Saffron Walden: 01799 521301

Hoddesdon: 01992 471472

Privacy Policy

Need help fast? Click here for our contact details.Get in touch



This policy applies to Croucher Needham and CNM Advisory, trading styles of Croucher Needham (Essex) LLP and Croucher Needham Limited respectively.

Croucher Needham (Essex) LLP and Croucher Needham Limited are registered to carry out audit work in the UK and Ireland by The Association of Chartered Certified Accountants.

Croucher Needham (Essex) LLP is registered in England and Wales No.OC350217 and Croucher Needham Ltd is registered in England and Wales No. 06019395. Their registered office is Market House, 10 Market Walk, Saffron Walden, Essex, CB10 1JZ.

This privacy policy explains how we use any personal information we collect about you when you use our services and use our website. Further information in relation to job applicant privacy is available on request.

  • Key Terms
  • What information do we collect about you and how?
  • How will we use the information about you and why?
  • Transferring your information outside of Europe
  • Security of your personal data
  • Retention of your personal data
  • Access to your information and deletion
  • Grievances
  • Changes to our Privacy Policy

Key terms

What is personal data?
Personal data relates to any data for any living individual who can be identifiable from that data which includes (but is not limited to):

  • Names and contact details (i.e. addresses, emails and telephone numbers);
  • Date of birth;
  • National Insurance Numbers;
  • Unique Tax References;
  • IP addresses;
  • Location data;
  • Cookie identifiers.

What is sensitive personal data?

Sensitive personal data includes genetic data and biometric data. Genetic data is defined as personal data relating to inherited or acquired genetic characteristics. Biometric data is defined as personal data resulting from specific technical processing, e.g. facial images.

What is a data controller?

For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.

Where applicable the data controller is Croucher Needham (Essex) LLP.
The data protection officer is Paul Tucker, a Partner of Croucher Needham (Essex) LLP, who can be contacted at

the registered address, by email at or by calling 01799 521301.

What is a data processor?

A “data processor” is a person or organisation which processes personal data for the data controller. Croucher Needham (Essex) LLP acts as a data processor in some of the services it provides.

What is data processing?

Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

What is a business client?

A business client is an incorporated entity e.g.: Plc, Limited Company, LLP partnership, charity, trust, foundation, local authority or government institution).

What is a consumer client?

A consumer client is an individual tax client, sole trader or unincorporated partnership, trust or foundation.

What information do we collect about you and how?

Croucher Needham (Essex) LLP, as a data controller, is bound by the requirements of the General Data Protection Regulations (GDPR).

Client data

As a client you agree that we are entitled to obtain, use and process the information you provide to us to enable us to provide the services as defined in our Engagement Letter and for other related purposes including:

  • Updating and enhancing client records;
  • Analysis for management purposes;
  • Carrying out credit checks in relation to you;
  • Making statutory returns;
  • Legal and regulatory compliance;
  • Crime prevention.Relevant data will be collected about clients, and their employees as appropriate, at initial engagement and will be reviewed periodically. It is the responsibility of a client to provide updated data when relevant.

Other data

We also collect information when an individual completes any form on our website ( or mobile application (“MyAccountants”).

When individuals submit forms on our website or mobile application [App] we use a third-party software provider for automated data collection and processing purposes and a further third-party software provider for retention of that data. These third parties will not use data collected for any purposes and will only hold the data in line with our policy on data retention.

Website usage information is also collected using cookies (a packet of data sent by an Internet server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server). Please note that you can block or restrict cookies set by any website through the browser settings on each browser you use, and on each device you use to access the Internet.

We use Google Analytics to analyses these cookies and give us an insight into how users find and use our website and App. These cookies do not store any personal information about you. Likewise we do not track any personal data from social media accounts that link through to our website.

IP addresses

An IP address, or Internet Protocol address, is a unique numerical address assigned to a computer as it logs on to the Internet. Croucher Needham (Essex) LLP does not have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.

How will we use the information about you and why?

Provision of services
At Croucher Needham (Essex) LLP we take your privacy seriously and will only use your personal information as a client to provide the services you have requested from us, as detailed in your Engagement Letter and the supporting Terms & Conditions, and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality, except where we have any other legal and regulatory responsibilities.

For business clients and contacts our lawful basis for processing personal information will be “legitimate interests”. Under “legitimate interests” the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

For consumer clients and contacts our lawful reason for processing your personal information will be “contract” since we have a contract to supply goods or services that you have requested. This also includes steps taken at your request before entering into a contract.

We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.

Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.


We may from time to time use your personal information to contact you to make you aware of other services we can offer and provide relevant topical industry information surrounding tax and accounting. We will only do this where we have sought consent to do so and you will have the right to withdraw consent at any time.

Where we collect information through our website and you consent for us to do so we will use your personal information in the same way.

We will not share your information with any other third parties for their marketing purposes.

Transferring your information outside of Europe

We may export personal data you supply to us outside the EU/EEA/UK for the purposes of storage and data processing. We will ensure all such data export is compliant with relevant data protection legislation. You consent to such data export.

If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.

Security of your personal data

All personal data held by us is stored on secure servers, accessed by employees and authorised subcontractors through secure passwords. Within our servers, our software is password protected so personal data is only available to those that require it.

Retention of your personal data

The length of time that we will hold your data is as follows:

  • Contracted services: we will hold your data in line with legal and regulatory requirements which is generally 7 years;
  • Marketing: we will hold your data for a period of 6 years with a review every 3 years. You will have the opportunity to withdraw consent, update or delete data at any point.

Access to your information and deletion

Accessing your personal data

You have a right of access to the personal data, under a subject access request, held by us.

If you would like a copy of your personal information, please email or write to us at the following address:

Mr Paul Tucker
Croucher Needham (Essex) LLP Market House
10 Market Walk
Saffron Walden
CB10 1JZ

We will respond to your request within one month of receipt of the request.

Your right to be forgotten

You have the right to have your personal data deleted, subject to any requirement by us to retain it for legal and regulatory reasons. Should you wish for us to completely delete all information that we hold about you please notify us in writing using the contact details above.


If you are dissatisfied with this policy, have queries about our data protection procedures or wish to lodge a complaint, please contact the company in the first instance using the contact details above. Thereafter you have the right to submit a complaint to the Supervisory Authority, the Information Commissioner’s Office (ICO) at:

The Information Commissioner’s Office Wycliffe House
Water Lane
Cheshire SK9 5AF

Changes to our Privacy Policy

We keep our privacy policy under regular review and we will place any updates on our website. This privacy policy was last updated on 25 May 2018 in line with the new GDPR guidelines.