Privacy Policy

How your personal information is used by the Martin Aitken Group of companies

Martin Aitken & Co Limited; Martin Aitken Financial Services Limited and Caledonia Accounting Services Limited all of which form the Martin Aitken Group of companies ( “we”, “us”, “our”) respects the privacy and legal rights of the individuals and organisations we deal with.
This Notice provides information about how we collect and use data from visitors to our website and the persons and organisations we deal with when providing services and administering our business.  It should be read in conjunction with our website and terms of engagement.
This Notice (together with our Website Terms & Conditions) and any other documents referred to in it) explains how we make use of personal data we collect from or about you or which you provide to us.
Using our website will include the processing of your data as set out in this notice where you get in touch by email: with us via our website contact form. If you or your organisation is one of our clients, further information will be found in our engagement letter.


Click on the links below to find out more about our privacy policy and how we collect, use and protect your data:

Our privacy commitment

We promise to keep any data you provide to us safe and private and to treat your information fairly and lawfully. We are committed to protecting your personal privacy.
We will provide you with ways to manage and review the marketing we send to you and we will provide you with an opportunity to opt out from receiving marketing from us in all marketing communications (email or post) that we may send to you.
We will not sell the data you provide to us to any other organisation or 3rd party.


Who we are

For the purpose of the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), the data controllers in respect of any personal data controlled by the Martin Aitken Group are the following companies:
Martin Aitken & Co Limited, a limited company under the laws of Scotland, registered under number SC225765 and having its registered address at Caledonia House, 89 Seaward Street, Glasgow, G41 1HJ. (“MACO Accounting + FD Services” is a trading name of Martin Aitken & Co Ltd).
Martin Aitken Financial Services Ltd, a limited company under the laws of Scotland, registered under number SC225764 and having its registered address at Caledonia House, 89 Seaward Street, Glasgow, G41 1HJ.
Caledonia Accounting Services Limited,  a limited company under the laws of Scotland, registered under number SC072983 and having its registered address at Caledonia House, 89 Seaward Street, Glasgow, G41 1HJ.

Martin Aitken & Co Limited is registered to carry on audit work and regulated for a range of investment business activities by the Institute of Chartered Accountants of Scotland (“ICAS”). Martin Aitken Financial Services Ltd is authorised and regulated by the Financial Conduct Authority (“FCA”) (Financial Services Registered Number: 464997).

Personal data you give us

When we use the term “Personal data” in this Notice, we mean information about living individuals which, alone or in conjunction with other information held by us, is capable of identifying them. The DPA and the GDPR regulate our use of your personal data.
We may obtain personal data from you when you contact us, including when you call us, get in touch with us via our website or when you or your organisation corresponds with us using any means of communication. This includes personal data you provide to us when you:
  • Contact us with a question or enquiry;
  • Contact us or authorise anyone to contact us about employment with us ;
  • Register for a seminar, event, or to receive business updates or newsletters;
  • Attend events or provide our staff with business cards or contact details;
  • Deal with us when we are providing services to one of our clients (which may be you, your organisation or a third party);
  • Make a complaint; or
  • Deal with us in order to provide us with goods or services.
We may also collect and retain personal data:
  • Obtained from public sources about you or your organisation;
  • Obtained from third parties, who may include our clients, legal and accountancy professionals and their firms, courts, professional regulators, public bodies, and other entities, including credit reference agencies and providers of analysis, screening and database services who have a right to disclose this information to us; and
  • Relating to whether our contacts read electronic correspondence from us or click on links we send them.
We can use any personal data we obtain for a number of purposes, as set out below.
  • To provide you or your organisation or our clients with information or services (we will keep this until you tell us to remove your personal data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services) and to improve and to tailor how we provide those services and that information;
  • To perform a contract with the person about whom we hold data (we will keep your data for so long as is necessary for the contract and then as required for legal and compliance purposes);
  • To deal with enquiries or requests or to contact people on behalf of our clients (we’ll keep your data for so long as is necessary to deal with the enquiry or request);
  • To protect or pursue our  legitimate interests or those of our clients or anyone else we provide personal data to, after taking into account the legitimate interests of the person the data is about;
  • To comply with the law – for example, when performing background or money laundering checks (we’ll keep your data for so long as is necessary to document our compliance with the law and our regulator’s requirements);
  • To assess the credit-worthiness of a person or organisation we’re considering doing business with (we’ll keep your data until we make a decision about doing business with them);
  • To promote the services we provide and obtain new business (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our services);
  • To offer our business contacts the opportunity to attend events and seminars and to receive information about the firm, business updates and topics we think might interest them (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our events, seminars and information);
  • To comply with our duties as stipulated by ICAS, HMRC and the FCA (we’ll keep your data for so long as is necessary to achieve this – in some cases this may be up to 10 years); and
  • In any other way which we consider necessary and appropriate in order to conduct our business, including to fulfil our professional, regulatory and legal obligations to our clients, ICAS, HMRC, the FCA or other persons (we’ll keep your data for as long as we need to in order to achieve this, but for no longer than is necessary).
We will not retain personal data for longer than is necessary for the purpose or purposes for which we use it and we also explain below generally how long we will retain personal data for a given purpose.  If you or your organisation are a client of ours, our engagement letter has further information about our file retention policy.

Personal data we may obtain from our website about web visitors

We may automatically collect the following information, which may or may not be personal data, on anyone visiting the website:
  • IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access, including browser information, time zone settings and hardware information;
  • How visitors use the website, including dates and times and any details of how and for what duration particular resources are viewed or used; and
  • Clickstream data, including where users navigate to our site to and from and any searches you have made on or relating to our site.

We will use this data to

  • Run our website and ensure it works properly;
  • Improve how we present the information on it and make browsing easier and more productive;
  • Maintain the site’s security and that of our visitors.


An HTTP cookie is a piece of data sent on behalf of a website (such as our  websites) and stored on the user’s computer by the user’s web browser while the user is browsing

We may use internal resources or third party analysis services which use cookies to collect information on site usage and behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of our website and improve it.  We may also share website usage data with service providers for benchmarking and site rating purposes.

We don’t use cookies in a way which allows us to identify site users.

You can block cookies via your web browser and can screen out certain cookies using browser add-ons or other software.  This may prevent you from accessing all of our website.


We use traffic log cookies to identify which pages are being used. In particular, portions of this website use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States .

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. This helps us analyse data about web page traffic and improve our website in order to tailor it to client needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.

Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the appropriate privacy policy applicable to the relevant website being used.

How we share your data with other people and organisations

We may provide access to your personal data to our employees, contractors and agents and to our clients and their employees, contractors and agents.

Where we supply personal data to our own employees, contractors and agents, this will be for the performance of their duties or contractual responsibilities to us and to be used only in a manner which isn’t incompatible with the purposes for which we obtained it.

Where we supply other people and organisations with personal data for purposes other than their processing this data for us according to our instructions, we will consider (where allowed by law or our duties to our clients) the security and privacy of that data in the hands of the recipient.  However, we won’t be responsible for the security and privacy of data held by third parties where we don’t control their policies and practices.

We may share personal data with other people and organisations for these reasons:

  • Providing you or others with accountancy and financial services or information;
  • To enforce and protect our own legal rights or those of our clients and other persons (including by supplying information to our insurers);
  • If we’re required to by law or by our professional regulators;
  • Maintaining and improving our website, including the use of web analytics and search engine optimisation;
  • To help administer seminars, courses, lectures and other events you have asked to attend or which we think may be of interest to you;
  • To get our clients’ feedback on our work; or
  • To market and promote our services.
Where we share data for the above reasons, we may transfer it to countries or territories outside the European Economic Area (EEA).  We do not make these transfers as a matter of course, but may do so when this is necessary to provide services (for example, a client, a party in relation to whom we are conducting proceedings or dealing with, or an asset that is the subject of legal proceedings is located outside the EEA) or to obtain goods and services from third parties.
Where you give us your personal data, you consent to the transfer of such personal data out of the EEA and acknowledge that this may involve the transfer of personal data to a country or territory which may not be deemed by the European Commission or the European Courts to provide an adequate level of protection for your rights and freedoms as a data subject.

Your rights to object to direct marketing

Like other businesses, we will sometimes use your personal data to provide you with information about the services we offer, developments in the law, taxation and finance which might affect you and other topics we think might interest our clients and business contacts.  If you ask us to provide accountancy, taxation or financial services to you, the terms of business and engagement letter we provide you will have additional information about how we can use your personal data.
We appreciate that you may decide that you don’t want us to use your personal data in this way and we will respect that choice.  We also have a legal obligation under the DPA and GDPR to stop sending you marketing communications if you object, so if you don’t want us to use your personal data in this way, just let us know.
We suggest sending an e-mail to us at or writing to us care of:
The Data Protection Officer,
Martin Aitken & Co Limited
Caledonia House,
89 Seaward Street,
G41 1HJ
We’ll give you the opportunity to opt out of future marketing whenever we send you marketing material.

Your rights in the personal data we process

Under the GDPR, you have the following rights in relation to your own personal data:
  • To prevent us using your data for direct marketing;
  • To have (in certain circumstances) inaccurate personal data corrected, blocked or destroyed;
  • To access a copy of the information comprised in your personal data that is undergoing processing (“subject access rights”);
  • To object to automated decisions
  • To obtain compensation through legal proceedings for damage caused by a breach of the GDPR; and
  • A right to object to processing that is likely to cause or is causing damage or distress.

If you want to

  1. Tell us to stop using your data for direct marketing;
  2. Exercise your subject access rights;
  3. Tell us about inaccurate personal data you think we hold on you; or
  4. Object to a use you believe we’re making of your data which is causing, or is likely to cause, damage or distress, please contact our Data Protection Officer (as per the contact details above).

We will not charge you to exercise your subject access rights, but may make charge a reasonable fee reflecting our administrative costs should you request further copies of the personal data.

When you contact us to exercise any of the above rights, we will first ensure that the person requesting the data is the person whose data is being sought (or that it is being requested on that person’s behalf).

This may involve providing us with proof of your identity or your authority to act for the data subject.  We can also ask you for any information we need to help us find the personal data you’re enquiring about.

We will also provide you with the following information relating to your personal data:

  • The purpose for which we’re processing it;
  • What categories of data about you we process;
  • The recipients of your data, if any, including specifically international or foreign organisations;
  • Our expected retention period or how we’ll calculate this, if we don’t know yet;
  • Your rights in relation to the data; and
  • The source of the data, if we didn’t get it from you.

Related sections: