Privacy Policy
Last updated: 13 July 2026
1. Introduction
Whitemoor Business Management & Royalties LLP (“Whitemoor”, “we”, “our” or “us”) is committed to protecting and respecting your privacy. We recognise the importance of safeguarding personal information and are committed to processing it fairly, lawfully and transparently.
This Privacy Policy explains how we collect, use, disclose, retain and protect your personal data when you:
- Visit our website.
- Contact us by telephone, email or post.
- Make an enquiry about our services.
- Engage us to provide professional services.
- Use our secure client portal.
- Interact with us through social media.
- Otherwise provide us with your personal information.
This Privacy Policy applies to:
Whitemoor Business Management & Royalties LLP (trading as Whitemoor)
Registered Company Number: OC452010
Registered Office: Fifth Floor, Klaco House, 28 St John’s Square, London EC1M 4DN
Registered in England and Wales.
Please read this Privacy Policy carefully to understand how and why we process your personal data.
2. Data Protection Legislation
Whitemoor processes personal data in accordance with:
- The UK General Data Protection Regulation (UK GDPR).
- The Data Protection Act 2018.
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), as amended.
- Any other applicable UK data protection legislation.
Where we process personal data relating to individuals located outside the United Kingdom, we will also comply with any applicable local data protection laws where required.
3. Data Controller
For the purposes of UK data protection legislation, Whitemoor Business Management & Royalties LLP is the Data Controller responsible for determining how and why your personal data is processed.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Lead.
Data Protection Lead
Gareth Murfin
Whitemoor Business Management & Royalties LLP
Fifth Floor, Klaco House
28 St John’s Square
London EC1M 4DN
Email: privacy@whitemoorllp.co.uk
Telephone: 020 7251 8311
4. Definitions
Personal Data means any information relating to an identified or identifiable individual.
Special Category Data means personal data that receives additional legal protection under the UK GDPR, including information relating to health, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data used for identification, sex life or sexual orientation.
Criminal Offence Data means information relating to criminal convictions, offences or related security measures.
Processing means any operation carried out on personal data including collecting, recording, organising, storing, adapting, retrieving, using, sharing, restricting or deleting it.
5. The Personal Data We Collect
Depending on the nature of our relationship with you, we may collect and process the following categories of personal data.
Identity Information
This may include:
- Full name.
- Title.
- Date of birth.
- Nationality.
- Passport details.
- Driving licence details.
- National Insurance number.
- Unique Taxpayer Reference (UTR).
- Companies House information.
- Photographic identification used for identity verification.
Contact Information
This may include:
- Postal address.
- Billing address.
- Email address.
- Telephone numbers.
- Business contact details.
Financial Information
Including:
- Bank account details.
- Payment information.
- Accounting records.
- Bookkeeping records.
- Royalty statements.
- Financial transactions.
- Tax information.
Employment Information
Including:
- Employer details.
- Employment history.
- Payroll information.
- Pension information.
- Salary information.
Business Information
Including:
- Company information.
- Partnership details.
- Shareholder information.
- Director information.
- Trust information.
- Beneficial ownership information.
- Business correspondence.
Identity Verification Information
Where required by law, we may collect:
- Passport copies.
- Driving licences.
- Proof of address.
- Company ownership documentation.
- Beneficial ownership information.
- Source of funds and, where appropriate, source of wealth information.
Technical Information
When you use our website, we may collect:
- IP address.
- Browser type and version.
- Operating system.
- Device information.
- Referring website.
- Pages viewed.
- Dates and times of access.
- Website usage statistics.
- Cookie identifiers.
Communications
We may retain records of:
- Emails.
- Telephone calls.
- Correspondence.
- Meeting notes.
- Website enquiries.
- Feedback.
6. Special Category Data
Where necessary for the provision of our professional services or to comply with legal obligations, we may process Special Category Data.
We only process Special Category Data where an appropriate lawful basis and additional condition under UK data protection legislation applies.
7. Criminal Offence Data
As part of our legal and regulatory obligations, including compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), the Proceeds of Crime Act 2002 and the Terrorism Act 2000, we may process Criminal Offence Data where permitted or required by law.
8. How We Collect Your Personal Data
We may collect personal data:
- Directly from you.
- From your employer or organisation.
- From authorised third parties acting on your behalf.
- From publicly available sources including Companies House and HMRC where appropriate.
- Through our website and cookies.
- Through our secure client portal.
9. Why We Process Your Personal Data
We process personal data for purposes including:
- Providing accountancy, taxation, payroll, royalty management and business management services.
- Managing client relationships.
- Responding to enquiries.
- Administering contracts and engagements.
- Verifying identity.
- Complying with anti-money laundering legislation.
- Meeting legal and regulatory obligations.
- Preventing fraud and financial crime.
- Protecting our legal rights.
- Improving our website and services.
- Administering our secure client portal.
- Sending marketing communications where permitted by law or with your consent.
10. Lawful Bases for Processing
Depending on the circumstances, we process personal data on one or more of the following lawful bases:
- Performance of a contract.
- Compliance with a legal obligation.
- Legitimate interests pursued by Whitemoor, provided these are not overridden by your rights and freedoms.
- Consent, where required by law, including for certain marketing communications and non-essential cookies.
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before its withdrawal.
11. Who We Share Your Personal Data With
We treat your personal data as confidential and will only share it where necessary to provide our services, comply with legal or regulatory obligations, protect our legitimate interests, or where you have authorised us to do so.
Depending on the services we provide, we may share your personal data with:
- HM Revenue & Customs (HMRC).
- Companies House.
- Banks and other financial institutions.
- Pension providers.
- Payroll providers.
- Auditors.
- Insurers.
- Legal advisers.
- Tax advisers.
- Professional advisers acting on your behalf.
- Secure cloud hosting providers.
- IT support providers.
- Document management providers.
- Identity verification providers.
- Anti-money laundering screening providers.
- Software providers that support the delivery of our services.
- Regulatory bodies.
- Law enforcement agencies.
- Courts and tribunals.
- Other third parties where disclosure is required or permitted by law.
We only disclose the minimum amount of personal data necessary for the relevant purpose.
Where third-party organisations process personal data on our behalf, we ensure that appropriate contractual arrangements are in place requiring them to process your information securely, confidentially and only in accordance with our instructions.
12. Anti-Money Laundering and Identity Verification
As an accountancy practice, Whitemoor is legally required to undertake identity verification and customer due diligence in accordance with applicable anti-money laundering legislation.
Before providing certain services, we may be required to verify the identity of clients, directors, shareholders, trustees, partners, beneficial owners and other connected persons.
To comply with these legal obligations, we may collect and process:
- Proof of identity.
- Proof of address.
- Company ownership information.
- Beneficial ownership information.
- Politically Exposed Person (PEP) screening results.
- Sanctions screening results.
- Source of funds information.
- Source of wealth information where appropriate.
Identity verification may be carried out electronically using specialist third-party providers acting on our behalf.
Records relating to anti-money laundering checks will be retained for the period required by applicable legislation and professional obligations.
13. Professional Confidentiality
As professional advisers, we owe our clients a duty of confidentiality.
All members of our team are required to protect personal information and comply with our confidentiality obligations, internal policies and data protection procedures.
We will only disclose confidential information where:
- You have authorised us to do so.
- Disclosure is necessary to provide our professional services.
- Disclosure is required by law.
- Disclosure is required by a court or regulatory authority.
- Disclosure is necessary to establish, exercise or defend legal claims.
14. International Transfers
Some of our service providers may process personal data outside the United Kingdom.
Where personal data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with the UK GDPR.
These safeguards may include:
- UK adequacy regulations.
- The UK International Data Transfer Agreement (IDTA).
- The UK Addendum to the European Commission’s Standard Contractual Clauses.
- Other lawful transfer mechanisms recognised under UK data protection legislation.
Where appropriate, we also undertake transfer risk assessments and implement additional technical and organisational safeguards.
15. Website Use
When you visit our website, certain technical information is collected automatically to help us maintain website security, understand how visitors use our website and improve the services we provide.
This information may include:
- IP address.
- Browser type and version.
- Operating system.
- Device type.
- Pages visited.
- Date and time of access.
- Time spent on pages.
- Referring website.
- Approximate geographic location.
- Device identifiers.
Where this information constitutes personal data, it will be processed in accordance with this Privacy Policy.
16. Cookies
Our website uses cookies and similar technologies to improve functionality, analyse website performance and enhance your browsing experience.
Cookies are small text files stored on your device when you visit a website.
Some cookies are essential to the operation of our website and cannot be disabled without affecting its functionality.
Non-essential cookies, including analytics and advertising cookies, will only be placed on your device where required by law after you have provided your consent through our cookie consent platform.
You may change or withdraw your cookie preferences at any time.
Please also refer to our Cookie Policy for further information.
17. Google Analytics
We use Google Analytics to understand how visitors interact with our website and to improve its performance and user experience.
Google Analytics may collect information including:
- Pages viewed.
- Session duration.
- Browser type.
- Device information.
- Approximate location.
- Website interactions.
We configure Google Analytics to minimise the collection of personal data wherever possible.
Google processes this information in accordance with its own Privacy Policy, available at:
https://policies.google.com/privacy
18. Social Media
We maintain business profiles on:
- LinkedIn.
- Facebook.
- Instagram.
If you choose to interact with us through these platforms, your personal information may also be processed by the relevant social media provider in accordance with their own privacy policies.
We encourage you to review the privacy policies of those providers before sharing personal information through social media.
19. Marketing Communications
We may send you information about our services, publications, events and other updates where:
- You have requested information from us.
- You are an existing client and applicable law permits us to contact you.
- You have provided your consent.
You may withdraw your consent or opt out of marketing communications at any time by:
- Clicking the unsubscribe link included in our marketing emails.
- Contacting us using the details contained in this Privacy Policy.
- Emailing privacy@whitemoorllp.co.uk.
Opting out of marketing communications will not affect service-related communications necessary for the administration of our professional relationship.
20. Secure Client Portal
Our website provides access to a secure client portal operated by a specialist third-party provider.
The portal enables the secure exchange of documents and communications between Whitemoor and its clients.
Access is restricted to authorised users with valid login credentials.
Where personal data is processed through the client portal, it will be handled in accordance with this Privacy Policy together with the privacy and security arrangements of the portal provider.
Users are responsible for maintaining the confidentiality of their usernames and passwords and should notify us immediately if they believe their account has been compromised.
21. Data Security
Protecting personal information is fundamental to our business.
We maintain appropriate technical and organisational measures designed to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.
These measures include, where appropriate:
- Encrypted communications.
- Secure hosting environments.
- Firewalls and network security controls.
- Multi-factor authentication where appropriate.
- Role-based access controls.
- Secure password management.
- Data backups.
- System monitoring.
- Staff training and awareness.
- Confidentiality obligations.
- Regular review of our information security procedures.
Although we take appropriate steps to safeguard personal information, no method of transmitting data over the internet or storing electronic information can be guaranteed to be completely secure. Accordingly, while we strive to protect your information, we cannot guarantee its absolute security.
22. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal and regulatory obligations, resolve disputes and protect our legal rights.
Typical retention periods include:
| Category | Typical Retention Period |
|---|---|
| Client files and accounting records | Normally up to 7 years after the end of the engagement, unless a longer period is required by law or professional obligations |
| Tax records | In accordance with HMRC and statutory requirements |
| Anti-money laundering records | Normally 5 years following the end of the business relationship, unless a longer period is required or permitted by law |
| Payroll records | In accordance with employment and tax legislation |
| Website enquiries | Normally up to 24 months |
| Marketing records | Until consent is withdrawn, you object to processing, or the information is no longer required |
| Financial records | As required by applicable accounting and taxation legislation |
Where legal proceedings, regulatory investigations or contractual obligations require us to retain information for longer, we may retain personal data beyond these periods where permitted by law.
23. Your Rights
Under the UK General Data Protection Regulation (UK GDPR), you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to certain legal exemptions or restrictions.
Right of Access
You have the right to request confirmation of whether we process your personal data and, where we do, to receive a copy of that information together with details of how it is processed.
Right to Rectification
You have the right to ask us to correct any personal data that is inaccurate or incomplete.
Right to Erasure
In certain circumstances, you have the right to request that we erase your personal data.
This right does not apply where we are required to retain information to comply with legal, regulatory or professional obligations, including obligations relating to taxation, accounting, anti-money laundering legislation or the establishment, exercise or defence of legal claims.
Right to Restrict Processing
You may ask us to restrict the processing of your personal data in certain circumstances, including where:
- You contest the accuracy of the data.
- The processing is unlawful but you do not wish the data to be erased.
- We no longer require the data, but you require it for legal claims.
- You have objected to processing pending verification of our legitimate grounds.
Right to Data Portability
Where processing is carried out by automated means and is based on your consent or a contract with you, you may request a copy of your personal data in a structured, commonly used and machine-readable format, or ask us to transfer it directly to another organisation where technically feasible.
Right to Object
You have the right to object to the processing of your personal data where we rely on our legitimate interests as the lawful basis for processing.
If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.
You also have the right to object at any time to the processing of your personal data for direct marketing purposes.
Right to Withdraw Consent
Where we rely on your consent to process personal data, you may withdraw that consent at any time.
Withdrawal of consent will not affect the lawfulness of any processing carried out before your consent was withdrawn.
24. Automated Decision-Making
Whitemoor does not normally make decisions about individuals solely by automated means where those decisions produce legal or similarly significant effects.
If this position changes in relation to a particular service, we will provide you with the information required under applicable data protection legislation.
25. Keeping Your Information Accurate
We take reasonable steps to ensure that the personal information we hold is accurate, complete and up to date.
Please notify us as soon as possible if your personal details change so that we can update our records.
26. Exercising Your Rights
If you wish to exercise any of your rights under UK data protection legislation, please contact our Data Protection Lead using the details below.
Email: privacy@whitemoorllp.co.uk
Post:
Data Protection Lead
Whitemoor Business Management & Royalties LLP
Fifth Floor, Klaco House
28 St John’s Square
London
EC1M 4DN
We will respond to your request without undue delay and, in most cases, within one month of receiving your request.
Where permitted by law, this period may be extended if your request is particularly complex or if we receive multiple requests from you. If an extension is required, we will let you know and explain the reasons.
To protect your personal information, we may ask you to verify your identity before responding to your request.
27. Links to Other Websites
Our website may contain links to third-party websites, including our secure client portal and social media platforms.
This Privacy Policy applies only to the Whitemoor website. We are not responsible for the privacy practices or content of third-party websites and encourage you to read their privacy policies before providing any personal information.
28. Children’s Privacy
Our website and professional services are intended for businesses, professionals and adults.
We do not knowingly collect personal data from children under the age of 18. If we become aware that we have unintentionally collected personal data relating to a child without appropriate authority, we will take reasonable steps to delete that information.
29. Complaints
We hope that we can resolve any questions or concerns you may have regarding the processing of your personal data.
If you have any concerns, please contact our Data Protection Lead in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent supervisory authority for data protection matters.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Further information about making a complaint is available on the ICO website.
30. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legislation, regulatory guidance, technology, our business practices or the services we provide.
Any changes will be published on this page together with the revised “Last Updated” date.
We recommend that you review this Privacy Policy periodically to remain informed about how we process your personal data.
31. Contact Us
If you have any questions about this Privacy Policy or about how Whitemoor processes your personal data, please contact us.
Whitemoor Business Management & Royalties LLP
Trading as Whitemoor
Registered Company Number: OC452010
Registered in England and Wales
Registered Office:
Fifth Floor, Klaco House
28 St John’s Square
London
EC1M 4DN
Data Protection Lead: Gareth Murfin
Email: privacy@whitemoorllp.co.uk
Telephone: 020 7251 8311
Last Updated: 13 July 2026

