1. Who we are
Aurestone Advisory is an independent UK accounting and advisory practice. For the purposes of UK data protection law, Aurestone Advisory is the controller of personal information collected through this website and through direct enquiries unless another arrangement is set out in a client engagement.
Contact email: fahad@aurestoneadvisory.com. You can also write to Aurestone Advisory, United Kingdom. If you need a full postal address for formal correspondence, please request it by email.
2. What this policy covers
This policy covers personal information processed when you:
- browse this website;
- use the contact form or lead capture forms;
- click a WhatsApp contact button;
- book a call through the booking page;
- email, call, or message Aurestone Advisory;
- use the website admin area as an authorised administrator; or
- become a client or prospective client.
Client engagements may involve additional privacy information, onboarding checks, engagement letters, professional terms, and statutory record-keeping requirements.
3. Personal information we collect
Enquiry and contact details
Name, email address, phone number if provided, company name, selected service, message content, and the date and source of the enquiry.
Booking information
Information you provide when booking a call, such as name, email address, chosen time, and any booking notes submitted through Calendly.
Service relationship information
If you become a client, Aurestone may collect additional identification, accounting, tax, payroll, bookkeeping, business, onboarding, and payment information needed to provide professional services and meet compliance obligations. This may be covered in more detail in engagement letters or client onboarding documents.
Website and interaction data
Basic technical or interaction information such as the page used to click a WhatsApp button, the button source, and timestamp. This is used to understand contact routes and improve the website.
Admin and security data
For authorised administrators, the website may process login details, admin session cookies, content changes, revision records, and CMS activity.
Please do not send sensitive financial documents, identity documents, tax records, or payroll records through general website enquiry forms unless Aurestone specifically asks you to use a secure or agreed method.
4. How we collect information
Aurestone may collect personal information directly from you when you:
- complete a website form;
- download a guide or request follow-up information;
- book a consultation through Calendly;
- send a WhatsApp message, email, or other direct communication;
- provide information during onboarding or service delivery; or
- use the admin area as an authorised user.
Aurestone may also receive information from public sources, professional advisers, government bodies, Companies House, HMRC, bookkeeping/accounting platforms, payroll systems, or other sources you authorise as part of a client engagement.
5. How and why we use personal information
| Purpose | Information used | Lawful basis |
|---|---|---|
| Responding to enquiries | Contact form details, WhatsApp or email messages, service interests, and business context you provide. | Legitimate interests and, where the enquiry relates to potential services, steps prior to entering into a contract. |
| Booking and managing calls | Booking details, calendar information, and any notes submitted when arranging a review. | Legitimate interests and steps prior to entering into a contract. |
| Providing accounting, tax, bookkeeping, payroll, advisory, or related services | Client, business, finance, accounting, tax, payroll, payment, and identity information relevant to the engagement. | Contract, legal obligations, legitimate interests, and in limited cases consent or substantial public interest where special category data is involved. |
| Meeting legal, regulatory, tax, anti-money laundering, professional, and record-keeping obligations | Client records, identity checks, engagement history, correspondence, invoices, and records required by law or professional standards. | Legal obligation and legitimate interests. |
| Running, securing, and improving the website | Essential cookies, admin session data, CMS records, and basic first-party interaction logging. | Legitimate interests and, for essential cookies, necessity to provide the website/admin functionality. |
| Sending service communications | Contact details and messages needed to respond to requests or provide information connected with an enquiry or service. | Legitimate interests, contract, or consent where required. |
Aurestone does not use automated decision-making or profiling that produces legal or similarly significant effects for website visitors.
6. Special category and sensitive information
The public website is not designed to collect special category data, such as health information, or highly sensitive financial documents. If a client engagement requires sensitive information, Aurestone will only process it where there is a lawful basis and where appropriate safeguards are in place.
If you accidentally send sensitive information through a general form, Aurestone may delete it, move it to a more appropriate system, or contact you to agree a safer way to proceed.
8. International transfers
Some technology providers used by the website or by professional service delivery may process personal information outside the UK. Where this happens, Aurestone expects appropriate safeguards to be used, such as adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms.
10. How long we keep information
Aurestone keeps personal information only for as long as reasonably needed for the relevant purpose, including legal, regulatory, professional, accounting, tax, insurance, and dispute-resolution reasons.
| Information | Typical retention approach |
|---|---|
| Website enquiries that do not become clients | Usually up to 12 months after the last meaningful contact, unless a longer period is needed for legal, complaint, or business continuity reasons. |
| WhatsApp click logs | Kept only as limited first-party interaction records and capped in the website data store. These records do not contain WhatsApp message content. |
| Booking records | Kept for as long as needed to manage the booking, follow up on the enquiry, and maintain reasonable business records. |
| Client service records | Kept for the period required by law, HMRC, Companies House, anti-money laundering rules, professional obligations, insurance, and legitimate business record-keeping needs. This can commonly be several years after the end of the client relationship. |
| Admin session cookies | The current admin session cookie is configured to expire after 7 days unless cleared earlier. |
11. How we protect information
Aurestone uses appropriate technical and organisational measures to protect personal information. These may include access controls, admin session protection, secure service providers, role-based access, password protection, data minimisation, and limiting access to people or providers who need it.
No website or email system can be guaranteed as completely secure. Please avoid sending sensitive documents through general forms or ordinary email unless a secure method has been agreed.
12. Marketing and service communications
Aurestone may send service-related messages in response to an enquiry, booking, download, or client relationship. If Aurestone sends optional marketing emails, you will be able to unsubscribe or opt out.
Aurestone does not sell personal information to third parties for marketing.
13. Your data protection rights
Under UK data protection law, you may have the right to:
- Be told how your personal information is used.
- Ask for access to your personal information.
- Ask for inaccurate information to be corrected.
- Ask for information to be erased in certain circumstances.
- Ask for processing to be restricted in certain circumstances.
- Object to processing based on legitimate interests in certain circumstances.
- Ask for certain information to be transferred to another provider where the right to data portability applies.
- Withdraw consent where processing is based on consent.
- Complain to the Information Commissioner's Office if you are unhappy with how your data is handled.
These rights are not absolute and may depend on the type of information, lawful basis, professional obligations, and legal requirements. To exercise a right, email fahad@aurestoneadvisory.com.
14. Complaints
If you are unhappy with how Aurestone handles your personal information, please contact Aurestone first so the issue can be reviewed.
You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator. The ICO website is ico.org.uk.
15. Changes to this policy
Aurestone may update this privacy policy from time to time to reflect changes in the website, services, legal requirements, or how personal information is handled. The latest version will be published on this page with an updated date.
16. Contact Aurestone
For privacy questions, data rights requests, or concerns about how your information is handled, contact:
Email: fahad@aurestoneadvisory.com
Practice: Aurestone Advisory, United Kingdom