Privacy Policy

This privacy policy applies to the Bryden Johnson Group, made up of the following businesses:

  • Bryden Johnson Limited (Registered Company number 11711422) registered to carry out audit work in the UK by the Institute of Chartered Accountants in England and Wales. Registered office Kings Parade, Lower Coombe Street, Croydon, CR0 1AA.
  • Bryden Johnson Digital Limited (Registered Company number 01405352), Registered office Kings Parade, Lower Coombe Street, Croydon, CR0 1AA.
  • Bryden Johnson Payroll Services Limited (Registered Company number 00579002), Registered office Kings Parade, Lower Coombe Street, Croydon, CR0 1AA.

The Bryden Johnson Group (“we”) are committed to protecting and respecting your privacy

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.  We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.

For the purpose of the Data Protection Act 2018 (the Act), the data controller is Bryden Johnson Limited of Kings Parade, Lower Coombe Street, Croydon, CR0 1AA.

The data protection manager is Jackie Wilding who can be contacted at the above address, by calling 020 8686 0255 or emailing


From 25 May 2018, the Data Protection (Charges and Information) Regulations 2018 requires every organisation who processes personal information to pay a data protection fee to the ICO.

The registration number for Bryden Johnson Payroll Services Limited (Registered Company number 00579002) is ZA004306.

Bryden Johnson Limited (Registered Company number 11711422) and Bryden Johnson Digital Limited (Registered Company number 01405352) are registered with a designated professional body and are listed as Exempt Professional Firms under reference number ICAEW C005388909.


The Bryden Johnson Group, as Data Controllers, are bound by the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our websites and This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

We collect information about you when you fill in any of the forms on our website ie sending an enquiry, signing up for an event etc. Website usage information is collected using cookies.


We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.

We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.

They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site

We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience.  Google Analytics is a third-party information storage system that records information about the pages you visit and the length of time you were on specific pages. These cookies do not store any personal information about you.

How will we use the information about you and why?

The Bryden Johnson Group take your privacy seriously and will only use your personal information to provide the services detailed in our Letter of Engagement and supporting Schedules.  We will only use this information subject to your instructions, legal, statutory and regulatory requirements and this shall be subject to our duty of confidentiality.

For Corporate and Individual Clients, our lawful reason for processing your personal information will be “contractual necessity”.  We can process your personal information on the basis that we have an engagement letter in place and will need to obtain personal data in order to complete the activities engaged to do so.

We have a legal obligation where we may request personal data from you for the purposes of our money laundering checks.  This data will be processed as required by the laws and regulations we operate under for the purposes of monitoring and/or preventing money laundering.

Our work for you may require us to pass your information to our third-party service providers and other associated organisations for the purposes of completing tasks and providing the services to you.  However, when we use third party service providers, we disclose only the personal information that is necessary to allow them to deliver their Services and we have contracts in place that requires them to keep your information secure and not to use it for unpermitted purposes.

We will not share your information for marketing purposes.


All information you provide to us is stored on our secure servers.  Any payment transactions will be encrypted.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”).  It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.  Such staff may be engaged in, among other things, the provision of support services.  By submitting your personal data, you consent to this transfer, storing or processing.  Where this is the case, we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.

We use modern IT systems that ensure the confidentiality, integrity and availability of the personal data that we process.  We use up to date, commercial grade anti-virus software on our systems and these are automatically updated to maintain the safety of our electronic systems.  All computers and devices are password protected.  We print out the minimum required for paper files – and what files exist, are kept in a securely when an authorised human being is not present.  We also operate a clear desk policy.

If you leave our websites via a link or otherwise, you will be subject to the policy of that website provider.  We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.


We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To notify you about changes to our service.


  • In the event that we sell or buy any business, we may disclose personal data to the prospective seller or buyer of such business. As this would be inherent to the service you have instructed us to carry out, we will rely on contractual necessity in respect of any personal data shared in respect of the same unless you specifically instruct us not to do so.
  • Where our payroll services are concerned, we will necessarily have to share personal data with HMRC.
  • Please note that we may be under a duty to disclose or share your personal data in order to comply with our legal obligations under the law in the UK. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.


We would like to send you information about our services which may be of interest to you.  If you have consented to receive marketing, you may opt out at any point as set out below.


You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by clicking unsubscribe at the bottom of our mailings or by contacting us at


Access to Information

The Act gives you the right to access information held about you.  Your right of access can be exercised in accordance with the Act.  If you would like to submit a Subject Access Request, please write or email us at the address below and we will ordinarily respond to your request within 30 days from receipt. Please note that we are not under an obligation to provide you with information that you already hold.  We reserve the right to check and apply the relevant law regarding our response at that point in time.


To ensure your personal information is accurate, you can ask us to correct or remove information by writing or emailing us at the address below.


Objections to process personal data

It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” applies.  We will consider each objection on a case by case basis and will apply the applicable law at the time of request in considering how to respond.


Should anyone have provided their consent to us for any element of the processing of personal data, they have the right to withdraw that consent at any point in time.  The individual will be notified at the point of withdrawal as to the impact that it will have on them so they can make an informed decision in respect of the same.

Data Portability

You have the right to receive the personal data which you have given to us, in a structured, commonly used and machine readable format.

Your Right to be Forgotten

It is your right to request all information we hold about you be deleted.  To request this, please write or email us at the address below:

Jackie Wilding, Bryden Johnson, Kings Parade, Lower Coombe Street, Croydon, CR0 1AA


Personal data will be retained in line with our legal obligation.  We are required to keep all records for 6 financial years from file completion but may var depending on changes in the law or HMRC guidance.


If you feel that your personal data has been processed in a way that does not meet the GDPR, you have the right to lodge a complaint with the relevant supervisory authority, in the UK it is the Information Commissioner’s Office.  The ICO will tell you of the progress and outcome of your complaint.  We do however ask that you contact our Data Privacy Manager via in the first instance in order that we can seek to rectify any concerns that you might have.



Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. However, we advise that you check this page regularly to keep up to date with any necessary changes.  This privacy policy was last updated in June 2019 to ensure alignment with the new GDPR guidelines.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to

Professional Indemnity Insurance

In accordance with the disclosure requirements of the Provision of Services Regulations 2009, our professional indemnity insurer is Arch Insurance (UK) Limited of Plantation Place South, 5th Floor, 60 Great Tower St, London EC3R 5AZ. The territorial coverage is worldwide excluding professional business carried out from an office in the United States of America or Canada and excludes any action for a claim brought in any court in the United States of America or Canada.

Rules related to Audit Regulations and Guidance

Audit Regulations and Guidance which can be found at There are also the International Standards on Auditing (UK) available at

ICAEW Code of Ethics which can be found at  For auditors there are also the FRC Ethical Standards available at