Positive Practice - Plan, Perform and Profit

Privacy Policy

Last Updated: 9 April 2026

Positive Practice is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data.

1. Who We Are and How to Contact Us

Data Controller: Positive Practice

Contact Details:

We are the data controller responsible for your personal data. If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

2. What Personal Data We Collect

We collect personal data in the following ways:

2.1 Information You Provide Directly

When you interact with us, you may voluntarily provide personal data, including:

  • Contact Form Submissions: When you request a free Cashflow Review, we collect your name, email address, phone number, business details, and any message you provide.
  • Email Enquiries: If you email us directly, we collect your email address, name, and the content of your message.
  • Phone Enquiries: If you call us, we may record your phone number and details of your enquiry.
  • Service Engagement: If you become a client, we collect additional information necessary to provide our accounting and financial services.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • Cookies and Tracking Technologies: We use analytics tools (Umami Analytics) to understand how visitors use our website.
  • Server Logs: Our web server automatically logs your IP address, browser type, operating system, and visit details.
  • Device Information: We may collect information about the device you use to access our website.

2.3 Information from Third Parties

We may receive personal data about you from:

  • GoHighLevel CRM: When you submit our contact form, your information is transmitted to GoHighLevel, our customer relationship management platform.
  • Service Providers: We may receive information from our accountants, tax advisors, or other professional service providers.

3. Legal Basis for Processing Your Data

Under UK GDPR, we only process personal data where we have a lawful basis to do so. Our legal bases include:

  • Contract: Performance of our service agreement with you
  • Consent: Where you have opted in to receive communications
  • Legal Obligation: Compliance with UK tax law and accounting regulations
  • Legitimate Interest: To provide information about our services, improve our website, and detect fraud

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To respond to your enquiry about a free Cashflow Review
  • To deliver accounting, bookkeeping, and financial advisory services
  • To prepare tax returns, management accounts, and financial reports
  • To send you information about our services and special offers (only if you have opted in)
  • To analyse website traffic and improve user experience
  • To comply with UK tax law and accounting regulations

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data. Most web browsers allow you to control cookies through your browser settings. You can disable cookies, allow them only from certain websites, or delete them after each browsing session. Please note that disabling cookies may affect the functionality of our website.

6. Who We Share Your Data With

We only share your personal data with third parties where necessary and lawful:

  • Service Providers: GoHighLevel (CRM), email providers, cloud storage providers, and accounting software providers
  • Legal Requirements: HMRC, Companies House, law enforcement, and regulatory authorities (if required by law)
  • Business Transfers: If Positive Practice is acquired or merged, your data may be transferred as part of that transaction

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. How Long We Keep Your Data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Contact form enquiries (non-clients): 3 years
  • Client accounting records: 6 years (UK tax law requirement)
  • Email communications: 3 years
  • Website analytics data: 13 months
  • Marketing opt-in records: Until you unsubscribe

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you within 30 days, free of charge
  • Right to Rectification: You can request that we correct inaccurate or incomplete data
  • Right to Erasure: You can request that we delete your personal data (subject to certain exceptions)
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability: You can request your data in a structured format for transfer to another provider
  • Right to Object: You can object to processing for marketing or legitimate interests
  • Right to Withdraw Consent: If we process your data based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at [email protected] or 01756 709210. We will respond within 30 days.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of sensitive data in transit and at rest
  • Access controls limiting data to authorised staff only
  • Secure servers with firewalls and intrusion detection
  • Password-protected client portals
  • Regular security assessments and updates

While we implement robust security measures, no system is completely secure. If you believe your data has been compromised, please contact us immediately.

10. Children's Privacy

Our website and services are not directed at children under 13 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 13, we will delete it immediately. If you believe we have collected data from a child, please contact us at [email protected].

11. Third-Party Links

Our website may contain links to third-party websites, including social media platforms (LinkedIn, Facebook). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, by email or prominent notice on our website. Your continued use of our website and services after changes indicates your acceptance of the updated Privacy Policy.

13. Complaints and Supervision

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection.

ICO Contact Details:

However, we encourage you to contact us first at [email protected] to resolve any concerns.

14. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or how we handle your personal data, please contact us:

Positive Practice

We will respond to your enquiry within 5 business days.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to transparency and accountability in how we process your personal data.