Privacy Policy

1. Who We Are

This privacy notice applies to the HCA Group of companies:

• HCA Chartered Accountants Limited (Company No. NI617889)
• HCA Corporate Finance Limited (Company No. NI642741)
• HCA Business Recovery Limited (Company No. NI637165)

(together referred to as "HCA", "we", "us" or "our").

Our registered office is: 12 Cromac Place, Belfast, BT7 2JB.

HCA Chartered Accountants Limited is registered with the Information Commissioner's Office (ICO No: ZA063986). HCA Corporate Finance Limited (ICO No: ZA696111). HCA Business Recovery Limited (ICO No: ZA184121).

We are data controllers for the purposes of UK GDPR and the Data Protection Act 2018.

2. The Personal Data We Collect

We may collect and process the following categories of personal data:

• Identification data (name, date of birth, NI number, passport details)
• Contact details (address, telephone, email)
• Financial information
• Tax information
• Employment information
• Company directorship/shareholding information
• AML/KYC documentation
• Insolvency-related financial and personal data
• Website usage data (via cookies and analytics)

We collect personal data directly from clients and contacts. In certain circumstances, we may also obtain personal data from third parties including Companies House, HMRC, credit reference agencies, AML verification providers, insolvency records and publicly available sources. We do not collect more information than is necessary for the purposes set out below.

3. Lawful Basis for Processing

Contractual Necessity
To provide services under engagement letters.

Legal Obligation
To comply with: Companies Act requirements; UK and Ireland Tax legislation; Anti-Money Laundering Regulations; UK and Ireland Insolvency legislation; Professional regulatory obligations.

Legitimate Interests
For: managing our client relationships; business administration; improving our services; direct marketing to business contacts (where permitted).

Consent
Where required (e.g., certain marketing communications). You may withdraw consent at any time.

Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

4. Special Category Data

In limited circumstances (e.g., insolvency matters, employment advisory work), we may process special category data where necessary for: legal claims; substantial public interest; employment law compliance; regulatory obligations.

5. How We Use Your Data

We use personal data to:

• Provide accountancy, audit, tax, corporate finance, insolvency and advisory services
• Comply with professional and legal obligations
• Conduct AML/KYC checks
• Manage client relationships
• Issue invoices and collect payment
• Respond to enquiries
• Improve website functionality

6. Data Sharing

We may share personal data with:

• HMRC and other regulatory authorities
• Chartered Accountants Ireland
• ICAEW (where relevant to insolvency services)
• Professional advisers (lawyers, insurers)
• Banks, funding and insurance providers
• Cloud storage and IT service providers
• AML verification providers

All third-party processors are subject to appropriate contractual safeguards. Where personal data is required to comply with legal or regulatory obligations (for example under Anti-Money Laundering Regulations), failure to provide such data may prevent us from acting for you.

7. International Transfers

Where data is transferred outside the UK or EEA (e.g., cloud providers), we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses.

8. Data Retention

We retain personal data for a minimum of 7 years following the end of an engagement, and longer where required under: Anti-Money Laundering Regulations; Insolvency legislation; Professional indemnity requirements; Legal claims limitation periods. Data is securely destroyed when no longer required.

9. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase data (in certain circumstances)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO

Note: Certain rights may be restricted where we are required by law or professional regulation to retain or process data.

10. Data Security

We maintain appropriate technical and organisational security measures, including: secure IT systems; access controls; encryption where appropriate; staff confidentiality obligations; secure cloud storage.

11. Cookies

Our website uses cookies to ensure proper site functionality, analyse site traffic and improve user experience. You may control cookies via your browser settings.

12. Complaints

If you have any concerns about how we handle your personal data, please contact us at info@hca.group or write to:

Data Protection Lead
HCA Group
12 Cromac Place
Belfast
BT7 2JB

You also have the right to lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113. Website: ico.org.uk/concerns.

Last updated: March 2026