I am Paul John Lockey MAAT t/a Paul J Lockey Bookkeeping & Accounts. As a professional services provider I require enquirers and customers to supply a range of confidential information so I can give them the best possible service. I’m committed to complying with my legal obligations and being clear with customers about what I do with their data. I’m committed to safeguarding customer privacy and this page explains what I do with the personal information you may choose to provide via this website (, via phone calls, through written communication or otherwise. Please read it carefully to understand how your personal information will be treated.

What personal information do I collect?

I collect a range of confidential information, including

  • names
  • email addresses
  • telephone numbers
  • home/business addresses
  • bank statements, credit or debit card information, other payment details
  • taxation and financial records
  • any other relevant information you may choose to provide when making contact with me.

How do I use your personal information?

I use your personal information

  • to maintain my relationship with you whilst you are a customer
  • to provide quotations and agreed services to you
  • for invoicing, processing payments, account set up and maintenance, to communicate with you, including to respond to information requests/enquiries submitted and/or to obtain your feedback on my service
  • for record keeping as required by law
  • to notify you about changes to my services
  • to decide on and notify you about price changes
  • to monitor the quality of my services
  • to ensure data security
  • to investigate any complaint you make
  • to provide evidence in any dispute or anticipated dispute
  • as I may otherwise consider necessary to protect my rights, property, safety, and legitimate interests.


I may from time to time send you a direct marketing email in relation to my services.

I’ll only send you direct marketing in relation to my services by email

  • where you have consented to this or
  • where you have not objected to this, and I’m marketing similar services to those you have previously purchased from me.

Your agreement to the use of your personal information for direct marketing purposes is optional and if you choose not to consent, your visits to and use of my website will not be affected.

You can choose to opt out of receiving direct marketing information from me at any time by using the link in my emails.

What is my legal basis for processing?

In terms of the legal basis I rely on to process your personal information, these are

  • where you have provided your consent: for direct marketing communications in respect of my services, including in respect of marketing communications sent by electronic means (e.g. email and SMS)
  • for the performance of a contract with you (such as a contract for the provision of services) or to take steps at your request prior to entering into this contract
  • to comply with legal obligations, including performing anti-money laundering checks, investigating complaints, or litigation
  • to protect your legitimate interests or the legitimate interests of another person, e.g. where you or they are seriously injured or ill, or my legitimate interests in:
  • management of your account (including processing payments) and my relationship with you and communicating with you
  • operating my website
  • processing orders and supplying my services
  • my internal business purposes which may include processing for the purposes of: record keeping, research, reporting and statistics, data security, to ensure the quality of my services, investigating and responding to queries and complaints, changing my pricing, debt collection, fraud detection and prevention, risk management, protecting our rights, property and safety (and that of others).

You can object to my processing carried out on the basis of legitimate interests at any time via my contact page.

See also The right to object to the use of your data

How do I share your personal information?

I may need to share your personal information with

  • my solicitor or similar advisers when I ask them to provide me with professional advice
  • debt collection agencies and lawyers if I’m seeking to recover debts owing to me
  • any Government Department, public body or other third party where I believe in good faith that the law requires this, in the interests of public health and safety, or in order to protect the rights, property, or safety of myself and others
  • emergency services in the event that I need to report accidents or incidents or request emergency assistance
  • other third parties, if authorised by you to do so.

The performance of services by my third party service provider(s) may be subject to a separate privacy statement provided to you by the relevant third party. You should read any such statement carefully.

How long do I keep your personal information?

I retain your personal information for no longer than is necessary for the purposes for which the personal information is collected. When determining the relevant retention periods, I take into account factors including:

  • legal obligation(s) under applicable law to retain data for a certain period of time
  • statute of limitations under applicable law(s)
  • (potential) disputes
  • guidelines issued by relevant data protection authorities.

Otherwise, I securely erase your information once this is no longer needed.

Cookie Policy

This website uses cookies. For more information on what cookies are, how this site uses them, and how to control the cookie preferences, please refer to the Cookie Policy.

Visitor Comments

If you leave a comment on this site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so any follow-up comments can be recognized and approved automatically instead of being held in a moderation queue.

The data shown in the comments form, and also your IP address and browser user agent string, assists spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

Links to third party websites

My website contains links to other internet websites. Unless otherwise explicitly stated, I’m not responsible for the privacy practices or the content of such websites, including such sites’ use of any personal information. Nevertheless, in the event you encounter any third party associated with my website (or who claims association with my website) who you feel is improperly collecting or using information about you, please contact me and I’ll be happy to forward your message to the third party.


I use reasonable security methods to protect the personal information that I process, however, please note that no transmission over the internet can be guaranteed to be secure. Consequently, I cannot guarantee the security of any personal information that you transfer to me over the internet.

What are your rights?

The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications.

I’ll grant your request only to the extent that it follows from my assessment of your request that I’m allowed and required to do so under data protection laws. Nothing in this Privacy Notice is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.

  • The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how I use your personal information and your rights. This is why I’m providing you with the information in this Privacy Notice.
  • The right of access – You have the right to obtain a copy of your personal information (if I’m processing it), and other certain information (similar to that provided in this Privacy Notice) about how it is used. This is so you are aware and can check that I’m using your personal information in accordance with data protection law. I can refuse to provide information where to do so may reveal personal information about another person or would otherwise negatively impact another person‘s rights.
  • The right to rectification – You can ask me to take reasonable measures to correct your personal information if it’s inaccurate or incomplete, e.g. if I have the wrong email or name for you.
  • The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal information where there’s no compelling reason for me to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where I need to use the information in defence of a legal claim.
  • The right to restrict processing – You have rights to ‘block’ or suppress further use of your personal information when I’m assessing a request for rectification or as an alternative to erasure. When processing is restricted, I can still store your personal information, but may not use it further. I keep lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future.
  • The right to data portability – You have rights to obtain and reuse certain personal information for your own purposes across different organisations. This enables you to move, copy or transfer your personal information easily between my IT system and theirs (or directly to yourself) safely and securely, without affecting its usability. This only applies to your personal information that you have provided to me and I’m processing with your consent, or to perform a contract which you and I are a party to, or carrying out the processing by automated means (i.e. excluding paper files).
  • The right to object – You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time in so far as that processing takes place for the purposes of legitimate interests pursued by myself or by a third party. I’ll be allowed to continue to process the personal information if I can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or I need this for the establishment, exercise or defence of legal claims.
  • Rights in relation to automated decision making and profiling – You have the right not to be subject to a decision based solely on automated processing (including profiling), which significantly affects you, subject to some exceptions. Where this is the case, you have the right to obtain human intervention, voice your concerns and to have the decision reviewed.

Updating this statement

I’ll review my privacy practices from time to time. I ask that you bookmark and periodically review this page for updates to this Privacy Notice. I reserve the right to modify this policy effective seven days after the posting of the revised Privacy Notice.

Want to contact me?

For further information regarding these rights, about this Privacy Notice generally, or to make a complaint, please use the form on my contact page.

Please provide as much information as possible to help me identify the information you are requesting, the action you want me to take and why you believe this action should be taken.

Before assessing your request, I may ask for additional information in order to identify you. If you do not provide the requested information and, as a result I’m not in a position to identify you, I may refuse to action your request.

I’ll generally respond to your request within one month of receipt of your request. I can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.

I’ll not charge you for such communications or actions I take, unless:

  • you request additional copies of your personal data undergoing processing, in which case I may charge for my reasonable administrative costs, or
  • you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case I may either: (a) charge for my reasonable administrative costs; or (b) refuse to act on the request.

If after contacting me you are still unhappy you may also complain to the Information Commissioner, all contact details are available on the Information Commissioner‘s website: