Privacy Notice

This information is our privacy notice. It explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.

The most important fact is that it’s your personal data. We have complete respect for your rights and we will only use your data where necessary to deliver our services to you or your employer, or to keep you up to date about developments in our products.


Information about the data controller

The data controller is LEO Bookkeeping Services, Suite 5, The Works, 6 West Street, Olney, MK46 5HR. Our registration number with the Information Commissioner’s Office is ZA248129

If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at [email protected]


The purpose and lawful basis for processing your personal data

We use information for a few different purposes and these each have a different lawful basis. This describes these in detail:

  • If you are an existing LEO Bookkeeping Services customer, we hold your name and contact details as we have a contractual obligation to deliver services to you. We need your contact details to deliver our services (such as send you update emails when you need to take actions, send you invoices and so on.) We also hold copies of identification, and details such as NI number, because we have a legal obligation to carry out due diligence checks under the Anti Money Laundering rules. Other details such as company number, UTR and VAT number are under legitimate interest and contractual obligations as without these we cannot do our job. We will hold your information for six years from the end of our contract for legal records.
  • If you are a previous LEO Bookkeeping Services customer, in the following period of six years since the end of your contract we may need to contact you about invoices or if we are asked to provide information for legal reasons.
  • If you are an employee of (or temporary or associate worker at) an existing LEO Bookkeeping Services customer, you should note that we have most likely been given your personal data by your employer, we may not have collected it from you directly. We hold your name, contact details, Date of Birth, NI number and tax code so that we can process your payroll accurately and report your earnings accurately to HMRC. We have a legal obligation and legitimate interest in being able to use your information in this way. Without this information your employer would be unable to pay you. We will hold your personal information for six years from the expiry of your employer’s contract, for legal reasons.
  • If you are a supplier associated with LEO Bookkeeping Services field of work, we will hold your contact details because we have a legal requirement to hold financial details for 6 years. We would also hold bank details in order to pay our invoices.
  • If you contacted us for information about our services by email or through the contact page on our website, we will hold your name, email address and phone number (If supplied) in our database for 1 year. This helps us to track leads and respond to your enquiry. We will not send you marketing information and you can request to be removed from the list by emailing [email protected]
  • If you’re not an existing customer or are a business associated with LEO Bookkeeping Services field of work we may hold your contact details because we have a legitimate interest in doing business with your company. We will aim to hold this information for two years since we were last in contact with you. It’s possible we picked this information up from public directories (such as LinkedIn, social media and internet searches) or that you passed your details to us with a business card.

Where we store your personal data?

  • Anyone who visits www.leobs.co.uk – we use Office 365 for emails. Emails and addresses will be stored in outlook. Names and addresses of leads will also be stored in our CRM Acello. These are data processors for us.
  • LEO Bookkeeping Services customers – we hold your data on local computers which are password protected and regularly updated and scanned for malware, in one drive for business, on our cloud accounting system (Xero), and in our CRM (Acello) all of which have 2 factor authorisation set up. These companies are data processors for us.
  • Payroll customers – we hold your data on local computers; which are password protected, regularly updated and scanned for malware; and backups on One Drive for Business. Microsoft is a data processor for us.
  • All other people we deal with (suppliers, etc.) we hold your details in Xero and Autoentry. These are data processors for us.

Disclosure of your data.

  • We may share your data with any member of the LEO Bookkeeping Services team.
  • Where we outsource any of our business functions under which we collect or store your data, in which case we will ensure that any such provider follows the same obligations of security with regards to your data as us.

International transfers of personal data, and the measures in place to safeguard it

  • Microsoft, Xero, Acello, Autoentry etc. are all “cloud-based systems”, which means the information is held in huge information data centres in different locations. 
  • All the cloud-based systems we use reserve the right to hold copies of your personal information outside the European Economic Area (EEA.) This section explains the impact of these international transfers and how your information is protected. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery. 
  • Xero may transfer your information to servers in New Zealand. The European Commission has approved New Zealand as a country having adequate laws and safeguards to protect your privacy. 
  • Microsoft and Xero may transfer your personal information to cloud data centres in the USA. The personal privacy laws and safeguards in the USA aren’t as good, so the European Commission has approved a system called “EU-US Privacy Shield” to make sure the personal information of European citizens is properly protected if held by companies in the USA. 
  • Accelo and Autoentry use AWS data centres and encryption and are working towards GDPR compliance. See links for more info.   

Retention of data

We will not collect more information than we need to fulfil our stated purposes and will not keep it for longer than is necessary. For applications of employment, this will be for a period of six months, after which the data will be securely destroyed. Retention of client data see above.


Your rights

You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. We will take reasonable steps to ensure the accuracy of the information that we hold. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect. You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above (for example, to process payroll or submit a VAT return.) We also retain the right to keep data that is needed to establish, exercise or defend a legal claim.


Access to information

You may request details of personal information which we hold about you. If you would like a copy of the information held on you, email [email protected]


Right to complaint

Whilst we will always treat your information with respect and take all reasonable steps to keep that information safe, if you are concerned about any aspect of the way in which we control or process your data you may contact us on [email protected] This will not affect your right to lodge a complaint with the Information Commissioners Office should you wish to do so.


Our contractual requirements to use your personal data

If you’re an LEO Bookkeeping Services customer, it’s a requirement that we collect personal information from you so that we can enter into a contract with your company.

If you’re an employee (or temporary or associated worker) at an LEO Bookkeeping Services customer, we have a legitimate interest in using your personal data so we can provide our services (such as payroll). Your employer will require us to do this through our contract with them. If you ask us to restrict processing of your personal data, we may not be able to run your payroll and this could affect your employment. For this reason, we use our legitimate interests as the lawful basis for processing your data (which is why we don’t ask for your consent to process it.)


Other purposes for processing personal data

We don’t process your personal data for any other purpose than we’ve described here. We will never sell your personal data to other companies.