Tax Intelligence 25 Limited (‘the Company’)
Privacy Policy as at September 2025
Introduction
Tax Intelligence 25 is a tax advisory practice based in Birmingham, United Kingdom. Our website address is: https://taxintelligence25.co.uk. You can contact us at admin@ti25.co.uk.
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.
The Company is a data controller within the meaning of the GDPR and we process personal data. The firm’s contact details for these purposes are Stephen Edwards or Terri Halstead, at 35 Grange Hill Road, Birmingham, B38 8RE.
We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice. Where we act as a data processor on behalf of a data controller, we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and privacy policies and is not intended to override them. We are the controller and are responsible for your personal data. We’ll only use your personal data for the purposes set out in this privacy notice, which includes: 1) to deliver the products and services you’ve requested from us, 2) to meet our legal responsibilities, and 3) to send marketing communications to you.
2. We collect personal data about you when:
• you request a proposal from us to provide you with a service • you, your employer or one of our clients engage us to provide our services. We’ll also collect data during the period we’re delivering those services.
• you get in touch with us. That could be by corresponding with us by email, phone, post, or social media, or in person in meetings and via video meetings.
• we consult third parties and/or review data which is available to the public. For example, we may ask for data from your employer or find it on Companies House.
3. Information that we will retain for the time being include:
Personal data means any information about an individual from which they can be identified (not including any data which has been anonymised).
We may collect, use, store and transfer the following types of personal data:
• identity data – including your personal details such as your full name, date of birth, title, marital status, job title, gender and other similar identifiers
• contact data – including your address, email address and telephone numbers
• financial data – including bank account details • technical data – including your IP address, device identification numbers or provider, operating system and platform, browser type and version and other technology on the device you use to contact us
• transaction data – including details about payments to and from you and other details of services you have purchased from us
• profile data – including purchases or orders made by you, your interests, preferences, feedback and survey responses
• usage data – including details of how you use any services you’ve received from us
• communications data – including our correspondence and communications with you (whether by email, telephone, or otherwise) and details of the communication we’ve had with you relating to the delivery or proposed delivery of a service (including information about any complaints you make, and any questions you ask us)
• marketing data – including information from research, surveys and marketing activities, together with your preferences in relation to receiving marketing from us and our third parties
• information we receive from other sources (for example, publicly available information, information provided by your employer or our clients, credit reference agencies etc).
• special category data – including details about your health, race or ethnicity, religion, sexual orientation, and genetic and biometric data If you fail to provide personal data: Where we need to collect personal data by law, or under the terms of the contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
4. In order to process your data, we are obliged to identify at least one of what’s called our “lawful basis for processing”. We may process your personal data:
• to help us perform the things we said we’d deliver (or you instructed us to deliver) and perform the contract we are about to enter into or have entered into with you. This might apply where we’re processing your personal data because you’re a subcontractor, supplier, or customer of a client of ours. The lawful bases that apply here are “performance of a contract” and/or “to comply with a legal obligation” (where we are obliged to process your data to satisfy a legal requirement);
• for the purposes of our own business interests (providing these interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data). Examples of these business interests might include direct marketing, business development, statistical and management purposes (this would be “legitimate interest”); and/or
• for certain additional purposes if you provide your consent. Please bear in mind: where we ask for your consent to using your data, you have the right to withdraw this consent at any time (called “consent”).
Where we process any special category data, we recognise that we need to take care over it. When using your special category data, we will use it in accordance with the law and will ensure that suitable and specific measures are in place to safeguard your fundamental rights and interests. We process special categories of personal data under Article 9(2)(a) GDPR, where you have provided explicit consent (this is “explicit consent”). Examples of when we may process special category data about you includes health information we receive from you as part of providing certain services to you (i.e., wills, probate and administration of trusts matters).
We might use your personal data for more than one of these purposes at the same time.
5. How, why and on what lawful bases we might use your Personal Data
Purpose Type of personal data Lawful basis
---------------------------------------------------------------------------------------------------------------
Onboard you as a new
client Identity data Performance of contact
Contact data
Financial data To comply with a legal
obligation
--------------------------------------------------------------------------------------------------------------
Deliver our services to
you Identity data Performance of a contract
and manage our
relationship Contact data
with you, including: Financial data Legitimate interest (to recover
Transaction data fees due to us)
to notify you about Special category data
changes to our terms, To comply with a legal
services or business; and obligation
Explicit consent (where
to understand what processing
you need and how we special category data)
can achieve this
--------------------------------------------------------------------------------------------------------
Administer and protect
our business and website Identity data Legitimate interest
Contact data (for running our business,
Technical data to prevent fraud
and in the context of a
business reorganisation
or group restructuring
exercise)
To comply with a legal obligation
------------------------------------------------------------------------------------------------------------------
Deliver relevant content and Identity data Legitimate interest (to develop
advertising to you and Contact data our services and website,
measure and understand Profile data to grow our business and
the effectiveness of our Technical to inform data our marketing)
advertising Usage data
Communications data
Marketing data
----------------------------------------------------------------------------------------------------------------
Use data analytics to improve Technical data Legitimate interest (to keep
our website, services, Usage data our website up to
marketing, customer Automated date and relevant, and to inform
relationships and enrichment our marketing)
experiences with publicly
available data
-------------------------------------------------------------------------------------------------------------
Manage our recruitment Identity data Performance of a contract
process and to assess an Contact data To comply with a legal
applicant’s suitability for obligation
employment with us Legitimate interest
(for considering your
application to join us)
Consent
-----------------------------------------------------------------------------------------------------------
Directly market to you and Identity data Legitimate interest
make suggestions and Contact data (to grow our
recommendations to you Technical data business and offer
about events and services Usage data you services that
that may be of interest Profile data we think may be of
interest)
Communications data
Marketing data
Automated enrichment with
publicly available data
---------------------------------------------------------------------------------------------------------------
Directly market to you Identity data Consent
where you have provided Contact data
consent Technical data
Usage data
Profile data
Communications data
Marketing data
----------------------------------------------------------------------------------------------------------------
6. How long do we keep your personal data?
We will only retain your personal data for as long as is reasonably necessary to fulfil the original purpose for which it was collected. When assessing how long we keep your personal data, we take the following into consideration:
• the requirements of our business and the services we provide
• any statutory or legal obligations that require us to keep it
• the reason why we originally collected the data
• the lawful grounds on which we have been processing the data
• the types of personal data we’ve collected
• the amount, nature and sensitivity of data
• the potential risk of harm from unauthorised use or disclosure of your personal data
• the purposes for which we process your personal data and whether we can reasonably achieve these purposes through other means
• any other applicable legal, regulatory, tax, accounting or other requirements.
By way of additional background, legislation, regulations, and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies but it’s typically six years plus the current financial year. Where we can, we measure how long we keep the data from the end of the accounting period to which it relates. There are some scenarios where the time we’re obliged to keep data for is longer than this (for example where the data relates to insolvency), but we don’t want to hold on to your data any longer than we have to. If you would like further information relating to how long we will keep your data, please contact us.
7. Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one. If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data.
8. Who has access to your personal data?
We may share your personal data with third parties for the purposes set out in this policy, this may include:
• other companies with which we are associated
• service providers (acting as processors) who provide services to us including IT and system administration
• HM Revenue & Customs, regulators and other authorities
• third parties whom we choose to sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as is set out in this privacy notice Let’s be clear – we won’t sell or rent your personal information to third parties.
Please be assured that access to your information is limited to those who need it and any of our people with access to your information understand that they have a duty of confidentiality. We require them to respect the security of your personal data and to treat it in accordance with the law. This falls under industry-related ethical standards, which we’re all required to follow.
9. People or businesses (“Third Party Service Providers”) working on our behalf:
In some cases, we use other people or businesses (we call them “Third Party Service Providers”) to provide professional advice, for cloud-based information storage facilities and in some cases processing that we’ve been asked to deliver for you, but don’t have in-house capacity. Whenever we use Third Party Service Providers, we have contracts in place requiring them to keep your information secure and not use it for their own purposes; and we are concerned to ensure only to disclose the personal information necessary to deliver the service. All of our Third Party Service Providers are required to put in place appropriate security measures to protect your personal data.
10. Our security measures in place to prevent the loss, misuse or alteration of your personal data:
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees and other third-party service providers who have a business need to know. They’ll only process your personal data on our instructions and they too are subject to a duty of confidentiality. We’ve put procedures in place to deal with any suspected data security breaches. In the event of an actual or suspected breach of your data, we’ll notify you and any applicable regulator where we’re legally required to do so.
11. International transfers of personal data:
Whilst your data will usually be processed in the UK, to allow us to operate efficient digital processes, we may need to transfer your personal data outside the UK, as some of our external third parties may be based outside the UK. This may be done within the European Economic Area (EEA), but on some occasions, it may be that your data is most efficiently to be processed outside of the EEA. If we were to transfer your data outside the UK, we would ensure a similar degree of protection is afforded to it and will ensure that adequate safeguards and protection measures are in place in compliance with the applicable data protection laws. We will apply due diligence and ensure that we have suitable contractual agreements in place with such third-party service providers that meet all relevant regulatory requirements.
12. Your duty to inform us of changes in your personal data:
It’s important that the personal data we hold about you is accurate and current, for the benefit of both you and us. Please let us know of any relevant changes (for example, change of address or bank account) by getting in touch with your usual contact or using the contact details below or at admin@ti25.co.uk.
13. Your rights in connection with personal data:
Under certain circumstances, the law gives you the right to:
• request access to your personal data – you can ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully. This is more commonly known as a ‘data subject access request’
• request correction of your personal data – you can ask us to correct any inaccurate personal data that we hold about you and complete any incomplete personal data that we hold on you
• request erasure of your personal data – you can ask us to delete or remove your personal data where there is no good reason for us to continue processing it. If, for some reason, we still hold your personal data, but without good reason, at your request we’ll delete it. We may not always be able to comply with your request for erasure for specific legal reasons, in which case, we will notify you of such reasons at the time of your request
• object to us processing your personal data – this applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data
• ask for the restriction of the processing of your personal data – this means you can ask us to suspend the processing of personal data about you where you want us to establish the accuracy of the personal data; where our use of the personal data is unlawful but you do not want us to erase it; where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise of defend legal claims ; or where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use such personal data.
• ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible
• withdraw consent for processing – we’ve got a special section on this below
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below. We try to respond to all legitimate requests within one month but if we are unable to, we will notify you of this and keep you updated. Please note that we may charge a reasonable fee if your request for access is clearly unfounded or excessive and we may decline to comply with the request in such circumstances. It’s also possible that we may not be able to comply with the request for compliance reasons. As a final note, if you choose to exercise any of these rights, without exception we will ask you to confirm your identity, which means we might need to request specific information from you. This is to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
14. Your right to withdraw consent:
You have the right to withdraw your consent for us to collect, process and transfer your data at any time where consent is our only lawful basis for processing your information. To withdraw your consent, please get in touch using the contact details below. Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to (unless we have another lawful basis for doing so).
15. Changes to this privacy notice
We keep this privacy notice under regular review and will place any updates on our website on the privacy policy page.
This privacy notice was last updated on 3 November 2025.
16. Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please contact Stephen Edwards or Terri Halstead at the address detailed earlier above. You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.