Privacy notice

Moore Kingston Smith LLP and its associated businesses, please see our Legal terms for full list. Moore Kingston Smith (“MKS” “we”, “us”, “our”) is strongly committed to protecting and respecting the personal data that we hold. This Privacy Notice (“Notice”) describes why and how we collect and use personal data and provides information and individuals’ rights in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (‘the Act’).

Under the GDPR, personal data is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

We may use personal data provided to us for any of the purposes described in this notice or as otherwise stated at the point of collection.

Depending on the situation, we may arrange for some of the services to be provided to you by a company or firm which is associated with us, therefore, this privacy notice describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves and by others on behalf of individuals. We may use personal data provided to us for the purposes described in this notice or as made clear in another form before collecting personal data. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

This website is not intended for children and we do not knowingly collect data relating to children.

Data controller and contact information

The data controller is Moore Kingston Smith LLP, however, we at times, are the data processor as defined by the GDPR and the Act. When acting as a data processor we are serving the controller’s interests rather than our own.

If you have any questions about this notice or how and why we process personal data, please contact us at:

Data Protection Officer
Moore Kingston Smith LLP
6th Floor
9 Appold Street
London EC2A 2AP

The Moore Kingston Smith LLP’s website is and is owned and operated by Moore Kingston Smith LLP.

We also collect information automatically when you visit our website, namely your IP address, the pages you had previously visited or when you use our services, including usage, log and cookies information or similar technologies. Please read our Cookie Notice for more information.

Personal data we collect

We may collect, store and use the following categories of personal data about you.

Categories of information we collect, process, hold and share

Identity and contact information, such as your name, date of birth, gender, marital status, passport number, employment history, contact information, educational or professional background and job title.

Business information, such as information provided during the course of the contract between you or your organisation and MKS.

Technical information, this includes information collected during your visit to our website, please refer to our Cookie Notice for more information.

Emergency contact and family lifestyle information, such as names, relationship, phone numbers and email addresses.

Special categories of personal data, including biometric data, racial or ethnic origin, sexual life, sexual orientation, details of criminal offences or medical information.

Where we receive personal data from a third party that relates to an individual, we request that this third party informs the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this notice.

Moore Global Network Limited

We are part of a worldwide accountancy and consultancy network called Moore Global Network Limited (‘Moore Global’). Moore Global is a company incorporated in accordance with the laws of England and does not provide professional services to clients. Services provided are solely by member firms of Moore Global in their respective geographic areas. Moore Global and its member firms are legally distinct and separate entities. They are not and nothing shall be construed to place these entities in the relationship of parents, subsidiaries, partners, joint ventures or agents. No member firm of Moore Global is an agent or partner of Moore Global and has no authority (actual, apparent, implied or otherwise) to obligate or bind Moore Global or any other Moore Global member firm in any manner whatsoever.

Sharing personal data

We may share your data with the Moore Global and with our associated businesses.

We may disclose your personal data to third parties when we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. We may also share your personal data with third parties when we are legally permitted to do so. Before engaging with third parties, we conduct vendor risk assessments to verify the compliance level of those third parties. When we decide to share your data with those third parties, we put contractual arrangements and security mechanisms in place to protect your data in order to maintain compliance with our data protection, confidentiality and security standards.

Personal data held by us may be transferred to:

  • Third-party organisations that provide applications / functionality, data collection and processing or IT services to us – we use third parties to support us in providing our services, obtaining feedback from our clients and prospective clients and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services;
  • Third-party organisations that otherwise assist us in providing goods, services or information;
  • Moore Kingston Smith associated businesses;
  • Auditors and other professional advisers; and
  • Law enforcement or regulatory agencies or those required by law or regulations.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable laws and regulations, to investigate an alleged crime or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

How we collect your personal data

We collect your personal data in various ways, including:

  • When you connect us via in writing, via email, telephone or other electronic means;
  • When you or your organisation offer to;
  • When you or your organisation complete our enquiry form or otherwise interact with us via our website(s);
  • When you sign up to our events, webinars or seminars and attend our seminars, webinars or events.

Lawful processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:

  • Consent: you have given us your freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose;
  • Contract performance: the processing is necessary for the performance of a contract you have with us, which had asked you to take specific steps before entering into a contract;
  • Compliance with legal obligation: the processing is necessary for us to comply with the law for the tax, social security obligations and employment law purpose (not including contractual obligations);
  • Protection of vital interests: the processing is vital to an individual’s survival;
  • Public interest: the processing is necessary for us to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law; or
  • Legitimate interests: the processing is necessary for our legitimate interests, or the legitimate interests of a third-party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

Please note that we may process information without knowledge or consent, where this is required or permitted by law.

Data rights

Under the GDPR, you have rights in relation to the personal data we hold about you. Please note that we will require you to verify your identification before responding to any requests to exercise your rights. We may also have legal reasons to refuse your request. In such instances, we will let you know. The following rights, which we will always work to uphold:

  • the right of access to the personal data we hold about you, who we may share it with and how we use it.
  • the right to rectification is the right to have your personal data rectified, if you feel any of the personal data held by us is inaccurate or incomplete.
  • the right to erasure or right to be forgotten, you may have the right to ask us to delete or otherwise dispose of any of your personal data that we have, if you believe that we no longer need to process your data for the purposes for which it was provided or we have requested your permission to process your data and you wish to withdraw your consent. Please provide as much detail as possible on your reasons for the request to assist us in determining whether or not you have a valid basis for erasure.
  • the right to restriction of processing to storage, i.e. the right to restrict us from processing the personal data we hold about you in the following scenarios:
    • if you want us to establish the data accuracy;
    • where our use of the data is unlawful but you do not want us to erase it;
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • the right to be informed about our collection and use of your personal data. This notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  • the right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means. You can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • the right to object to us using your personal data for a particular purpose, including direct marketing purposes.
  • right not to be subject to a decision based solely on automated processing. We do not use your personal data in this way.
  • Lodge complaints, if you wish to raise a complaint on how we have handled your data you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have, however you can also contact the Information Commissioners Office. For more information visit

Right to withdraw consent

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

To exercise any of the above rights, please write to:

Data Protection Officer
Moore Kingston Smith LLP
6th floor
9 Appold Street
London EC2A 2AP

Third-party websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. Please check these notices before you submit any personal data to these websites.

Locations of processing

Your personal data will be treated in accordance with the GDPR and may be transferred to and stored at a destination within the European Economic Area (‘EEA’). If personal data is transferred outside the EEA to a country without a designated adequacy rating, we will request the data subject’s consent before processing the data. Consent will not be sought where the processor’s Binding Corporate Rules, Standard Contractual Clauses or adhoc contractual clauses stipulate that the data will be processed in accordance with the GDPR.

When we do so, we implement appropriate safeguards in accordance with our legal obligations to ensure that your personal data is adequately protected irrespective of the country to which it is transferred. These safeguards include contractual arrangements and security mechanisms to safeguard the data and comply with our data protection, confidentiality and security standards.

Security of your data

We take the security of all the data we hold seriously; we have implemented security measures to prevent your personal data from accidental loss, damage, unauthorised use, access, alteration or disclosure. We maintain physical, technical, administrative safeguards and update and test our security technology on an ongoing basis. We restrict access to your personal data to those MKS People who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your data.

How long we store your personal data for

We store your personal data in accordance with our data retention schedule. We will only retain your personal data for as long is necessary to fulfil the purposes we collected it for, including as required by applicable law or regulation. Upon expiry of the applicable retention period we will securely destroy your personal data.

Changes to this privacy notice

This privacy notice was last updated in March 2024.


Cyber Essentials Plus Logo

Get in touch

How did you hear about us?