Get in Touch

Privacy Policy (UK GDPR)

Last Updated: 11 February 2026

This Privacy Policy explains how Accounts by Sarah (a trading name of Hawkia Ltd) collects, uses, stores, and shares personal data, and explains your rights under UK data protection law.

1. Who we are (Controller details)

Accounts by Sarah is a trading name of Hawkia Ltd (“we”, “us”, “our”). For most personal data we process in connection with our website and services, we act as the data controller.

Company name: Hawkia Ltd
Trading name: Accounts by Sarah
Company Registration Number: 13873880
Registered office: 4th Floor Park Gate, 161-163 Preston Road, Brighton, England, BN1 6AF
Email:

If you have any questions about this Privacy Policy or want to exercise your rights, please contact us using the details above.

2. The personal data we collect

We may collect and process the following categories of personal data:

2.1 Data you provide to us

  • Identity and contact details: name, business name, address, email address, telephone number.
  • Engagement and service details: information needed to provide accounting, bookkeeping, payroll, and tax services.
  • Financial and tax-related information: invoices, receipts, bank transaction data, payroll data, VAT records, UTR/NINO (where required), and other information relevant to your accounts/tax affairs.
  • Communications: emails, messages, and notes of calls/meetings.

2.2 Data we collect from our website

  • Device and usage data: IP address, browser type/version, device identifiers, operating system, pages viewed, links clicked, and approximate location.

We use Google Analytics to help us understand website traffic and usage (see Section 8).

2.3 Data we receive from third parties

Depending on the services you ask us to provide, we may receive personal data from:

  • You/your organisation (including staff members where relevant)
  • HMRC and other government bodies (where applicable)
  • Banks/payment providers (where you authorise access or provide statements)
  • Accounting software and integrations such as Xero (where you invite us to your organisation or share records)

3. How we use your personal data

We use your personal data for the following purposes:

  • To respond to enquiries and communicate with you.
  • To onboard you as a client, perform identity/verification checks where required, and set up engagement documentation.
  • To deliver our services, including preparing accounts, bookkeeping, VAT returns, payroll processing, and tax compliance/support.
  • To meet legal and regulatory obligations, including record-keeping and responding to lawful requests.
  • To maintain and improve our website, including analysing usage and performance.
  • To protect our business, including preventing fraud, ensuring IT security, and establishing/defending legal claims.

4. Lawful bases for processing (UK GDPR)

We rely on one or more of the following lawful bases when processing personal data:

  • Contract (Article 6(1)(b)): where processing is necessary to provide services under our engagement.
  • Legal obligation (Article 6(1)(c)): where we must comply with a legal requirement.
  • Legitimate interests (Article 6(1)(f)): for running our business efficiently, communicating with prospective/actual clients, website security, and improving our services—provided those interests are not overridden by your rights.
  • Consent (Article 6(1)(a)): where required (for example, certain optional website cookies/analytics depending on your cookie settings and applicable rules).

5. Special category data and criminal offence data

Depending on the nature of the services, we may occasionally process information that could be considered special category data (e.g., health-related payroll absence records) or criminal offence data. Where this applies, we will process such data only where lawful and necessary, and with appropriate safeguards.

6. Who we share personal data with

We may share personal data with trusted third parties where necessary to operate our website and provide services, including:

  • Xero (accounting software): where you use Xero and grant access, or where we process data in Xero on your behalf.
  • Google Analytics (Google): to help us understand website usage and performance.
  • Website hosting provider: our website is hosted with Hostinger, who may process limited personal data as part of hosting and security logs.
  • Professional advisers and service providers: e.g., insurers, IT support, and professional consultants (as needed).
  • Regulators and authorities: including HMRC, where required or where you authorise us to act.

We only share what is necessary and require appropriate confidentiality and data protection measures.

7. International data transfers

Some of our service providers may process data outside the UK. Where personal data is transferred internationally, we take steps to ensure it is protected, such as relying on:

  • UK adequacy regulations where applicable; and/or
  • appropriate safeguards (for example, contractual protections such as standard contractual clauses or equivalent measures).

8. Cookies and analytics

We use cookies and similar technologies. For full details, please see our Cookie Policy.

Google Analytics

We use Google Analytics to collect information about how visitors use our website (for example, pages visited and time spent on pages). This information is used to compile reports and help us improve the website.

Depending on your cookie choices and the setup of our cookie banner/consent mechanism, Google Analytics cookies may be set only after you consent.

9. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. Measures may include access controls, secure credentials, and limiting access to personal data to those who need it.

No system is completely secure. You should also take care to protect your own devices and credentials.

10. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements.

Retention periods may vary depending on the services provided, our professional obligations, and statutory limitation periods. We will securely delete or anonymise personal data when it is no longer needed.

11. Your data protection rights

Subject to certain conditions and exceptions, you may have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your personal data (“right to be forgotten”)
  • Restrict processing
  • Object to processing (particularly where we rely on legitimate interests)
  • Data portability (where processing is based on consent or contract and is automated)
  • Withdraw consent at any time where we rely on consent

To exercise any of these rights, contact us at .

12. Complaints

If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO).

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website with an updated “Last Updated” date.

14. Contact

Accounts by Sarah (Hawkia Ltd)
Email:
Registered office: 4th Floor Park Gate, 161-163 Preston Road, Brighton, England, BN1 6AF