GDPR & Your Rights
Your data belongs to you. Here's how to exercise your rights under UK GDPR — clearly explained, no legal jargon.
Last updated: March 2026
1. Your Rights at a Glance
Request a copy of all personal data we hold about you. We’ll provide it within 30 days in a readable format.
Request your data →If any data is inaccurate or incomplete, you have the right to have it corrected. Most data can be updated directly in your account settings.
Ask us to delete your personal data. We’ll comply within 30 days, except where required by law (e.g. 7-year HMRC record requirement).
Request deletion →Ask us to stop processing your data while a dispute is being resolved — for example, if you contest the accuracy of data we hold.
Request your data in a machine-readable format (JSON or CSV). You can also export directly from your Accounted dashboard.
Export from dashboard →Object to processing based on legitimate interests or for direct marketing. Unsubscribe from marketing emails at any time using the link in any email.
2. How to Make a Request
Making a data request is simple
Log in to your account and use the data request buttons above, or email hello@getaccounted.co.uk with the subject line matching your request.
To protect your data, we’ll confirm your identity before actioning any request. Usually a quick email confirmation.
UK GDPR requires us to respond within one calendar month. We aim to respond much faster for simple requests.
3. Data We Hold About You
| Category | What we hold | Why | Retention |
|---|---|---|---|
| Account data | Name, email, business details | To provide the service | Account duration + 30 days |
| Financial records | Transactions, invoices, receipts, tax submissions | HMRC compliance | 7 years from tax year end |
| HMRC connection | Encrypted OAuth tokens | To submit returns | Until disconnected |
| Bank connection | Read-only transaction data | Bookkeeping service | Rolling 24 months or until disconnected |
| Communication logs | Support emails, Penny messages | Customer service | 3 years |
| Marketing preferences | Email opt-in/out | GDPR consent | Until withdrawn |
4. Lawful Basis for Processing
Contract: Covers: account management, transaction categorisation, HMRC submissions, bank connections, Penny.
Legal Obligation: Covers: HMRC fraud prevention headers, tax record retention, ICO registration, legal requests.
Legitimate Interests: Covers: security monitoring, error logging, fraud prevention, service improvement (anonymised data only).
Consent: Covers: marketing emails and product announcements. Withdraw at any time.
5. Data Transfers
All data stored in EU data centres. Data leaves the EEA only for:
- →HMRC submissions (UK government, adequacy decision applies)
- →Payment processing (SCCs apply)
- →AI categorisation (anonymised data only, SCCs apply)
6. Complaints
- →ICO website: ico.org.uk
- →ICO helpline: 0303 123 1113
We would always prefer to resolve concerns directly first. Contact: hello@getaccounted.co.uk
7. Contact
- →Email: hello@getaccounted.co.uk
- →Subject: “Data Protection”
- →SaltCore Group Limited, trading as Accounted
- →getaccounted.co.uk
Questions about your data?
Email us at hello@getaccounted.co.uk — we respond within 2 hours on business days.
Contact Us →