Crownstead Services
Data Retention & Data Protection Policy
Crownstead Services — Crownstead Ltd
Last updated: 6 November 2025
1. About This Policy
This Data Retention & Data Protection Policy explains:
How long Crownstead retains personal data and documents
How client data is stored, protected, and deleted
Your rights under the Data Protection Act 2018 and UK GDPR
This policy applies to all services provided by Crownstead Services (trading name of Crownstead Ltd).
Crownstead Services is a trading name of Crownstead Ltd, registered in England and Wales (Company No. 16726582).
2. Why We Hold Your Data
We only retain personal data for:
Carrying out Business Rates audits
Processing HMRC tax refund claims
Compliance with legal and regulatory requirements
Responding to complaints or queries
We do not sell, rent, or trade personal data.
3. How Long We Keep Your Data (Retention Periods)
| Type of Data | Examples | Retention Period | Legal / Operational Basis |
|---|---|---|---|
| Client claim/audit files | LOA, nomination/assignment, evidence submitted, communication records | Up to 7 years from closure of case | HMRC, accounting & legal requirement |
| Financial transactions | Payment records, invoices, refunds, fee calculations | 7 years | HMRC statutory record keeping |
| Complaints-related documentation | Investigation notes, final response, escalations | 6 years | RICS complaint handling compliance |
| Marketing enquiries | Contact form submissions, request callbacks | 12 months or until consent withdrawn | Legitimate interest |
| Inactive or incomplete leads | Forms not pursued | 90 days | Data minimisation / GDPR |
After the retention period expires, your data will be securely deleted or anonymised.
4. Data Security & Protection
We use secure servers, encrypted storage, and restricted user access to protect personal information.
Security measures include:
Encryption in transit and at rest (SSL/TLS)
Password-protected internal systems
Access control & role-based permissions
Monitoring and auditing of data access
Where refunds are handled (e.g., via nomination), funds are processed only through secure and monitored business accounts.
5. Sharing Data
We only share personal data with:
HMRC or Local Authorities (when processing your claim)
Providers or surveyors (if required for Business Rates valuations)
Professional advisors (legal, accountancy, or regulatory)
Approved debt collection partners (only if fees remain unpaid per T&Cs)
Where debt is assigned for collection, we only share the minimum information necessary, in compliance with UK GDPR.
We never sell data to marketing companies.
6. Your Rights
Under UK GDPR, you have the right to:
Request access to your personal data
Request correction of inaccurate data
Request deletion (in certain circumstances)
Object to processing
Ask us to restrict or stop using your data
- Request transfer of your data (data portability)
Requests can be made via:
We respond to all requests within 30 days.
7. Deleting Your Data Early (Right to Erasure)
Where legally permitted, we will delete your data upon request.
However, we may be required to retain certain documents to:
fulfil contractual obligations,
comply with HMRC record-keeping laws, or
handle a potential complaint or dispute.
8. Contact Details
Data Protection Contact
Crownstead Ltd
1 Dock Street
Leeds, LS10 1NA
Email: info@crownstead.co.uk
9. ICO (Information Commissioner’s Office)
Crownstead Ltd is registered with the ICO (Information Commissioner’s Office).
If you are unhappy with how we handle your data, you can complain to the ICO: www.ico.org.uk
Talk To the team
Call us free on 0113 4032675 or complete the form below, and a member of The Crownstead Services team will be in touch.
