How we collect, use, and protect your personal data in accordance with UK GDPR and the Data Protection Act 2018.
11TaxAssist Ltd (company no. 16416027) is the data controller for personal data processed via our websites, products and services unless stated otherwise.
This notice explains how we collect, use, share and protect personal data in accordance with the UK GDPR, the Data Protection Act 2018, and other applicable UK laws.
It covers data processed when you visit our website, contact us, or use our services.
We may collect and process the following categories of data:
We process personal data to provide our services, comply with legal obligations, manage payments, protect systems, and ‐ with your consent ‐ send marketing communications.
| Purpose | Example Activities | Lawful Basis |
|---|---|---|
| Provide & manage services | Onboarding, filing, advice, support | Contract |
| Legal & regulatory compliance | HMRC/Companies House submissions, record keeping | Legal obligation |
| Billing & payments | Invoicing and payment processing | Legitimate interests |
| Security & fraud prevention | Access controls, logs, DDoS/WAF via CDN | Legitimate interests |
| Marketing (optional) | Newsletters, updates |
Under UK GDPR you have the following rights regarding your personal data. To exercise any of these rights, contact us using the details in Section 11.
Request a copy of the personal data we hold about you.
Correct inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Limit how we process your data in certain circumstances.
Object to processing based on legitimate interests or for direct marketing.
Receive your data in a structured, machine-readable format.
Withdraw consent at any time where processing is consent-based.
We share personal data only where necessary, under contracts imposing confidentiality and security obligations (data processors). Typical recipients include:
Some providers may process data outside the UK/EEA. Where this occurs, we implement appropriate safeguards such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (SCCs), or rely on adequacy regulations, and apply additional technical and organisational measures where appropriate.
We use Cloudflare for TLS termination, WAF/DDoS mitigation and content delivery. Cloudflare may process limited operational and security metadata across its global network.
We implement defence-in-depth security measures to protect your personal data at every layer:
TLS (HTTPS) in transit and, where appropriate, encryption at rest
WAF, DDoS mitigation and bot protections via CDN
Access controls & MFA for all internal systems
Logging, patching and vulnerability management
Supplier due diligence and data processing agreements
We retain personal data only as long as necessary for the purpose it was collected and to meet legal or accounting requirements.
| Category | Typical Period | Rationale |
|---|---|---|
| Tax & accounting records | 6 years after relevant tax year | Statutory requirements |
| Contracts & correspondence | 6 years after contract end | Limitation periods |
| Support tickets & logs | 12‐24 months | Operational / security |
| Marketing data | or 24 months inactivity | Preference management |
We use cookies for core site functionality and security, and ‐ where you consent ‐ analytics and performance cookies.
To exercise your data rights, ask a question about this policy, or raise a concern, please contact us:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We may update this notice occasionally. The latest version will always be published on our website and will show the "last updated" date at the top of this page.
Join thousands of UK businesses using 11TaxAssist to stay compliant with Making Tax Digital ‐ fast, simple, and HMRC‐recognized.