Privacy Policy

Who we are

This is the privacy policy of Gray Associates. Gray Associates is a partnership and a firm of Chartered Accountants regulated by the Institute of Chartered Accountants of Scotland.

This privacy statement explains how we collect and use personal information about you when you use our website and when we supply professional services. We confirm that we will comply with the provisions of the GDPR and the Data Protection Act 2018 when processing personal data about you and your family and that we have appropriate security measures in place.

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

Gray Associates is the controller and responsible for your personal data (collectively referred to as Gray Associates, 'we', 'us' or 'our' in this privacy policy).

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 1st May 2018 and historic versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with professional services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Your rights

Access to your information – You have the right to request a copy of the personal information about you that we hold. 
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the information for the purposes for which it was obtained.
  • We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
  • You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
  • Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes.  In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information, but you don't want us to delete the data.  Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision.  This right only applies where we use your information with your consent or as part of a contractual relationship with you.

Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

How do we protect any personal information we collect?

Regardless of your relationship with us we treat all personal information we collect in as secure a manner as reasonably practicable.

We only collect the personal information we need to in order to meet contractual obligations with yourself and legal or regulatory obligations with third parties listed below.

We only retain personal information as long as we need or are bound to.

We utilise full disk encryption on all employee laptops and desktops.

Our backups are encrypted at rest and in transit.

Our paper archives are stored in a secured location monitored for fire and theft.

We regularly audit our data privacy strategy to ensure it is fit for purpose.

We train our staff so that they can identify and avoid online scams such as phishing which may cause a data breach

Types of personal information we collect

Types of Data

What that might include


Name, Date of Birth, Signature, Passport, Driving License, Birth Certificate


Home Address, Business Address, Home Phone Number, Mobile Number, Work Number


Marital Status, Next of Kin, Dependents, Family Members


Job role, Work Address, Salary, P32, P60, Annual Leave, Pension policy, benefits, National Insurance


Sort Code, Bank Account Number, Unique Tax Reference (UTR), credit card statements, bank account statements, monies you owe, monies owed to you, utility bills


Personal information we learn about you from correspondence between yourself and Gray Associates in the form of letters, emails and conversations

Publicly Available

Personal Information that is publicly available. For example, from Companies House

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your information

We collect personal information detailed above so that we can deliver services and meet our legal responsibilities.

We can meet our contractual obligation to you in providing various accountancy services such as book keeping, personal tax, corporate tax, vat returns and corporate finance.

We can meet legal and industry regulatory obligations including prevent and detect crime, fraud or corruption.

We can verify identity where this is required

We can communication by post, email or telephone

We can maintain records and process financial transactions

Where we collect your personal information from

Most of the personal information we collect from you will be provided to us, by yourself when we on-board you as a new client or when we request it from you to fulfil our contractual, legal and regulatory obligations. However, we may also collect information about you from:

Money laundering service provider
Companies House

Who we share your information with

We may share your personal information with the following third parties:

Our anti money laundering service provider

Our IT service provider and accountancy software developer in technical support instances

The Police, HMRC, Department of Work and Pensions, where we have legal or regulatory obligations to do so.

Fraud prevention agencies.

Pension providers where we process payroll.

How long we keep your personal information

The periods for which we retain personal information depend on the purpose for which the information was obtained but, in general terms, we will retain personal data for as long as we are required by law, or as may be required for record keeping and legal claims purposes.

If you visit our website

This privacy notice aims to give you information on how Gray Associates collects and processes your personal data through our website, including any data you may provide through the website.

This website is not intended for children and we do not knowingly collect data relating to children.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Personal Data we collect

We may collect the following information from our website users:

  • Your visits and use of our website
  • Use of cookies
  • IP address,
  • location,
  • browser type,
  • referral source,
  • length of visit
  • number of page views

The purpose for collecting this information is for:

  • Information about the number of visitors and their use of the site will only be used for statistical purposes (in aggregate form) to improve our website’s usability and for marketing purposes.
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
  • Provision of newsletters and/or other marketing materials
  • Provision of other requested business information regarding our services
  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review or take a survey

The Recipients of personal data

Information provided by you will be stored securely, kept strictly confidential, and will not be disclosed to any third party without your explicit consent, with the following exceptions:

  • To give you the information and advice that you require we may need to disclose your information to regulatory authorities.
  • Our compliance advisers, auditors, and our regulatory body may require us to disclose certain client details to them in the normal course of their duties.
  • The hosting of our web site, and of associated client data, is carried out by Practicetrack. Practicetrack only process this information to provide the functionality of the web site.

We will not transfer your data out with the European Economic Area.


Our website uses cookies. A cookie is a small text file stored in your computer containing text data. We use cookies for certain functions to improve the usability of the website. However, enabling cookies in your web browser is necessary if you wish your selections to be remembered for future visits on the same computer. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. For more information about cookies and instructions on how to adjust your browser settings to restrict or disable cookies, see the IAB website at If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Contacting us and Complaints

If you have any questions are unhappy with how we have dealt with your personal information we would invite you to complain to us directly in the first instance. We can be contacted using the details below:

By e-mail:
By phone: 01856 850860
By post: Gray Associates, Ridgeways, Back Road, Stromness, Orkney, KW16 3DS

If you are dissatisfied with how we have dealt with your complaint, you have the right to lodge a complaint with the Information Commissioner’s Office. They can be contacted using the details below:


By post:
Information Commissioner's Office
Wycliffe House
Water Lane
Telephone - 0303 123 1113 (local rate) or 01625 545 745