Company Information & Privacy Policy

1.Introduction

IP Tax Solutions Ltd ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully to understand our practices regarding your personal data.

2. Who We Are

Company Name: IP Tax Solutions Ltd
Company Registration: England and Wales, Company No. 08353805
Registered Office: M-SParc, Menai Science Park, Gaerwen, Anglesey, United Kingdom LL60 6AG
VAT Registration: GB 155 1957 93
Website: https://www.iptaxsolutions.co.uk

Professional Regulation:
We are regulated by the Institute of Chartered Accountants in England and Wales (ICAEW).
ICAEW Registration: View our verified ICAEW listing

Data Controller:
IP Tax Solutions Ltd is the data controller responsible for your personal data. We are registered with the Information Commissioner's Office (ICO).
ICO Registration Number: ZA151474
ICO Registration: View our ICO registration

Data Protection Contact:
Mr Steven Livingston FCA, Principal and Managing Director
Email: info@iptaxsolutions.co.uk
Phone: 0161 961 0096
Address: M-SParc, Menai Science Park, Gaerwen, Anglesey LL60 6AG

3. Professional Indemnity Insurance

In accordance with the disclosure requirements of the Provision of Services Regulations 2009, we maintain professional indemnity insurance as required by our professional body (ICAEW).

Insurer: Hiscox Insurance Company Limited
Insurer Address: 22 Bishopsgate, London EC2N 4BQ, United Kingdom
Policy Type: Professional Indemnity Insurance

Territorial Coverage:
Worldwide, excluding:

• Professional business carried out from an office in the United States of America or Canada
• Any action for a claim brought in any court in the United States of America or Canada

Our professional indemnity insurance provides cover for claims arising from our professional services, protecting both our clients and our business in accordance with ICAEW requirements.

4. What Personal Data We Collect

We collect and process the following categories of personal data:

4.1 Contact Information

• Full name
• Business name and position
• Email address
• Telephone number
• Postal address
• Company registration details

4.2 Professional Information

• Details of your business activities
• Research and development project information
• Financial information (turnover, costs, expenditure)
• Employee information (headcount, roles, salaries)
• Patent and intellectual property details
• Investment information (for SEIS/EIS services)

4.3 Financial and Tax Information

• Corporation Tax details
• VAT registration details
• Bank account details (for payment processing)
• Previous tax credit claims
• HMRC correspondence and documentation
• Accounting records and financial statements

4.4 Technical and Usage Data

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referral source
• Cookie data (see Section 12)

4.5 Marketing and Communications Data

• Your marketing preferences
• Newsletter subscription status
• Communication history with us
• Responses to surveys and feedback requests

5. How We Collect Your Personal Data

We collect personal data through:

5.1 Direct Interactions

• When you enquire about our services
• When you engage us to provide services
• When you subscribe to our newsletter
• When you contact us by email, phone, or post
• When you attend our events or webinars
• When you fill in forms on our website

5.2 Automated Technologies

• Cookies and similar tracking technologies on our website
• Website analytics tools (Google Analytics)
• Email marketing platforms (engagement tracking)

5.3 Third Parties

• HMRC (in connection with tax credit claims and enquiries)
• Your accountants or financial advisors (with your consent)
• Companies House (publicly available company information)
• Credit reference agencies (for due diligence purposes)

6. Legal Basis for Processing Your Data

We process your personal data on the following legal bases:

6.1 Contract Performance

When you engage our services, we process your data to:

• Take steps to enter into a contract with you
• Perform our contractual obligations to you
• Provide R&D tax credit, Patent Box, SEIS/EIS, or HMRC enquiry services
• Communicate with you about your claim or case
• Invoice you for our services

Legal Basis: Processing is necessary for the performance of a contract with you (UK GDPR Article 6(1)(b))

6.2 Legal Obligation

We process your data to comply with:

• HMRC regulations and tax legislation
• Anti-money laundering regulations
• ICAEW professional conduct and practice regulations
• Companies Act requirements
• Other applicable UK laws

Legal Basis: Processing is necessary for compliance with a legal obligation (UK GDPR Article 6(1)(c))

6.3 Legitimate Interests

We process your data for our legitimate business interests:

• Responding to enquiries about our services
• Marketing our services to businesses that may benefit
• Improving our website and services
• Network and information security
• Preventing fraud and criminal activity
• Business administration and development

Legal Basis: Processing is necessary for our legitimate interests (UK GDPR Article 6(1)(f))

We have assessed that our legitimate interests do not override your rights and freedoms.

6.4 Consent

We will ask for your explicit consent to:

• Send you marketing emails and newsletters
• Use cookies beyond strictly necessary ones
• Process sensitive personal data (if applicable)

Legal Basis: You have given consent to the processing (UK GDPR Article 6(1)(a))

You have the right to withdraw consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

7. How We Use Your Personal Data

We use your personal data for the following purposes:

7.1 Service Delivery

• Assessing your eligibility for tax relief schemes
• Preparing R&D tax credit claims
• Preparing Patent Box computations
• Preparing SEIS/EIS advance assurance applications
• Defending HMRC enquiries into tax claims
• Submitting claims and applications to HMRC
• Corresponding with HMRC on your behalf
• Providing advice and recommendations
• Project management and case tracking

7.2 Business Administration

• Client onboarding and know-your-client checks
• Anti-money laundering verification
• Invoicing and payment processing
• Maintaining client records
• Quality assurance and file reviews
• Professional indemnity insurance purposes
• Compliance with professional regulations

7.3 Communication

• Responding to your enquiries
• Providing updates on your case
• Notifying you of changes to our services or terms
• Sending you technical updates relevant to your claim
• Requesting feedback on our services

7.4 Marketing (with consent)

• Sending newsletters about tax relief opportunities
• Sharing case studies and insights
• Inviting you to webinars and events
• Promoting additional services you may benefit from

7.5 Website Improvement

• Analysing website usage and performance
• Improving user experience
• Testing new features
• Security and fraud prevention

8. Who We Share Your Personal Data With

We share your personal data with the following categories of recipients:

8.1 Government and Regulatory Bodies

• HM Revenue & Customs (HMRC): To submit tax credit claims, respond to enquiries, and obtain advance assurance
• Companies House: For company verification purposes
• Information Commissioner's Office (ICO): If required by law
• ICAEW: For regulatory compliance and professional conduct matters

8.2 Service Providers and Processors

We use trusted third-party service providers to support our business operations:

Cloud Services and Software:

• Google Workspace (email, document storage, collaboration)
• Xero (accounting and bookkeeping)
• Iris Elements (tax computation software)
• TaxCalc (tax computation software)
• Client Engager (workflow and practice management)
• Veriphy (client verification and compliance)
• ConvertKit (email marketing and newsletters)
• Inform Direct (company secretarial)
• Slack (communication)
• Stripe / GoCardless / Adfin (payment processing)

IT and Communication Services:

• Website hosting providers (secure hosting)
• Email service providers (Google Workspace)
• Video conferencing platforms (Google, Zoom, Microsoft Teams)
• Cloud storage providers (Google Drive, Dropbox)

Professional Services:

• Technical experts (for specialised R&D assessments)
• Legal advisors (for complex HMRC cases)
• Professional indemnity insurers (for claims purposes)

8.3 Data Processing Agreements

All third-party service providers are required to:

• Process your data only on our instructions
• Maintain appropriate security measures
• Comply with UK GDPR requirements
• Have a written Data Processing Agreement with us

8.4 International Data Transfers

Some of our service providers may process data outside the UK. Where data is transferred internationally, we ensure that:

• The recipient country has an adequacy decision from the UK government, OR
• We have appropriate safeguards in place (Standard Contractual Clauses, UK GDPR Article 46)
• Your rights and protections travel with your data

8.5 Other Third Parties

We may share your data with:

• Your accountants or advisors (with your consent)
• Law enforcement agencies (if required by law)
• Courts and tribunals (in legal proceedings)
• Professional advisors (lawyers, auditors, insurers)
• Potential buyers (in the event of a business sale, with anonymisation where possible)

9. How Long We Retain Your Data

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, and to comply with legal and regulatory requirements.

9.1 Client Records

Retention Period: 7 years after the end of the engagement

Reasons:

• ICAEW professional practice regulations require 6 years minimum
• HMRC may enquire into tax claims for up to 6 years (or longer in cases of suspected fraud)
• Limitation period for professional negligence claims is 6 years
• We retain for 7 years to ensure full compliance

What we retain:

• Engagement letters and contracts
• Technical documentation and reports
• Correspondence with you and HMRC
• Financial information and calculations
• Supporting evidence and documentation
• File notes and internal communications

9.2 Marketing and Newsletter Data

Retention Period: Until you unsubscribe or withdraw consent

Reasons:

• Based on your ongoing consent
• You can withdraw consent at any time

9.3 Website and Analytics Data

Retention Period: 26 months (Google Analytics default)

Reasons:

• To analyse trends and improve website
• Automatically deleted after 26 months

9.4 Enquiry Data (Non-Clients)

Retention Period: 12 months from last contact

Reasons:

• To respond to your enquiry
• To follow up if you expressed interest
• Deleted after 12 months if no engagement

9.5 Accounting and Tax Records

Retention Period: 7 years minimum (UK law)

Reasons:

• Required by UK tax law
• Required for audit purposes

9.6 Legal and Regulatory Requirements

We may retain data longer if:

• Required by law or regulation
• Necessary for legal proceedings
• Required by HMRC for an ongoing enquiry
• Required by our professional indemnity insurer

10. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

10.1 Right of Access (Article 15)

You have the right to obtain:

• Confirmation whether we process your personal data
• A copy of your personal data
• Information about how we use your data

How to exercise: Email info@iptaxsolutions.co.uk with "Data Access Request" in the subject line

Response time: Within 1 month (extendable to 3 months for complex requests)

Cost: Free for first request; reasonable fee for additional copies

10.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if incomplete.

How to exercise: Email us with the correct information

Response time: Within 1 month

10.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data where:

• It's no longer necessary for the purpose collected
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding legitimate grounds
• It was unlawfully processed
• It must be erased to comply with a legal obligation

Important exceptions: We may refuse erasure if we need the data to:

• Comply with a legal obligation (e.g., HMRC regulations, ICAEW rules)
• Establish, exercise, or defend legal claims
• Fulfill our 7-year retention obligation for client files

10.4 Right to Restriction of Processing (Article 18)

You can request we restrict processing while we:

• Verify accuracy of data you've contested
• Consider your objection to processing
• Keep data you need for legal claims even though we no longer need it

10.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and transmit it to another controller where:

• Processing is based on consent or contract
• Processing is carried out by automated means

10.6 Right to Object (Article 21)

You have the right to object to processing based on:

• Legitimate interests: We must stop processing unless we can demonstrate compelling legitimate grounds that override your rights
• Direct marketing: We must stop processing for marketing purposes (absolute right)
• Profiling and automated decision-making: You can object to decisions based solely on automated processing

10.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

How to exercise:

• Email marketing: Click "Unsubscribe" in any email or email info@iptaxsolutions.co.uk
• Other consent: Email info@iptaxsolutions.co.uk

Effect: We will stop processing from the point of withdrawal (does not affect prior lawful processing)

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

ICO Contact:

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at info@iptaxsolutions.co.uk.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

11.1 Technical Measures

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access controls: Role-based access, multi-factor authentication
• Firewalls and anti-malware: Regular updates and monitoring
• Secure backups: Encrypted daily backups with offsite storage
• Network security: Intrusion detection and prevention systems
• Secure email: Encrypted email for sensitive communications

11.2 Organizational Measures

• Staff training: Regular data protection and security training
• Confidentiality agreements: All staff and contractors sign NDAs
• Access limitations: Data access on need-to-know basis only
• Clear desk policy: Physical documents secured when not in use
• Incident response plan: Procedures for data breach detection and response
• Regular reviews: Annual security audits and risk assessments

11.3 Third-Party Security

• All cloud service providers are ISO 27001 certified or equivalent
• Data Processing Agreements with all processors
• Regular vendor security assessments
• Contractual security requirements

11.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware
• Notify you without undue delay if the breach is likely to result in high risk to you
• Document the breach and our response

12. Cookies and Website Tracking

12.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide you with a better experience and allow certain website features to function.

12.2 Types of Cookies We Use

Strictly Necessary Cookies

• Purpose: Essential for website functionality (security, authentication, preferences)
• Legal Basis: Legitimate interests (website operation)
• Examples: Session cookies, security cookies
• Can be disabled? No - website will not function properly

Performance and Analytics Cookies

• Purpose: Help us understand how visitors use our website
• Tools: Google Analytics 4 (GA4)
• Legal Basis: Consent
• Data collected: Page views, time on site, bounce rate, referral source, device type (anonymised IP addresses)
• Can be disabled? Yes - via cookie banner or browser settings

Functionality Cookies

• Purpose: Remember your preferences (language, region, consent choices)
• Legal Basis: Legitimate interests or consent
• Can be disabled? Yes - some functionality may be limited

Marketing Cookies (if applicable in future)

• Purpose: Track your activity across websites to show relevant ads
• Legal Basis: Consent (explicit opt-in required)
• Can be disabled? Yes - via cookie banner

12.3 Third-Party Cookies

Our website may set third-party cookies from:

• Google Analytics: Website analytics (privacy policy: https://policies.google.com/privacy)
• YouTube: If we embed videos (privacy policy: https://policies.google.com/privacy)
• LinkedIn: If you interact with LinkedIn sharing buttons

12.4 Cookie Consent

When you first visit our website, you will see a cookie banner asking for your consent to non-essential cookies. You can:

• Accept all cookies
• Reject non-essential cookies
• Customise your preferences

12.5 Managing Cookies

You can control cookies through:

• Our cookie banner: Change preferences at any time (link in footer)
• Browser settings: Block or delete cookies
  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Cookies
  • Edge: Settings → Cookies and site permissions

Note: Disabling cookies may affect website functionality.

12.6 Cookie Duration

• Session cookies: Deleted when you close your browser
• Persistent cookies: Remain for a set period (typically 12-26 months)

13. Website Features and Embedded Content

13.1 Contact Forms

When you submit a contact form or enquiry form on our website:

• We collect: Name, email, phone, company name, message content
• Purpose: To respond to your enquiry
• Legal basis: Legitimate interests (responding to enquiries)
• Storage: Stored in our CRM system and email
• Retention: 12 months if no engagement; 7 years if we provide services

13.2 Newsletter Subscription

When you subscribe to our newsletter:

• We collect: Email address, name (optional), company name (optional)
• Purpose: To send you updates, insights, and tax relief information
• Legal basis: Consent
• Platform: ConvertKit
• You can unsubscribe at any time (link in every email)

13.3 Embedded Content

Our website may include embedded content from other websites (videos, social media posts):

• YouTube videos: May set cookies and track viewing
• LinkedIn posts: May track interaction if you're logged into LinkedIn
• Twitter/X posts: May set tracking cookies

When you interact with embedded content, the third-party website may collect data about you according to their own privacy policy. We recommend reviewing their policies:

• YouTube: https://policies.google.com/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Twitter/X: https://twitter.com/en/privacy

13.4 Social Media Sharing

Our website includes social media sharing buttons. When you click these:

• You may be tracked by the social media platform
• We do not receive your social media data
• The platform's privacy policy applies

13.5 Blog Comments (if applicable)

If you leave a comment on our blog:

• We collect: Name, email, website (optional), comment content, IP address
• Purpose: To display your comment and prevent spam
• Legal basis: Legitimate interests (blog functionality and spam prevention)
• You may opt-in to save your details in cookies for convenience (1-year duration)
• We reserve the right to moderate and remove inappropriate comments

14. Email Communications

14.1 Service Emails

If you are a client, we will send you emails related to your engagement:

• Engagement updates and requests for information
• HMRC correspondence and claim updates
• Invoices and payment reminders
• Technical queries related to your case

Legal basis: Contract performance and legitimate interests
Opt-out: You cannot opt out of service emails while we're working on your case

14.2 Marketing Emails

If you have consented, we will send you:

• Newsletter with tax relief updates and insights
• Invitations to webinars and events
• Information about services you may benefit from
• Case studies and blog post notifications

Legal basis: Consent (opt-in)
Opt-out: Click "Unsubscribe" in any email or email info@iptaxsolutions.co.uk
Frequency: Typically monthly (newsletter); occasional event invitations

14.3 Email Tracking

Our marketing emails may include:

• Open tracking: To see if you opened the email
• Click tracking: To see which links you clicked

Purpose: To improve our content and understand what's relevant to you
Opt-out: Email preferences can be managed via unsubscribe link

15. Children's Privacy

Our services are exclusively for businesses and are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@iptaxsolutions.co.uk.

16. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

All decisions regarding:

• Eligibility for tax relief schemes
• Claim valuations
• Service acceptance

are made by qualified human professionals (Steve Livingston FCA and team), not automated systems.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

• Our practices
• Legal requirements
• Technology and security measures

When we update this policy:

• We will update the "Last updated" date at the top
• Material changes will be notified via email (if you're a client or subscriber)
• We will post the updated policy on our website

Your responsibility: Please review this policy periodically

Continued use: Your continued use of our services after changes constitutes acceptance of the updated policy

18. Legal and Regulatory Framework

This Privacy Policy complies with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR) 2003
• Provision of Services Regulations 2009
• ICAEW professional conduct and practice regulations
• Anti-Money Laundering Regulations 2017

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data:

Data Protection Contact:
Mr Steven Livingston FCA
Principal and Managing Director
IP Tax Solutions Ltd

Email: info@iptaxsolutions.co.uk
Phone: 0161 961 0096
Post: M-SParc, Menai Science Park, Gaerwen, Anglesey LL60 6AG, United Kingdom

Office Hours: Monday-Friday, 9:00 AM - 5:30 PM GMT

Response Time: We aim to respond to all data protection enquiries within 2 business days.

20. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Textphone: 01625 545 860 (for those with hearing or speech difficulties)
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Before contacting the ICO: We encourage you to contact us first so we can address your concerns directly.

Appendix: Data Processing Summary

Data Controller: IP Tax Solutions Ltd (Company No. 08353805)
ICO Registration: ZA151474
Professional Regulation: ICAEW
Professional Indemnity Insurer: Hiscox Insurance Company Limited

Categories of Data Processed:

• Contact and identity data
• Professional and business data
• Financial and tax data
• Technical and usage data
• Marketing and communications data

Purposes of Processing:

• Service delivery (R&D, Patent Box, SEIS/EIS, HMRC enquiry)
• Legal and regulatory compliance
• Business administration
• Marketing (with consent)
• Website improvement

Legal Bases:

• Contract performance (Article 6(1)(b))
• Legal obligation (Article 6(1)(c))
• Legitimate interests (Article 6(1)(f))
• Consent (Article 6(1)(a))

Retention Period: 7 years (client files); varies by data type
International Transfers: Limited, with appropriate safeguards
Your Rights: Access, rectification, erasure, restriction, portability, objection, withdraw consent, complain to ICO

Last updated: 15 January 2026
Version: 2.0
Effective Date: 15 January 2026

© 2026 IP Tax Solutions Ltd. All rights reserved.