GDPR Statement

Overview of Compliance

In preparation for the implementation of GDPR and PECR, we have diligently engaged with businesses to offer comprehensive guidance on achieving compliance with these EU regulations. Additionally, we have been actively ensuring our own compliance.

We’ve already laid a strong foundation for compliance, with our existing technical and organisational measures aligning well with the requirements of GDPR. We will ensure fo the information security risks, ensuring the confidentiality, integrity, and availability of information. This framework encompasses policies, procedures, processes, plans, roles, responsibilities, resources, and structures dedicated to security risk management and information protection.

Secondary Service Providers

To comply with the regulations, we must disclose any additional entities participating in the handling of your data. The bulk of our data resides within our in-house systems situated at our office for routine operations. For cases where we enlist the services of other data processors, we’ve diligently gathered and documented their assurances. These include:

  • We retain certain sales and leads data within a cloud-based CRM (Customer Relationship Management) system.
  • We utilise Dropbox to manage certain project-related data.

Hosted Services

When we offer hosting services to our clients, we function as data processors acting on behalf of our clients, who serve as data controllers under the regulations.

Data controllers must obtain assurances from data processors that data processing adheres to ‘reasonable technical and organisational measures’ for data security. Data processors must furnish this information upon request. To fulfil this obligation, the following statements are provided for your reference.

Organisational Safeguards

Organisational safeguards under the General Data Protection Regulation (GDPR) are vital components of data protection strategies for businesses. These measures encompass the policies, practices, and structures that organisations put in place to ensure the security and integrity of personal data. They include clear data protection policies, employee training, access controls, and data handling procedures. GDPR emphasises the need for businesses to implement these organisational safeguards to protect individuals’ privacy rights. By adhering to these standards, organisations can demonstrate their commitment to responsible data handling and mitigate the risk of data breaches, ensuring compliance with GDPR and fostering trust with their customers.

Technical Measures

Our hosted services benefit from a robust multi-layer security approach. Each server is shielded by a hardware firewall that exclusively permits legitimate traffic designated for specific services, while stringent controls restrict access to critical services.

In addition, every server benefits from an extra layer of security through a software firewall and a physical appliance. The software firewall is configured to solely admit relevant network services.

Furthermore, our CMS websites enjoy an added layer of defence with a software based Web Application Firewall, effectively safeguarding against common vulnerabilities and more. Intrusion detection systems are also in place on our servers, continually monitored for any signs of abnormal behaviour.

The customer bears sole responsibility for website files, databases, and other data associated with the website, including underlying content management system files and versions.

IT Services

When you have engaged AD-PA for IT system consulting, development, and deployment within your organisation, please note that AD-PA bears no responsibility for the operational use of these systems. As the Data Controllers, it is incumbent upon you to ensure that your IT systems, as well as the associated organisational policies and procedures, comply with the regulations. AD-PA is ready to provide assistance to facilitate compliance in any way feasible.

Third-Party Hosted Services

If you’ve sought advice from AD-PA and they’ve recommended or directed you to a third-party data processing service, please be aware that AD-PA does not function as a data processor or controller for these data processing systems. In such cases, the Data Controller is advised to obtain written assurances from the processor regarding the security measures implemented for the data.

Data Collection Policy Statement

AD-PA acts both as a data controller and a data processor for our clients, as per the definitions outlined in the regulation. Our headquarters are situated at 43 – 45 North Street, Manchester, M8 8RE. You can reach us at 0161 832 1399 or contact us via email at hello@accountsdirect.uk. Further information, including our privacy policy, can be found on our website at www.ad-pa.com.

We gather data for the purpose of generating quotes for potential clients and meeting contractual obligations. This data may be preserved for a maximum of 7 years to comply with financial regulations. Additionally, it may be retained for client communication, marketing related services, and for regulatory or legal defence, as long as it remains relevant. Without this essential data, we may be unable to effectively communicate with clients and fulfil their requests.

The data we collect includes names, email addresses, telephone numbers, and various contact details, such as Instant Messaging account names, IP addresses, and potentially other online identifiers. We do not engage in the sale or transfer of data to third parties, nor do we transfer data to countries or international organisations lacking adequacy agreements.


This statement does not constitute legal advice. It is advisable to seek specialised legal counsel tailored to your specific circumstances.

The contents of this site are provided for general information purposes. While we strive for accuracy, we make no express or implied warranties regarding the correctness of the information and disclaim any liability for errors or omissions. We are not responsible for any damages, including but not limited to loss of business or profits, arising from the use of, or inability to use, this site or its contents, or from any actions or decisions made based on the information presented here, whether in contract, tort, or otherwise.