Privacy Policy

  1. Who We Are

    NOVA322 Limited (we, our, or us) is a Private Service Company registered in England & Wales No. 12235484. We are regulated under the ICAEW Practice Assurance scheme and registered with the Information Commissioner's Office (ICO) under registration number ZB354736

    This Privacy Policy explains how we collect, use, store, and protect your personal information, in line with the UK General Data Protection Regulation (UK GDPR).

    For questions about this policy or your data rights, contact us at:

    Email: will@nova322.com Address: 623 Spring Bank West, Hull, England, HU3 6LD

  2. What Personal Data We Collect

    We may collect and process the following categories of personal data:

    • We may collect and process the following categories of personal data:
    • Identity & Contact Data: Name, email address, postal address, phone number, job title.
    • Client Data: Financial information, business details, tax and accounting records.
    • Payment Data: Bank Details for contractual payments

    We do not knowingly collect data relating to children under 18.

  3. How We Collect Your Data

    • Directly from you (via email, phone).
    • Through your use of our services.
    • From public sources (Companies House, HMRC, LinkedIn).

  4. Why We Process Your Data (Legal Bases)

    Purpose Type of Data Legal Basis
    To provide accounting & consulting services Identity, Contact, Client Contractual necessity
    To comply with legal obligations (e.g. tax law, AML) Identity, Client Legal obligation
    To manage payments & invoicing Identity, Contact, Financial Legitimate interest / Contract

  5. Who We Share Your Data With

    We may share your data with:

    • Regulators: HMRC, ICAEW (for compliance purposes).
    • Service Providers: Banking systems, cloud-based storage (e.g. Google & Microsoft 365) and
    • accounting platforms (FreeAgent).
    • Professional Advisors: Lawyers, auditors, insurers.
    • Law Enforcement: If legally required.
    All third-party providers are bound by data processing agreements.

  6. International Transfers

    Some client data is stored in cloud services such as Google Drive and Microsoft OneDrive. These providers may process data outside the UK, including in the United States. In such cases, we rely on lawful safeguards such as the UK’s adequacy decision for the US Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office.

  7. Data Retention

    We retain data:

    • Client records: 6 years after engagement ends (for compliance).
    • Financial records: 6 years (as per HMRC requirements).
    After this, data is securely deleted or anonymised.

  8. Your Rights

    You have the following rights under UK GDPR:

    • Right to access your data
    • Right to rectification
    • Right to erasure (where applicable)
    • Right to restrict processing
    • Right to data portability
    • Right to object to processing
    • Rights relating to automated decision-making (we do not perform this)
    To exercise any of your rights, contact us at will@nova322.com. We will respond within one calendar month. If you are dissatisfied, you may complain to the ICO: https://ico.org.uk

  9. Data Security

    We apply appropriate technical and organisational measures, including:

    • Encryption of data at rest and in transit
    • Multi-factor authentication
    • Firewalls and access controls
    • Secure cloud storage
    To exercise any of your rights, contact us at will@nova322.com. We will respond within one calendar month. If you are dissatisfied, you may complain to the ICO: https://ico.org.uk