Privacy Policy
Last updated: 16 June 2026
This Privacy Policy explains how Oh Bother Bookkeeping & Admin (“we”, “us”, “our”) collects, uses, stores and protects your personal data, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your privacy and handling your information responsibly.
1. Who we are
Oh Bother Bookkeeping & Admin is the data controller responsible for your personal data. We provide bookkeeping and virtual admin services to sole traders and small businesses in the United Kingdom.
Contact for data protection matters:
Email: hello@ohbotherbookkeeping.co.uk
Location: Scarborough, North Yorkshire, United Kingdom
ICO registration number: [insert your ICO registration number]
2. What personal data we collect
Depending on how you interact with us, we may collect:
| Category | Examples |
|---|---|
| Contact & enquiry data | Name, email address, and any message you send via our website sign-up or contact forms. |
| Client & account data | Business name, contact details, and information needed to set up and manage your services. |
| Financial & bookkeeping data | Transaction records, invoices, expenses, bank/accounting data and supporting documents you provide so we can carry out bookkeeping and admin work. |
| Technical data | Limited information such as IP address and browser type, used to keep the website secure and working. |
We do not intentionally collect “special category” data (such as health or ethnicity). Please do not send us such information unless it is necessary and we have asked for it.
3. How we use your data and our lawful basis
Under UK GDPR we must have a lawful basis for using your data. We rely on:
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries and sending you launch / service updates you asked for | Consent — which you can withdraw at any time. |
| Providing our bookkeeping and admin services to you | Contract — processing necessary to deliver the service you’ve engaged us for. |
| Keeping financial and tax records | Legal obligation — e.g. HMRC and accounting record-keeping requirements. |
| Keeping our website and systems secure, and improving our service | Legitimate interests — kept to what is reasonable and not overriding your rights. |
4. Marketing communications
If you sign up to hear from us, we’ll only use your email to send updates about Oh Bother. We will never sell or rent your details. Every marketing email includes an unsubscribe option, and you can opt out at any time by emailing us.
5. Who we share your data with
We do not sell your personal data. We share it only with trusted service providers (“processors”) who help us run our business, under written data processing agreements. These include:
| Provider | Purpose | Data location |
|---|---|---|
| Supabase | Secure database & document storage | UK / EU (London region) |
| Netlify | Website hosting & form handling | EU/UK edge; encrypted in transit |
| Google Workspace | Email correspondence & notifications | EU/UK |
| Accounting software (e.g. Xero) | Bookkeeping carried out on your behalf | UK / EU |
We may also disclose data where legally required (for example, to HMRC or in response to a lawful request).
6. Where your data is stored (international transfers)
Your data is stored on servers located in the United Kingdom / European region (London). Because data remains within the UK and EU — which are recognised as providing equivalent data protection — there is no transfer to a country without adequate safeguards. Should this ever change, we will put appropriate safeguards (such as the UK International Data Transfer Agreement) in place and update this policy.
7. How we keep your data secure
We use appropriate technical and organisational measures, including:
- Encryption in transit — the entire website is served over HTTPS (TLS 1.2/1.3), with HTTP automatically redirected to HTTPS.
- Encryption at rest — data and documents are stored using AES-256 encryption.
- Access controls — client data is protected by row-level security and authenticated logins, so each account can only access its own information.
- Least-privilege access — only authorised staff can access personal data, and only what they need.
No method of transmission or storage is ever completely secure, but we take reasonable steps to protect your information and to detect and respond to any issues.
8. How long we keep your data
We keep personal data only as long as necessary. Financial and tax records are retained for at least six years to meet HMRC and legal requirements. Enquiry and marketing data is kept until you ask us to remove it or it is no longer needed. After that, data is securely deleted.
9. Your rights
Under UK GDPR you have the right to:
- Be informed about how your data is used (this policy);
- Access the personal data we hold about you;
- Have inaccurate data corrected;
- Have your data erased (where there is no overriding legal reason to keep it);
- Restrict or object to certain processing;
- Data portability — receive your data in a usable format;
- Withdraw consent at any time, where we rely on consent.
To exercise any of these rights, email hello@ohbotherbookkeeping.co.uk. We will respond within one month.
10. Cookies
Our website uses only essential cookies/technologies needed for it to function and stay secure. We do not currently use advertising or third-party tracking cookies. If we introduce analytics or non-essential cookies in future, we will ask for your consent first and update this policy.
11. Complaints
We’d always like the chance to resolve any concern first, so please contact us. You also have the right to complain to the UK supervisory authority, the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
12. Changes to this policy
We may update this Privacy Policy from time to time. The “last updated” date at the top shows when it was last revised. Significant changes will be highlighted on our website.