Privacy Policy — Warren Gell CTA

Last updated: May 2026

Introduction to GDPR

The General Data Protection Regulation (GDPR) came into force on 25th May 2018. It was an overhaul of the existing EU legislation on data protection, and not a new approach. It replaced the UK's Data Protection Act 1998. The Data Protection Act 2018 ("DPA 2018") and the General Data Protection Regulation ("GDPR") impose certain legal obligations in connection with the processing of personal data.

Responsible GDPR Officer

Mr. Warren Gell

Purposes of Processing Personal Data

Warren Gell, Chartered Tax Adviser, is a "processor" of personal information. I will use some, or all, of your personal data to:

Enable me to supply professional services to you as my client.
Fulfil my obligations under relevant laws in force from time to time, including:
- The Proceeds of Crime Act 2002 (POCA) as amended
- The Terrorism Act 2000 (TA 2000) as amended
- The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the "2017 Regulations") as amended
- Terrorist Asset-Freezing etc. Act 2010
- Anti-terrorism, Crime and Security Act 2001
- Counter-terrorism Act 2008, Schedule 7
- Criminal Finances Act 2017
Comply with professional obligations to which I am subject as a member of the Chartered Institute of Taxation (CIOT) and the Association of Taxation Technicians (ATT).
Use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
Enable me to invoice you for my services and investigate or address any attendant fee disputes that may have arisen.
Contact you about other services I provide which may be of interest to you, if you have consented to me doing so.

Legal Bases for Processing

My intended processing of personal data has the following legal bases:

The processing is necessary for the performance of my contract with you (the Letter of Engagement).
The processing is necessary for compliance with legal obligations to which I am subject (e.g. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the 2017 Regulations) as amended).

It is a requirement of my contract with you that you provide me with the personal data that I request. If you do not provide the information that I request, I may not be able to provide professional services to you.

Categories of Personal Data Obtained

In addition to personal data obtained from yourself, and possibly your professional adviser(s), I sometimes obtain personal data from HM Revenue & Customs and Companies House to assist in the preparation of accounts and tax returns.

When appropriate, I will request personal data from a previous accountant or tax adviser to ensure a smooth handover of your affairs and to accurately prepare your accounts, tax returns and other documents.

I do not purchase information about clients or potential clients. I do not obtain any data from people who access this website.

Recipients of Your Personal Data

I may share your personal data with:

HM Revenue & Customs
Companies House
Any third parties with whom you require or permit me to correspond
Subcontractors
An alternate appointed by me in the event of incapacity or death
Professional indemnity insurers
My professional bodies (CIOT, ATT) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of the 2017 Regulations as amended (or any similar legislation)

If the law allows or requires me to do so, I may also share your personal data with:

The police and law enforcement agencies
Courts and tribunals
The Information Commissioner's Office ("ICO")

I may need to share your personal data with the third parties identified above in order to comply with my legal obligations, including my legal obligations to you. If you ask me not to share your personal data with such third parties, I may need to cease to act.

Transfers of Personal Data Outside the UK

Your personal data will be processed in the UK only.

Retention Periods of Personal Data

In accordance with recognised good practice within the tax and accountancy sector, I will retain my records relating to you as follows:

Where accounts and tax returns etc. have been prepared, it is my policy to retain information for at least 7 years from the end of the tax year to which the information relates.
Where ad-hoc advisory work has been undertaken, it is my policy to retain information for 7 years from the date the business relationship ceased.
Where I have an ongoing client relationship, data which is needed for more than one year's tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but should be deleted 7 years after the end of the business relationship — unless you, as my client, ask me to retain it for a longer period.

My contractual terms provide for the destruction of documents after 7 years; agreement to the contractual terms is taken as agreement to the retention of records for this period and to their destruction thereafter.

Your Own Retention Obligations

You are responsible for retaining information that I send to you (including details of capital gains base costs and claims and elections submitted), and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as follows:

Individuals, trustees and partnerships with trading or rental income: five years and 10 months after the end of the tax year.
Individuals, trustees and partnerships otherwise: 22 months after the end of the tax year.
Companies, LLPs and other corporate entities: six years from the end of the accounting period.

Your Rights as an Individual

The GDPR provides the following rights for individuals:

The right to be informed about my processing of your personal data.
The right to request access to your data.
The right to rectification of inaccurate and/or incomplete data.
The right to erasure of your personal data.
The right to restrict processing of your data.
The right to data portability of your data.
The right to object to processing of your data.

There are also rights in relation to automated decision-making and profiling. I am not involved in such activities.

You have the right to complain to the Information Commissioner's Office. The ICO has enforcement powers and can investigate compliance with data protection law.

What Personal Data Is Held

I hold personal data such as: full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, National Insurance number, tax reference number, and financial details.

How Personal Data Is Secured

Personal data is held in electronic format on a password-protected computer running professional tax software (TaxCalc) and Microsoft Office products. Professional malware and anti-virus software is installed and updated regularly. Data is backed up to a hard drive and to cloud storage.

Current paper-based data held in files and folders is held in a lockable cupboard and filing cabinets.

Changes to This Privacy Notice

I may amend this privacy notice from time to time. If I do so, I will supply you with, and/or otherwise make available to you, a copy of the amended privacy notice. The latest privacy notice will always be available on this website.

Questions about this policy? Get in touch via the contact form on the homepage and I'll be happy to help.