Brian Alfred Associates Limited Privacy Policy

This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

All personal data that we collect or are provided with will only be held and stored in accordance with this Privacy Policy and the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the Data Uses and Access Act 2025, and any other legislation relating to the protection of personal data (together the “data protection laws”).

We keep our Privacy Policy under regular review to make sure it is up to date and accurate.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

 

Important Information About Who We Are:

Brian Alfred Associates Limited is part of the Caroola Group (collectively referred to as “our Group,” in this policy).

For the purposes of this policy the data controller is Brian Alfred Associates Limited , (“Baa”, “we”, “us” or “our”) unless otherwise indicated.

 

Contact details:

Our full details are:

Baa Accounting

Address: Optionis House, 840 Ibis Court, Centre Park, Warrington, Cheshire WA1 1RL.

Email: data@caroola.com Baa is registered with the ICO (reg. no Z2752059)

 

Data Team

We have appointed a Data Team to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Team by emailing data@caroola.co.uk. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

 

Summary of our Privacy Policy

Your privacy is extremely important to us, so we only use the information you provide about yourself and your company when you are using our services, our website at www.baa-accounting.com (our ‘Website’) , to answer your enquiry or to help us to improve our service to you.

We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

 

Data Protection principles. 

We will comply with data protection legislation. This means that the personal data we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

 

Changes to our Privacy Policy

This version was last updated in October 2025.

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Please check back frequently to see any updates or changes to our Privacy Policy.

 

Third-party Links

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or policies. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

 

The information we collect

We use different methods to collect information from and about you.

We collect personal data to provide you with services. We also collect personal data when you visit our website or contact us by email or social media.

We also collect personal  data when you are a supplier or retailer, or we have a commercial contract with you.

 

Personal data we may collect, use, store, and transfer about you, which we have grouped together, are as follows:

  • Identity Data includes first name, last name, username or similar identifier, title.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and / or payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products, and services.
  • Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this Privacy Policy. 

Our website is not intended for children, and our website does not knowingly collect data relating to children.

We may collect and process the following data about you when :

  • you provide information by filling in forms on our Website or by corresponding with us  by phone, email or otherwise. This includes information provided when contacting us in relation to services or completing our enquiry form. This typically includes your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site;
  • you contact us, we may keep a record of that correspondence;
  • Baa Accounting asks you to complete surveys that we use for research purposes, although you do not have to respond to them;
  • You visit our Website, or on of our Groups website, including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.

 

Information Received From Third Parties

This is information we receive about you from any member of our Group, if you use any of the other websites we operate or the other services we provide. We will only use this information and the combined information where we have a lawful basis.

If this is the case, we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.

We sometimes combine information received from other sources with information you give to us and information we collect about you. We work closely with third parties (including, for example, business partners, stake holders, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and/or credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

Any data obtained from third parties will be kept in accordance this Privacy Policy, and with any additional restrictions imposed by the third party that shared your personal data.

 

If You Fail to Provide Personal Data

Where we need to collect personal data by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with your social value delivery). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

 

How We Use the Information We Collect

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data.

We will only use your personal data when the law allows us to do so.

We collect and process personal information about our clients, customers, suppliers, subcontractors, stake holders, business partners or joint venture partners in order to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.

We also use personal data to provide training and workshops and to report on tenders, bids, and projects.

 

Lawful Basis for Processing Personal Data

The lawful basis that we most commonly use to collect and process your personal data are:

-           Where you have consented before the processing.

-           Where we need to perform a contract, we are about to enter or have entered with you.

-           Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

-           Where we need to comply with a legal or regulatory obligation

In certain circumstances, we need your personal data to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of our running our business. For example, in order to deliver the services to you, we need to use the information you provide us to enable us to provide those services.

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

 

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails.

 

Our use of IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information.

A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. Each website can send its own cookie to your web browser if your browser's preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows.

We use the following types of cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our Website, and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.

Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

The Cookies we use enable us:

  • to estimate our audience size and usage pattern;
  • to store information about your preferences, and so allow us to customise our site according to user needs;
  • to speed up your searches;
  • to recognise you when you return to our site.

For more information about cookies (including how to set browsers to reject cookies) please visit the website set up by the Interactive Advertising Bureau (Europe) at www.allaboutcookies.org.

 

Google Analytics Demographics and Interest reporting

Baa uses Google Analytics’ 1st party cookies with DoubleClick’s 3rd party cookies together to provide additional information on demographics and interests in our Google Analytics reporting.

We also use Google Analytics features based on Display Advertising (Google Analytics Demographics and Interest Reporting). To opt out of Google Analytics for Display Advertising and customise Google Display Network ads using the Ads settings please see the Privacy Policy.

 

Profiling and/or Automated Decision Making

Unless otherwise agreed with you, we will not use any of your personal data for automated decision-making or profiling.

 

Information We Share

We only ever share your personal data with trusted third parties.

We may share your information with selected third parties including:

  • within our Group and partners, including business partners, distributors, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • Mailchimp, our marketing service provider.
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and
  • analytics and search engine providers that assist us in the improvement and optimisation of our website.

 Where personal data is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal data is secure and protected at all times. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.

We may also disclose your personal data to comply with a regulatory or legal duty, or if it is necessary to disclose personal data in connection with an investigation of suspected or actual fraudulent activity or is based on a lawful disclosure request.

We may also disclose personal data where such disclosure is necessary to protect the safety or security of any persons, and/or otherwise as permitted under applicable law.

We may share your personal data with selected third parties including:

  • business partners, suppliers and other third parties (for example, HMRC) for the performance of the services agreed to be provided to you or to provide information requested by you or where such third parties or suppliers are engaged to provide services directly to Baa;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if Baa or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements;
  • or to protect the rights, property, or safety of Baa, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

Where your personal data is processed

Your personal data will be stored on systems with technical and organisational security measures and controls located within the UK.

Sometimes we will need to share your personal data with third parties and suppliers outside the UK such as Europe and the USA.

If we do this, we have procedures in place to ensure your personal data receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal data will follow applicable laws, and we will follow the guiding principles of this Privacy Policy.

 

How we protect your information

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we will use strict internal procedures and security features to try to prevent unauthorised access.

We also keep your information confidential. The internal procedures of Baa Accounting cover the storage, access and disclosure of your information.

 

How we use your information

We use information held about you in the following ways:

  • to provide you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
  • to carry out our obligations arising from any contracts entered into between you and us;
  • to allow you to access secure areas of our website when you choose to do so;
  • to notify you about changes to our services.

We may also use your data to provide you with information about services which may be of interest to you, and we may contact you about these by email, SMS, post or telephone.

 

How Long We Will Retain Your Personal data

We will only retain your personal data for as long as is necessary for the purpose or purposes for which we have collected it.

 

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

Your Rights

You are also able to exercise your rights which include:

 

The right to withdraw consent

You have the right to withdraw any consent you may have provided at any time.

 

Your Right to be Informed  

We aim to be transparent within our Privacy Policy and provide you with data about how we use your personal data.

 

Your Right to Object

In some circumstances you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

 

Where your details are used for marketing, you can opt out at any time. You are able to unsubscribe from marketing on each contact, or you can contact us to object to any processing.

 

Your Right to Rectification

You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. If you notify us that the personal data, we hold is complete or inaccurate we will correct or complete the data as soon as possible.

 

Your Right to Erasure or the Right to be Forgotten

You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.

 

Following your request, we will erase your personal data without undue delay unless the continued retention is necessary and permitted by law. If we make the personal data public, we shall take reasonable steps to inform other data controllers processing about your erasure request.

 

Your Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of the data, if you do not wish to have the data erased or you have objected to the processing of the data, and we are considering this request. Once the processing is restricted, we will only continue to process your personal data if you consent, or we have another legal basis for doing so.

 

Your Right to Access

You have the right to access the personal data we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide data in the format requested, but we may charge you a reasonable fee for additional copies.

 

Your Right to Data Portability

You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format.  You can also have it transmitted directly from us to another data controller, where technically possible.

 

The right not to be subject to automated decision making and profiling.

You have the right to not be subject to solely automatic decisions (i.e., decisions that are made about you by computer without any human input) in relation to any processes that have a legal or similarly significant effect on you.

You will be notified if we make a solely automated decision which produces a legal effect or significantly affects you.

 

When you request to exercise your rights

You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.

 

We may need to request specific data from you to help us confirm your identity and ensure your right to access your personal data  or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

How can we help?

you have any concerns about our use of your personal data; you can make a complaint to us by contacting us.

For further information on data protection please visit the Information Commissioner Office website.

 

The Information Commissioner Office regulates data protection. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office.

 

You can contact them by calling 0303 123 1113 or visit the website.