that your rights may be subject to applicable exemptions.

If you have any questions or concerns about our use of your information, or how we have responded to any request about your personal data, please take it up in the first instance by emailing us at the above address.

If we can’t sort it out, the official authority contact details are set out in the form above, and you can raise your concerns with them.


We monitor who opens what in our newsletter lists, and pre-set sequences of information we send you. We do this, so we can see if content is popular and generate more of it, or if it is not read.

There may be sub-routines that trigger if you click on links or articles. These are designed to offer you more information about things you are interested in.

You can unsubscribe from these sequences at any time.

Existing Clients may receive emails about specific offers relating to things you have already purchased. You can unsubscribe from these at any time.

We use automations (little sequences of emails that start when you ask for something in particular) to send you the information you asked for, to send you products you have bought and to administer services you have subscribed to.  A lot of our onboarding for new products is by emails that send you hints and tips and little videos on ‘how to’.   You can unsubscribe from these at any time, but they don’t go on for that long and you might want to wait for all the information as most people find it useful.

We monitor who reads our mailing and automations, how many times, and which links you choose to use and read. We use this information to increase the content’s level of interest and help us improve what we send.  You can remove your information from this monitoring by disabling cookies on your website browser before opening emails from us. From time to time, we contact individual email newsletter subscribers, but it is extremely rare.

We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us.

We ask our own sales and marketing people (both internal and external) to contact Prospects from time to time.   This is normally because you have requested a call, or because we are actively trying to let you know about something you may benefit from. 

We are not a hard sell or cold calling-based organisation but prefer to build long-term relationships with satisfied and relaxed clients.


We have an active presence on social media. If you are using social media they are holding and using your information in accordance with their data privacy policy.

If you ‘like’ any of our posts or ‘follow’ us or contact us on social media we keep a record of that. Your replies to us, messages you send us, and your other activity linked to our posts may be seen by members of our staff and by our associates.  Our contracts with them hold them to high standards of protecting your information.


We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.


Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our Client records, to email, to accounting.

This means that some of your data may be held in the EEA, and some may be held in services in the USA or elsewhere. We have picked mainstream suppliers with appropriate security standards.


We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it.

For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.

Our team use our software to access any data they need.  We do not permit copying or sharing by the team and actively monitor for any potential breaches.

Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.

We restrict who can export or download data that is held to a limited number of individuals who are authorised to back up data.

If you want to know who is on our team, please email and ask us.


Your information will be kept for the length of time set out in our retention period (see Section 1, Table, above).

If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.


If you want to know what information we have about you (if any) email the address above and give us your name, email address(es). We may require you to confirm your identity before proceeding.

Provided we can legitimately disclose the information to you (see Section DSECTION D:  ), we will happily do a search and send you what we have.


You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.

If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services.

You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a Client, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.


Signing onto our newsletter list is by your consent – and when you withdraw your consent we stop that processing of your data.

Apart from that, the information we hold is based on our needing the information to run our business and provide our products and services – either so we can perform our contract with you, or because we have a legitimate business interest in processing your data.

In a few situations we are processing personal data because we are under a legal obligation to do so.  This principally relates to our business, accounting and tax records.


Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our products or services or a relevant contact for our business.

If you sign up to a newsletter list, you will be sent what you asked for.  You can unsubscribe at any time by clicking the unsubscribe button on any email.

You are not automatically subscribed to any other lists but may be invited to join an appropriate one.

If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.

If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period (Section 1, Table, above).

We do not routinely keep special category data. To the extent we hold this, it was supplied or made publicly available by you.


Once you engage with us, we will collect information from you at the point of assignment.

We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

We process your data to support the delivery the services you have bought. We keep records of the services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need


As well as your own personal data, we understand that you may need to provide us with personal data relating to your employees, your workers, or third parties (often your clients or suppliers) – depending on the services we are providing to you.  We hold all such information under strict confidentiality obligations, as set out in our terms of business engagement letter.


Credit card payments are handled by an external secure processor in accordance with their data security policies (see Section 1, Table, above).

We receive limited information from our processor for us to tie up your payment with your invoice.

If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.

We do not routinely keep credit scores nor use credit reference agencies.


David Harland Limited & Harland Accountants (Newquay) Limited act together to provide the engaged services to you as a firm of Accountants, by utilising the same IT environment and software platforms across the group. Within this secure IT environment, personal data will therefore be accessed, transferred and shared between the companies within David Harland Limited and its associates.

David Harland Limited utilises a number of suppliers to provide us with IT and other associated services for the delivery of our business and services to you.  In many cases, the suppliers we use will be granted access to the data we are processing in order to provide us with technical assistance.  Such processing activities are not directly related to our principal services to you and are considered ancillary to our own internal activities.

As a modern and international firm of  Accountants, our staff need to be able to work from anywhere in the world using our IT services. Although your data will be securely stored within our IT environment and the aforementioned cloud solutions at all times, it will from time to time be necessary for our staff to access these systems, both inside and outside of the EEA. 

To assist in providing some of the engaged services to you, David Harland Limited may utilise external subcontractors to process your personal data.  The processing activities which may be undertaken by subcontractors includes, but is not limited to, data entry processing on engaged services, client management and billing.  These subcontractors may operate outside the European Economic Area (‘EEA’) and from countries that do not have laws that provide specific protection for personal information. To minimise the transferring of personal data, these subcontractors are provided direct access to the IT environment and software platform, in which to perform the processing activities.  Appropriate IT security controls are in place at all times and all subcontractors are bound by contracts (e.g. the standard (model) contractual clauses issued by the EU for the transfer of personal data to data processors or data controllers outside the EEA) which require your personal data to be safeguarded and which provide at least the same level of protection for your data as we do.  

David Harland Limited is a member of the ICAEW and ACCA. The other members of these organisations do not have access to your personal data and we will never transfer your personal data to other members of these organisations unless you have specifically requested us to do so. If your personal data does need to be transferred outside the EEA, we ensure appropriate safeguards are in place, via the use of EU standard contractual clauses, to protect your data and data subject rights and freedoms.

By asking us to act as a Data Processor on your behalf you permit us to use EU standard contractual clause agreements with our chosen sub-processors and subcontractors on your behalf.  All such agreements will be in our name and you may enforce rights against the sub-processor(s) directly through us.

Data Security

David Harland Limited has put technological and organisational controls, including policies and procedures, in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Only authorised persons are provided access to personally identifiable information we have collected and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.  Conditions to protect data to at least the same standard as we do are cascaded to all our subcontractors, sub-processors and suppliers. 

We carry out regular monitoring of our security defences to ensure they continue to be effective against the latest threats.

Data transferred over our client portals are protected using encryption technologies to ensure they remain secure.

Please note that no communications over the internet can be guaranteed as secure.  Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit.  Once data reaches your network it is your responsibility to ensure it remains secure. 

Controls put in place by David Harland Limited also apply to all associated companies, including Harland Accountants (Newquay) Limited.


We will act in accordance with your statutory rights, subject to the exclusions and exemptions that may apply.

When we are processing data about you on behalf of a Client, we are operating under the banner of our Client’s data privacy policy. We will refer any enquiry from you to them, as they are the ‘data controller’ responsible for dealing with your query. But we will support that by providing relevant information to our Client for passing to you.

When we are processing data about you because of a direct connection between you and our business we are acting as a ‘data controller’ (and operating under this policy).


If you become a supplier, associate or an Affiliate/Referrer we keep a copy of the contract between us, and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us/our clients along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

This information is all needed to manage our Client relationships and our supply chain.

If we set up an Affiliate/Referrer scheme, Affiliate/Referrer data will be held in accordance with this policy. We will ask you for information when you apply, and that information will be kept to administer the scheme.

If you are a Referrer, we remind you that referrals that you make to us may only be made with the knowledge and consent of the person being referred.


If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.

If we can’t sort it out, the relevant supervisory authority details can be found on the form above.

Scroll to Top