Mcallisters Chartered Accountants

mc x  mc ln


McAllisters CA a partnership having its principal place of business at Paxton House, 11 Woodside Crescent, Glasgow G3 7UL (“McAllisters” or “we”, “our” or “us”) is committed to protecting the security and privacy of all personal information or data collected from you. We therefore conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy statement tells you what to expect when we collect and process your personal information.

Information We May Collect from You 

We may ask you to provide certain information when you use our website or are in contact with us (whether it is by telephone, email, via the forms on our website, through applications or platforms that we use including our social media platforms or even face to face) about the services we provide. You will know when we are collecting information intended to be kept for future use because the web page will contain a link to this privacy statement. The information collected may include: 

  • Details in relation to your identity such as your name, occupation and job title
  • Contact details including your postal/e-mail addressand phone number
  • Transaction details about services you specifically requestfrom us
  • Financial details required in relation to the services provided under contract with you including details of your taxes, assets, payroll, investments, and earnings
  • Family and beneficiary details in relation to tax planning
  • Financial information in relation to payments including bank and/or credit card details
  • details of your visits to our website including but not limited to traffic data, location data,web blogs and other communication data and the resources that you access or use and details of the technology and devices you use to access our resources

We will generally not collect sensitive data from you. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Where we do require to process such sensitive data and as this will be the exception rather than the norm we will notify you in advance and will request your consent in writing to process such sensitive data.

Uses Made of Your Information 

We are subject to the General Data Protection Regulation and the Data Protection Act 2018 as both are amended by the EU (Withdrawal) Act 2018 and the Data Protection, Privacy & Electronic (Amendments etc) (EU Exit) Regulations 2019 (said amendments being referred to as “UK GDPR”) and any amendments to either the GDPR or UK GDPR from time to time (both of which together with any further amendments from time to time are collectively hereafter called “the Data Protection Laws”).By law we can only process your information if we can demonstrate the lawful grounds we have for doing so. Currently there are six potential lawful grounds for processing personal information, namely

  • we have your consent;
  • it is necessary for performance of a contract to which you are a party or to take steps at your request prior to entering into such contract;
  • it is necessary for our compliance with a legal obligation;
  • it is in the public interest;
  • it is necessary to protect your vital interests; or
  • that it is in our legitimate interest to do so but only where that interest does not override your interests or your fundamental rights and freedom.

If none of these grounds apply or ceases to apply we must cease processing your personal information immediately.

We may use personal information held about you in the following ways: - 

Activity or purpose of processingType of Data processedWhat is our Legal Ground for doing this?
Registering you as a client or service user and verifying your identity where this is required Your identity and contact details Performance of a contract
Maintaining our relationship with you including contacting you by post, text, email or telephone where appropriate including responding to any enquiries made or complaints raised by you Your identity and contact and profile details Performance of contract
Legal Obligation
Legitimate Interest i.e. to keep our records updated and identifying how you use our services
Ensuring that content from our website is relevant to you and is presented in the most effective manner for you Your identity, contact, profile and technical details Legitimate Interest i.e. to review the services/goods we supply to you and to inform our overall marketing strategy
Processing or delivering our services including providing professional advice and delivering reports related to our tax, advisory, audit, planning, assurance and other professional services and Your identity, contact, financial and transaction details Performance of a contract
Legal Obligation
Legitimate Interest i.e. to recover any payments due
Managing Payments including receipt of credit card payments Your identity, contact, financial and transaction details Performance of a contract
Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime Your identity, contact, financial and transaction details Legal Obligation
Administration of our website and business (including webhosting and support) Your identity, contact and technical data Legal Obligation
Legitimate interest i.e. running business, ensuring security and performance of the website, admin and support, monitoring for viruses or malicious software
To make suggestions that may be of interest to you Your identity, contact, profile and technical data Legitimate interests i.e. to develop our products and services

We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.

In working out how long we retain personal data we look the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have. By way of example by law we are required to keep accounting records for six years after end of the year in which the last transaction occurred. This means that we will be required to keep some basic client details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic client details and therefore it is not legitimate to also keep information such as your preferences for that period of time.

If you have any questions relating to either retention periods or more require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.

Sharing Your Information

We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy statement. We may share your personal information with the following parties: -

  • Service providers who provide us with IT and administration services such as our IT Support and back up provider, webhosting company, company providing confidential waste destruction services, archiving service provider, and Book keepers and cloud accounting software providers such as Xero and Wagemate;
  • HMRC and other regulatory authorities who require reporting of those activities by law;
  • Professional advisers such as our lawyers, bankers and insurers;
  • Third parties to whom we sell, transfer or merge our business or any part of it; and
  • Our accounts software provider for the purposes of invoicing

All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that: -

  • they have adequate technical and other measures in place to ensure the security of your personal information;
  • that they only use it for specified purposes;
  • That any employees or contractors who have access to the information are adequately trained and deal with it on a need to know basis only;
  • and that they act only in accordance with our instructions.

IP Addresses and Cookies 

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual. 

Some websites use “cookies” which are text only strings of information that the website you are visiting transfers to the cookie file of the browser on your computer. The purpose is to identify users and to enhance the user’s experience by customising web pages. A cookie will usually contain the name of the domain from which the cookie has come, an expiry date for the cookie, and a value which is usually a randomly generated unique number. However, this website does not use cookies.

Marketing Information

We will only market to you where you have: -

  • specifically requested marketing information from us; or
  • Previously acquired similar services/goods from us; or
  • Consented by way of ticking a box or opting in to receiving marketing from us.

If you have opted out of marketing, we will not send you any future marketing without your consent.

Each time we market to you we will always give you the right to opt out of any future marketing but

would point out that you have the right at any time to ask us not to market to you at any time by emailing us at This email address is being protected from spambots. You need JavaScript enabled to view it.  rather than waiting on a specific opt out.

Security of Personal Data 

We take information security very seriously.  Your information and records will be stored securely to ensure privacy of your personal data. We take all reasonable steps to ensure that there are technical and organisational measures of security in place to protect your personal data from unauthorised access to or disclosure of it, and against loss or accidental damage or unauthorised alteration of it. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the Information Commissioner, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.

Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.

Overseas Transfers

Countries outside of the UK do not always have similar levels of protection for personal data as those inside the UK. The law provides that transfers of personal data outside of the UK is only permitted where that country has adequate safeguards in place for the protection of personal data.  Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the UK or may use processors who are based overseas.

Where we use cloud-based services or third-party providers of such services and in either or both circumstances the data is processed outside of the UK that will be regarded as an overseas transfer. Before instigating an overseas transfer we will ensure that the recipient country and/or processor has security standards at least equivalent to UK GDPR and in particular one of the following permitted safeguards applies: -

  • The country in question is deemed to have adequate safeguards in place as determined by the UK Regulatory Authorities (which is the case in respect of transfer to countries within the EEA); or
  • There is a contract or code of conduct in place which has been approved by the UK Regulator which gives your personal information the same protection it would have had if it was retained within the UK; or
  • If the overseas transfer is to the United States, then we may only use US Providers that are part of a UK Regulator approved framework which obliges them to give your personal information the same degree of protection it would have had if it were retained within the UK and therefore has adequate safeguards.

If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.

Your Rights 

You have rights as an individual which you can exercise in relation to the information we hold about you. These rights are:

  • the right to restrict processing of your personal data;
  • the right to rectification or correction of your personal data;
  • the right to object to processing of your personal data;
  • the right of erasure of personal data (also referred to the right to be forgotten);
  • the right not to be subject to a decision based solely on automated processing or profiling;
  • the right to transfer your personal data (also referred to as the right of portability)
  • the right to withdraw your consent to processing your personal data; and
  • the right of access to your personal data.

Additional information about these rights can be found on the Information Commissioner’s website at

If you have provided consent and we are relying on that as the legal ground of processing your personal information and wish to exercise your right to withdraw that consent you can do so at any time by contacting us at This email address is being protected from spambots. You need JavaScript enabled to view it..

Access to Personal Information

We try to be as open as we can in giving people access to their personal information. You can make a subject access request at any time. Any request requires to be in writing and is not subject to any charges or fees. If we do hold any personal information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it has or will be disclosed to;
  • the source of the information (if not you);
  • where possible, the period for which it will be stored; and
  • let you have a copy of the information in an intelligible form

We will respond to a subject access request within 30 days. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex we may take longer than this but shall keep you advised as to progress should this be the case.

If you believe that any information we hold about you is incorrect or incomplete you should email us at This email address is being protected from spambots. You need JavaScript enabled to view it.. Any information which is found to be incorrect will be corrected as soon as possible.


We would prefer to resolve any issues or concerns you may have direct with you. If you feel you are unable to resolve matters by contacting us direct or are you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the Information Commissioner who is the statutory body which overseas data protection law. They can be contacted through


Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it.

Changes to this Privacy Statement

We keep our privacy notice under regular review. This privacy notice was last updated in November 2021

Contact Us

McAllisters Chartered Accountants
Paxton House, No 11 Woodside Crescent
G3 7UL

0141 332 0392
This email address is being protected from spambots. You need JavaScript enabled to view it.

Accreditation Logos



Newsletter Sign Up

With our newsletter, you automatically receive our latest news by  e-mail and get access to the archive including advanced search options!

Newsletter Sign Up  |  Login

Newsfeed Search