This policy explains how Brookman Limited, trading as MTD Go ("we", "us", "our"), collects and uses your personal data, and your rights under UK data protection law (the UK GDPR and the Data Protection Act 2018). We are the "data controller" for the information described below.
Who we are
Brookman Limited t/a Brookman Chartered Certified Accountants / MTD Go. Company No. 6860749, registered in England & Wales. VAT No. 97737690. Regulated by the Association of Chartered Certified Accountants (ACCA). Contact: support@mtd-go.co.uk, [INSERT REGISTERED ADDRESS].
The data we collect
- Identity & contact details: name, email, phone, address, date of birth.
- Tax & financial information: Unique Taxpayer Reference (UTR), National Insurance number, income, rental and self-employment details, accounting records you provide.
- Identity verification data: documents and checks required under anti-money-laundering (AML) regulations.
- Payment information: Direct Debit details are collected and processed by GoCardless — we do not store your bank details ourselves.
- Website & usage data: information from forms you submit, plus cookies/analytics (see our Cookie Policy).
How and why we use it (lawful bases)
| Purpose | Lawful basis |
|---|---|
| Providing our accountancy/MTD services and filing with HMRC | Performance of a contract |
| Identity checks and record-keeping under AML law | Legal obligation |
| Sending you service updates and deadline reminders | Contract / legitimate interests |
| Marketing emails (e.g. the MTD checklist) | Consent (you can withdraw anytime) |
| Improving our website | Legitimate interests / consent for analytics cookies |
Who we share it with
We share data only as needed to deliver our service, including: HMRC (to register you and file returns), GoCardless (payments), our bookkeeping software providers (e.g. QuickBooks, Dext), our identity-verification provider, and our email/CRM provider. Each acts as our processor under a data-processing agreement. We do not sell your data. [Confirm and list your actual providers.]
How long we keep it
We keep client and tax records for at least six years after our engagement ends, in line with HMRC and AML requirements, after which we securely delete or anonymise it. Marketing data is kept until you unsubscribe.
Your rights
Under UK GDPR you can request access to your data, correction, erasure (where no legal duty to retain applies), restriction, portability, and you can object to processing or withdraw consent. To exercise any right, email support@mtd-go.co.uk. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Security & international transfers
We use appropriate technical and organisational measures to protect your data. Where a provider processes data outside the UK, we ensure an approved safeguard (such as UK adequacy regulations or standard contractual clauses) is in place.
Changes to this policy
We may update this policy from time to time. The "last updated" date above shows the latest version.