BWM Privacy Policy

BWM Web Privacy Policy

At BWM we are committed to protecting your privacy online.

This section of the policy governs all pages hosted at

This website may contain links that make it easy for users to visit other websites. If the user uses the links to leave the Website and visit a website operated by a third party, BWM does not have any control over that website. Accordingly, BWM cannot be responsible for the protection and privacy of any information which users have provided while visiting such websites. Users should exercise caution and look at the privacy statement applicable to the website in question.

We do not collect any data about you on our website with the exception of anonymous data as follows:

Google analytics

In order to track visitors to our website and identify which pages they are interested in, we use a third party service called Google Analytics to collect this type of information.  The information obtained does not identify anyone.

BWM use of cookies

Our separate cookies policy has more information on how we use cookies.


BWM Client & Third Party Privacy Policy

We are committed to protecting your personal data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR). This section of the policy governs all client and third party relationships.

Personal data

We obtain personal data for several purposes and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

Our policy is to collect only the personal data necessary for agreed purposes and we ask clients only to share personal data where it is strictly needed for those purposes. We collect personal data from our clients or from third parties acting on the instructions of the relevant client. We also obtain personal data when a potential client requests a proposal from us in respect of the services we provide.

We process personal data to provide professional services such as tax advice, general or specific business advice as part of the range of services we offer. We may process your personal data when you are an employee, subcontractor, supplier or customer of our client. We also process personal data in the administration and management of our business.

Your contact details are used to provide you with information about our services and other information which we think will be of interest to you, unless you tell us not to do so.

We are subject to legal, regulatory and professional obligations.  We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Personal data processed is kept by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).  In the absence of specific legal, regulatory or contractual requirements, our retention policy period for records and other documentary evidence created in the provision of services is 7 years.

Data Security

We take the security of your data we hold very seriously.  We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have a policy including procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Third Parties

We will share your data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect your data.

Where cloud-based services are to be used you may be subject to our separate cloud services terms and conditions as set out in our engagement contract with you. We undertake to use all reasonable endeavours to obtain from the cloud supplier a signed confidentiality agreement with the firm to ensure compliance with the relevant clauses in the firm’s standard terms of business concerning our fees, confidentiality, internet communication, all relevant data protection law and general limitation of liability. According to these terms cloud suppliers may export personal data you supply to them outside the EU/EEA/UK for the purposes of storage and data processing.

Data processing

Applicable data protection legislation places express obligations on you as a data controller where we as a data processor undertake the processing of personal data on your behalf. An example would be where we operate a payroll service for you. We therefore confirm that we will at all times use our reasonable endeavours to comply with the requirements of applicable data protection legislation when processing data on your behalf.

Under the DPA 2018 and GDPR, individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. We confirm that we have adequate security measures in place and that we will aim to comply with any obligations equivalent to those placed on you as a data controller. We will notify you within 5 working days if an individual asks for copies of their personal data, makes a complaint about the processing of personal data or serves a notice from a relevant data protection authority.

Access to data

You have a right to access your personal data held by us and you can exercise that right by contacting us as below. Our aim is to respond to a request promptly and within the legally required limit of 40 days.

Update of personal data

If you wish to update personal data submitted to us, please contact us as below. Once we are informed that any personal data held by us is no longer accurate we will make changes based on your updated information.

Withdrawal of consent 

Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us as below.

Other rights

This statement is intended to provide information about what personal data we collect about you and how it is used.  As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability. For further information on these rights please contact us as below.


If you do want to complain about our use of your personal data, please contact us as below with the details of your complaint. You also have the right to register a complaint with the Information Commissioner’s Office (“ICO”).  For further information on your rights and how to complain to the ICO, please refer to their website.

Contacting us about your data

If you have any questions about this privacy statement or how and why we process personal data, please contact us at:

BWM Chartered Accountants, Castle Chambers, 43 Castle Street, Liverpool L2 9SH or 0151 236 1494 or

We will answer your reasonable enquiries to enable you to monitor compliance with this policy. You have the right to access, rectify, erase and port your personal data, as well as restrict processing or object to processing.  You also have the right to lodge a complaint with the Information Commissioner.

Any changes we may make to our privacy notice in the future will be updated on our website at This privacy notice was last updated on 4 May 2018.