Privacy Notice

Scrutton Bland Limited, including its associate Sumer Auditco Limited, is committed to protecting and respecting your privacy.

This Privacy Notice is intended to be read in conjunction with your Terms of Business, Terms and Conditions or Letter of Engagement with us. It sets out the way we collect and look after your personal data, in line with the General Data Protection Regulation (GDPR).

Scrutton Bland Limited, including its associate Sumer Auditco is a diverse group offering many services so not all examples given in the following text will apply to the service provided to you.

Data controller (“us / we / the Group”): Scrutton Bland Limited and Sumer Auditco Limited.

Data Subject (“you / your”): You and where applicable, your employees, co-trustees, colleagues, clients, pupils, advisers, agents or family members whose Personal Data we hold.

Data Processor (the Processor(s)”): Business or individual processers we may pass your personal data to, in order to fulfil our contract or proposed contract with you.

Introducer (“the Introducer(s)”): Businesses or individuals we may receive your personal data from in order to advise you.

Data Protection Partner, Paul Goddard


We collect, store and process your personal data. This personal data may be held by the Group on paper or in electronic format.

We are committed to being transparent about how we look after your personal data, to protect your privacy and security and to meet the obligations under the UK General Data Protection Regulation and Data Protection Action 2018. The purpose of this Privacy Notice is to make you aware how and why we collect and process your personal data both before, during and after our contract with you.

What types of personal data do we collect about you?

Personal data is defined as any information about an individual from which that person can be directly or indirectly identified. There are also “special categories” of personal data requiring a higher level of protection because the data is of a more sensitive nature. The special categories of personal data comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.

We may collect, use and process or pass to Data Processors a range of personal data about you. This may include personal data related to:

In certain circumstances we may also collect, use and process, or pass to Data Processors, the following special categories of your personal data (as applicable):

How do we collect your personal data?

We may collect personal data about you in a variety of ways. This may include data collected during our work, or proposed work, for you either directly from you or sometimes from an Introducer or other Data Subject such as an employer or business partner. We may also collect personal data from other external third parties, such as references from former advisers, information from background checks and identity check providers, information from credit reference agencies and information from Companies House.

Your personal data may be stored in different places, including within our IT systems and our Data Processor’s systems, on our premises and within our storage facilities.

Why and how do we use your personal data?

We will use your personal data within the Group in one or more of the following circumstances:

Why and how do we use special category personal data?

We will only collect and use Special Categories of personal data, when the law, regulatory requirements, professional governing bodies require us to do so or it is required to enable us to fulfil our contract with you.

We may process special categories of personal data.

We may also occasionally use your special categories of personal data, where it is needed for the establishment, exercise or defence of legal or regulatory claims or in association with insurance or anti-Money Laundering processes.

Change of purpose

We will only use your personal data for the purposes for which we collect and retain it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you with information about the new purpose prior to that further processing. You may request the legal basis which allows us to process your personal data for the new purpose at any time.

Who has access to your personal data?

Your personal data is shared internally within the Group. We may share your personal data with third parties and Data Processors where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party). Third parties may include IT and cloud service providers, other professional advisory firms, insurance and investment companies and HMRC.

How does the Group protect your personal data?

How long does the Group keep your personal data?

This section of the Privacy Notice replaces any former reference in your current arrangements with us in respect of Retention of Data or Information. The Group will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed.

This includes the purposes of satisfying any legal, tax, health and safety, reporting, regulatory or accounting requirements. The Group will usually hold your personal data for six years following the year in which it was initially processed, with the following exceptions:

Your rights in connection with your personal data

It is important that the personal data we hold about you is accurate and up to date.

Please keep us informed if your personal data changes e.g. you have a new home or email address. The Group cannot be held responsible for any errors in your personal data in this regard unless you have notified the Group of the relevant change.

As a Data Subject, you have a number of statutory rights. Subject to specific conditions, and in certain circumstances, you have the right to:

Should you wish to exercise any of these rights, please write to our Data Protection Partner. In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. If you believe that the Group has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues. The ICO website is

Transferring personal data outside the European Economic Area The Group may transfer your personal data to countries outside the European Economic Area (EEA). Where there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your personal data are deemed to provide an adequate level of protection for your personal data.

Changes to this Privacy Notice

The Group reserves the right to update or amend this Privacy Notice at any time. We will publish a new Privacy Notice when we make significant updates or amendments.

Contact If you have any questions about this Privacy Notice or how we handle your personal data, please contact us: By email: By letter: Paul Goddard, Scrutton Bland, Fitzroy House, Crown Street, Ipswich IP1 3LG

Need help? Contact one of our advisers