Privacy
Policy

1.1 Personal Information

When you engage our services, we collect personal information necessary to provide professional tax advisory and HMRC investigation defence services:

• Full name, date of birth, and contact details
• National Insurance number and Unique Taxpayer Reference (UTR)
• Employment history and income information
• Tax returns and HMRC correspondence
• Bank account details for fee payments
• Immigration status (where relevant to tax planning)

1.2 Sensitive Personal Data

In certain cases, we may process special category data under GDPR Article 9, including:

• Health information (relevant to inheritance tax planning)
• Criminal proceedings data (for COP 9 criminal defence cases)
• Biometric data (for identity verification purposes)

We only process sensitive data where we have your explicit consent or where necessary for legal proceedings.

1.3 Technical Information

When you visit our website, we automatically collect technical data including IP address, browser type, device information, and pages visited. This data is used solely for website analytics and security purposes.

2.1 Contractual Necessity

• Providing tax advisory and compliance services
• Preparing and filing tax returns with HMRC
• Representing you in HMRC investigations (COP 8, COP 9)
• Estate and succession planning services
• Immigration and emigration tax planning

2.2 Legal Obligations

• Compliance with anti-money laundering (AML) regulations
• Reporting to HMRC where legally required
• Retention of records as required by professional bodies (ICAEW, CIOT)
• Responding to court orders and legal process

2.3 Legitimate Interests

• Protecting against fraud and maintaining professional indemnity
• Improving our services through client feedback analysis
• Sending relevant tax updates and legislative changes
• Marketing our services (with opt-out available at any time)

3.1 Professional Partners

We may share your information with trusted professional partners when necessary for your case:

• Bark & Co Solicitors - For COP 9 criminal defence representation
• Barristers and QCs - For specialist legal opinions in tax litigation
• Expert Witnesses - For forensic accounting and valuation services

All third-party professionals are bound by the same confidentiality obligations and data protection standards as Parousia Limited.

3.2 Regulatory Bodies

We may disclose information to:

• HMRC (where required by law or with your authorization)
• Professional regulatory bodies (ICAEW, CIOT) for compliance monitoring
• Courts and tribunals (in response to legal proceedings)
• National Crime Agency (for Suspicious Activity Reports under AML law)

3.3 Service Providers

We use carefully vetted service providers who process data on our behalf:

• Cloud storage providers (AWS, Microsoft Azure) - UK/EEA data centres
• Tax software platforms (for compliance and return preparation)
• Document management systems (encrypted storage)
• Communication platforms (encrypted email and video conferencing)

All service providers are bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28.

4.1 Retention Periods

We retain your personal data for the following periods:

• Active client files: Duration of engagement plus 7 years (HMRC time limits)
• COP 9 investigation files: 10 years from case closure
• AML verification records: 5 years from end of business relationship
• Financial records: 6 years (Companies Act requirement)
• Marketing communications: Until you unsubscribe or 3 years of inactivity

4.2 Security Measures

We implement robust security measures to protect your data:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access with multi-factor authentication
• Physical Security: Secure premises with restricted access and CCTV
• Backup Systems: Daily encrypted backups stored in UK data centres
• Staff Training: Annual data protection and security awareness training
• Incident Response: 24-hour breach detection and response protocols

4.3 International Transfers

We primarily store data within the UK and EEA. Where international transfers are necessary (e.g., for clients with overseas assets), we ensure adequate safeguards through:

• EU Standard Contractual Clauses (SCCs)
• Transfers to countries with adequacy decisions from the UK Information Commissioner
• Specific consent where required

6.1 Essential Cookies

We use strictly necessary cookies to provide basic website functionality, including session management and security features. These cookies do not require consent.

6.2 Analytics Cookies

With your consent, we use analytics cookies to understand how visitors use our website:

• Google Analytics: Anonymized IP addresses, aggregated statistics
• Retention: 26 months from last interaction
• Purpose: Website improvement and content optimization

6.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner (adjust preferences at any time)
• Browser settings (block or delete cookies)
• Third-party opt-out tools (e.g., Google Analytics Opt-out)