Privacy policy
Your data, our duty of care.
How Counts & Accounts collects and uses personal data when you visit our website, contact us, apply to work with us, or come to our office. Written in plain English. The full controlled Privacy Notice is available on request.
Effective 1 May 2026 · Version 1.0 · Reviewed annually
The short version
If you only read four boxes on this page, read these.
No data sales, ever
We don't sell
We never sell your personal data, period.
No advertising cookies
No tracking ads
We don't use third-party advertising or cross-site tracking.
Stored in India
Where it goes
We are based in Rajkot, Gujarat, India. Where personal data is transferred from the UK, we rely on the UK IDTA and/or SCCs with appropriate safeguards.
Get in touch
Reply within 1 business day. Substantive response within a calendar month.
Who we are
For the purposes of this Privacy Policy.
Counts & Accounts (“we”, “us”) is a sole proprietorship registered in India. The proprietor is Priya Pradeep Nair, ACCA Member. We are based in Rajkot, Gujarat, India.
For data we collect about you on this website or in your dealings with our firm directly, we are the data controller under UK GDPR and equivalent laws in Australia, New Zealand, and India.
Where we process data on behalf of the client practices we work with, as part of our Subcontracted finance and accounting support services, we operate as a data processor only. That processing is governed by our Data Protection & Privacy Policy and the agreement signed with each client practice — and is outside the scope of this page.
What we collect, and why
The data, the source, and what we use it for.
United Kingdom
IP address, browser, pages visited, time of visit, cookie identifiers (only with consent).
Site operation, security, performance.
Contact form
Name, work e-mail, telephone (optional), firm name, message.
Replying to your enquiry.
Newsletter (if subscribed)
Name, e-mail, firm name (optional).
Sending you the newsletter you asked for.
Sales prospects
Names, work e-mail, telephone, firm name, role, public LinkedIn information.
Outreach and qualification.
Job candidates
CV, contact details, work history, references.
Recruitment and selection.
Office visitors
Name, organisation, time and purpose of visit.
Physical access control and security.
Sensitive personal data
We do not knowingly collect special-category data — health, biometrics, ethnicity, religious beliefs — through this site. Please don't include sensitive details in contact-form messages.
Children's data
Our website is intended for accounting professionals, not children. We do not knowingly collect personal data from anyone under 16. If you believe we have, contact support@countsandaccounts.com and we'll delete it.
Where the data comes from
Most personal data comes from you directly. For sales prospecting, we may also use publicly available business sources such as LinkedIn and your firm's website.
We rely on the following lawful bases. Equivalent grounds apply under UK GDPR, EU GDPR, the Australian Privacy Act 1988, the New Zealand Privacy Act 2020, the Indian DPDP Act 2023, and other applicable data protection laws in your jurisdiction.
Why we’re allowed to use your data
Replying to your enquiry
Steps taken at your request before entering an agreement
Sales outreach to qualified prospects
Running and promoting our business in a proportionate way
Newsletter
Your opt-in, withdrawable at any time
Recruitment
Steps taken at your request toward possible employment or engagement
Non-essential cookies / analytics
Where applicable, set only with your opt-in
Security and abuse prevention
Protecting our service, our users, and the public
Compliance with legal obligations
Tax, AML, court orders, lawful regulator requests
Who else sees your data
A short, complete list. We do not sell data.
Microsoft 365
E-mail, OneDrive, Teams. Hosts our productivity environment under standard contractual data protections, including safeguards for cross-border data transfers.
Website hosting / analytics
Operating the website. Analytics is set only where you have consented through the cookie banner.
Newsletter provider
Delivering the newsletter you have subscribed to. You can unsubscribe at any time.
Professional advisers
Legal, accounting, insurance — only where necessary to obtain advice or pursue our legitimate business interests.
Regulators and law enforcement
Where required by law, court order, or a lawful regulatory request.
Where your data goes
We are based in India and serve clients globally. When your personal data crosses borders to reach us, we apply contractual safeguards appropriate to the jurisdiction your data originates from. The frameworks below apply to our top markets; comparable protections apply for visitors and clients elsewhere.
UK to India
UK IDTA
UK International Data Transfer Agreement, or EU SCCs with the UK Addendum. Transfer Risk Assessment reviewed annually.
Australia to India
APP 8
Australian Privacy Principle 8 accountability framework, with equivalent contractual protection under our agreements.
New Zealand to India
IPP 12
OPC IPP 12 Model Clauses incorporated into our engagement terms.
All other jurisdictions
SCCs / equivalent
EU Standard Contractual Clauses, or comparable contractual safeguards required by your local data protection law.
How we keep your data safe
A high-level summary. Full technical and organisational measures are documented in our internal Information Security Policy and aligned to ISO/IEC 27001:2022.
Encryption
TLS 1.2+ in transit, AES-256 at rest, full-disk encryption on every device that touches your data.
Access controls
Multi-factor authentication on every system. Named accounts, least privilege, quarterly access reviews.
Incident response
Documented breach procedure. Notification within statutory windows. Post-incident review and lessons learned.
Independent assurance
ISO 27001:2022 readiness in progress. Full certification, ISO 27701, and SOC 2 Type II are part of our roadmap.
Your rights
Subject to applicable law, you can do all of the following.
A
Access
Ask for a copy of the personal data we hold about you.
R
Rectify
Ask us to correct anything that is inaccurate or incomplete.
E
Erase
Ask us to delete your data, subject to our legal obligations.
L
Restrict
Ask us to limit how we use your data while a question is being resolved.
P
Portability
Ask us to transfer your data to another controller in a usable format.
O
Object
Object to processing based on legitimate interests, including direct marketing.
W
Withdraw
Where we rely on your consent, you can withdraw it at any time.
!
Complain
Lodge a complaint with the ICO (UK), OAIC (AU), OPC (NZ), or DPBI (India).
No automated decisions or profiling. We do not use your personal data to make any solely automated decisions, and we do not profile you. Every decision involving your data is made by a person at Counts & Accounts.
Regional rights and where to complain
Depending on where you live, additional rights may apply to you and a different supervisory authority handles complaints.
Other jurisdictions: rights under your applicable local data protection law. Contact us at support@countsandaccounts.com and we'll work with you to honour them.
UK: UK GDPR rights apply directly. Complaints to the ICO.
EU / EEA: EU GDPR rights apply. Complaints to your local supervisory authority.
India: DPDP Act 2023, including consent withdrawal and grievance redress. Complaints to the Data Protection Board of India.
California, USA: additional rights under CCPA / CPRA, including the right to know and the right to delete. We do not sell or share personal data for cross-context advertising.
Brazil: rights under the LGPD. Complaints to the ANPD.
Canada: rights under PIPEDA and provincial privacy laws. Complaints to the Office of the Privacy Commissioner of Canada.
How long we keep your data
Briefly. Full schedule is in our internal Records Retention Schedule (CA-REG-RET-001).
Contact form submissions and enquiry correspondence
2 years from last interaction
Sales prospect data
3 years from last contact
Newsletter subscriber data
Until you unsubscribe
Recruitment records (unsuccessful)
12 months from close of role
Office visitor logs
12 months
Web server access logs
12 months
Cookies
A brief, plain-English summary.
Our website uses a small number of cookies for basic functionality. We do not use third-party advertising or cross-site tracking cookies.
We are working on more granular cookie controls and a dedicated cookie information page. In the meantime, if you have any questions about our use of cookies, contact us at support@countsandaccounts.com.
Changes to this policy
How we keep this page current.
We review this policy at least once a year, and immediately if we make a material change to the personal data we collect or how we use it. The version-and-date stamp at the top of this page reflects the current state.
Where a change materially affects you and we have your contact details, we'll notify you directly. Otherwise, the change is effective from the date shown.
Previous versions are kept for at least seven years and are available on request from support@countsandaccounts.com.
Questions or a request?
Talk to our Data Protection Contact
Our Data Protection Lead handles privacy enquiries directly. Whether you want a copy of your data, want to be deleted, or just want to ask a question, drop a line.
We aim to acknowledge within 1 business day, with a substantive response within one calendar month under UK GDPR (or as required by your local law).
Note. This page is the public version of our Privacy Notice (controlled document reference CA-PUB-PN-001). The internal Notice is the formal record; this page is the plain-English summary written for visitors. If you want the full controlled document, contact us at support@countsandaccounts.com.
