Legal

Privacy Policy

Last updated: 12 May 2026

This privacy policy explains how Aurestone Advisory collects, uses, stores, and protects personal information when you use this website, contact the practice, book a review, or become a client.

1. Who we are

Aurestone Advisory is an independent UK accounting and advisory practice. For the purposes of UK data protection law, Aurestone Advisory is the controller of personal information collected through this website and through direct enquiries unless another arrangement is set out in a client engagement.

Contact email: fahad@aurestoneadvisory.com. You can also write to Aurestone Advisory, United Kingdom. If you need a full postal address for formal correspondence, please request it by email.

2. What this policy covers

This policy covers personal information processed when you:

  • browse this website;
  • use the contact form or lead capture forms;
  • use the AI chat assistant;
  • click a WhatsApp contact button;
  • book a call through the booking page;
  • email, call, or message Aurestone Advisory;
  • use the website admin area as an authorised administrator; or
  • become a client or prospective client.

Client engagements may involve additional privacy information, onboarding checks, engagement letters, professional terms, and statutory record-keeping requirements.

3. Personal information we collect

Enquiry and contact details

Name, email address, phone number if provided, company name, selected service, message or AI chat content, and the date and source of the enquiry.

AI chat information

Messages you enter into the AI chat, service interests, business context, and any contact details you choose to provide. Please do not send sensitive documents or detailed financial records through AI chat.

Booking information

Information you provide when booking a call, such as name, email address, chosen time, and any booking notes submitted through Calendly.

Service relationship information

If you become a client, Aurestone may collect additional identification, accounting, tax, payroll, bookkeeping, business, onboarding, and payment information needed to provide professional services and meet compliance obligations. This may be covered in more detail in engagement letters or client onboarding documents.

Website and interaction data

Basic technical or interaction information such as the page used to click a WhatsApp button, the button source, and timestamp. This is used to understand contact routes and improve the website.

Admin and security data

For authorised administrators, the website may process login details, admin session cookies, content changes, revision records, and CMS activity.

Please do not send sensitive financial documents, identity documents, tax records, or payroll records through general website enquiry forms unless Aurestone specifically asks you to use a secure or agreed method.

4. How we collect information

Aurestone may collect personal information directly from you when you:

  • complete a website form;
  • download a guide or request follow-up information;
  • book a consultation through Calendly;
  • send a WhatsApp message, email, or other direct communication;
  • provide information during onboarding or service delivery; or
  • use the admin area as an authorised user.

Aurestone may also receive information from public sources, professional advisers, government bodies, Companies House, HMRC, bookkeeping/accounting platforms, payroll systems, or other sources you authorise as part of a client engagement.

5. How and why we use personal information

PurposeInformation usedLawful basis
Responding to enquiriesContact form details, AI chat messages, WhatsApp or email messages, service interests, and business context you provide.Legitimate interests and, where the enquiry relates to potential services, steps prior to entering into a contract.
Booking and managing callsBooking details, calendar information, and any notes submitted when arranging a review.Legitimate interests and steps prior to entering into a contract.
Providing accounting, tax, bookkeeping, payroll, advisory, or related servicesClient, business, finance, accounting, tax, payroll, payment, and identity information relevant to the engagement.Contract, legal obligations, legitimate interests, and in limited cases consent or substantial public interest where special category data is involved.
Meeting legal, regulatory, tax, anti-money laundering, professional, and record-keeping obligationsClient records, identity checks, engagement history, correspondence, invoices, and records required by law or professional standards.Legal obligation and legitimate interests.
Running, securing, and improving the websiteEssential cookies, admin session data, CMS records, and basic first-party interaction logging.Legitimate interests and, for essential cookies, necessity to provide the website/admin functionality.
Sending service communicationsContact details and messages needed to respond to requests or provide information connected with an enquiry or service.Legitimate interests, contract, or consent where required.

Aurestone does not use automated decision-making or profiling that produces legal or similarly significant effects for website visitors.

6. Special category and sensitive information

The public website is not designed to collect special category data, such as health information, or highly sensitive financial documents. If a client engagement requires sensitive information, Aurestone will only process it where there is a lawful basis and where appropriate safeguards are in place.

If you accidentally send sensitive information through a general form, Aurestone may delete it, move it to a more appropriate system, or contact you to agree a safer way to proceed.

7. Who we share information with

Aurestone does not sell or rent personal information. Personal information may be shared with trusted providers or authorities where needed for the purposes described in this policy.

Website hosting and infrastructure providers

Hosting, securing, and delivering the website.

Resend or email delivery providers

Sending website enquiry notifications and related email communications.

Calendly

Scheduling free Tax & Finance Review calls and other appointments.

OpenAI or other AI service providers

Processing AI chat messages and generating chat responses when you use the website chat assistant.

WhatsApp / Meta

Handling WhatsApp messages if you choose to contact Aurestone through WhatsApp.

Professional software and service providers

Accounting, tax, payroll, bookkeeping, document management, payment, or client administration where relevant to a client engagement.

Professional advisers, regulators, or authorities

Legal, accounting, insurance, regulatory, HMRC, Companies House, anti-money laundering, or dispute-related requirements where necessary.

Providers are expected to handle personal information securely and only for the relevant service purpose. Some third-party services, such as Calendly or WhatsApp, may also process information under their own privacy terms when you choose to use them.

8. International transfers

Some technology providers used by the website or by professional service delivery may process personal information outside the UK. Where this happens, Aurestone expects appropriate safeguards to be used, such as adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms.

9. Cookies and website tracking

This website uses essential cookies where needed for the site and admin area to function. The admin session cookie is used only for authorised website administration and is not used for advertising.

Aurestone does not use advertising cookies or third-party analytics cookies on this website. Basic first-party interaction logging may be used to understand whether contact buttons, such as WhatsApp, are being used. WhatsApp click logging records limited information such as button source, page path, and timestamp. It does not record the content of any WhatsApp message.

If you use the Calendly booking widget or WhatsApp, those third-party services may set their own cookies or collect information according to their own policies.

10. How long we keep information

Aurestone keeps personal information only for as long as reasonably needed for the relevant purpose, including legal, regulatory, professional, accounting, tax, insurance, and dispute-resolution reasons.

InformationTypical retention approach
Website enquiries that do not become clientsUsually up to 12 months after the last meaningful contact, unless a longer period is needed for legal, complaint, or business continuity reasons.
AI chat enquiriesUsually handled as website enquiries and kept up to 12 months after the last meaningful contact unless a longer period is needed for legal, complaint, or business continuity reasons.
WhatsApp click logsKept only as limited first-party interaction records and capped in the website data store. These records do not contain WhatsApp message content.
Booking recordsKept for as long as needed to manage the booking, follow up on the enquiry, and maintain reasonable business records.
Client service recordsKept for the period required by law, HMRC, Companies House, anti-money laundering rules, professional obligations, insurance, and legitimate business record-keeping needs. This can commonly be several years after the end of the client relationship.
Admin session cookiesThe current admin session cookie is configured to expire after 7 days unless cleared earlier.

11. How we protect information

Aurestone uses appropriate technical and organisational measures to protect personal information. These may include access controls, admin session protection, secure service providers, role-based access, password protection, data minimisation, and limiting access to people or providers who need it.

No website or email system can be guaranteed as completely secure. Please avoid sending sensitive documents through general forms or ordinary email unless a secure method has been agreed.

12. Marketing and service communications

Aurestone may send service-related messages in response to an enquiry, booking, download, or client relationship. If Aurestone sends optional marketing emails, you will be able to unsubscribe or opt out.

Aurestone does not sell personal information to third parties for marketing.

13. Your data protection rights

Under UK data protection law, you may have the right to:

  • Be told how your personal information is used.
  • Ask for access to your personal information.
  • Ask for inaccurate information to be corrected.
  • Ask for information to be erased in certain circumstances.
  • Ask for processing to be restricted in certain circumstances.
  • Object to processing based on legitimate interests in certain circumstances.
  • Ask for certain information to be transferred to another provider where the right to data portability applies.
  • Withdraw consent where processing is based on consent.
  • Complain to the Information Commissioner's Office if you are unhappy with how your data is handled.

These rights are not absolute and may depend on the type of information, lawful basis, professional obligations, and legal requirements. To exercise a right, email fahad@aurestoneadvisory.com.

14. Complaints

If you are unhappy with how Aurestone handles your personal information, please contact Aurestone first so the issue can be reviewed.

You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator. The ICO website is ico.org.uk.

15. Changes to this policy

Aurestone may update this privacy policy from time to time to reflect changes in the website, services, legal requirements, or how personal information is handled. The latest version will be published on this page with an updated date.

16. Contact Aurestone

For privacy questions, data rights requests, or concerns about how your information is handled, contact:

Email: fahad@aurestoneadvisory.com
Practice: Aurestone Advisory, United Kingdom

Back to homeContact Aurestone
WhatsApp