Malone Lynchehaun Ltd is a limited company (NI603483) which operates from 12 New Street, Newry BT 35 6JD and 12 Causeway Road, Newcastle, BT33 0DL.

We provide accountancy services, tax & VAT, payroll, audit and business consultancy.

In order to comply with our responsibilities under the General Data Protection Regulations 2016, we have an obligation to ensure we are clear with how your data is handled while in our possession.

This policy provides details on what information and data we collect from our clients in relation to our business activities, why we need it, what we do with it, what we won’t do with it and your rights in relation to our processing of this information.

We are committed to protecting your personal data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR).

We process personal data for several purposes and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

Our policy is to collect only the personal data necessary for agreed purposes and we ask clients to only share personal data where it is strictly needed for those purposes. We collect personal data from our clients or from third parties acting on the instructions of the relevant client.

We process personal data to provide professional services such as tax advice, general or specific business advice as part of the range of services we offer. We also process personal data in the administration and management of our business.

Your business contact details are used to provide you with information about our services and other information which we think will be of interest to you, unless you tell us not to.

We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

For all clients, we are obliged to obtain Customer Due Diligence information under Anti Money Laundering legislation. This data includes copies of passports (or similar photographic ID) which record the date of birth and nationality of clients, and utility bills (or similar) which provide evidence of the home address. This is considered to be personal data.

Personal data processed is kept by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our retention policy period for records and other documentary evidence created in the provision of services is 7 years.

We take the security of your data we hold seriously. We have a policy including procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the  data we hold secure.

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put security mechanisms in place to protect your data. Here are some examples of how we will share your data when we are legally permitted to do so:

Tax authorities:

We may share information and documentation with foreign tax authorities to establish your liability to tax in any jurisdiction.

Where a client is tax resident in another jurisdiction has certain reporting obligations to HM Revenue and Customs (HMRC) under the Common Reporting Standard. HMRC will then exchange this information with the jurisdiction of tax residence of the member.

We shall not be responsible to you or any third party for any loss incurred as a result of us taking such actions. The legal basis upon which we do this is compliance with HM Revenue and Custom’s Automatic Exchange of Information standard.

Regulatory and statutory requirements:

To meet our duties to regulators (CAI) we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a client. We may also share information with certain statutory bodies such as Department for the Economy (DfE) and Financial Ombudsman Service (FOS) if required by law.

Compliance with our anti-money laundering and combating terrorist financing obligations:

The information provided by you will be used for compliance with our customer due diligence and screening obligations under  anti-money laundering and combating terrorist financing obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and associated legislation.

Under the DPA (2018) and GDPR, Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.


You have a right to access your personal data held by us and you can exercise that right by contacting us below. Our aim is to respond a request promptly and within the legally required limit of 40 days.


The staff of Malone Lynchehaun Ltd has access to the information you provide to us. The information they have access to is controlled and they can only access information required to ensure the services we provide to our clients are met.

We use third party software in our day to day activities including for cloud storage and accounting. We have confirmed that these suppliers are fully GDPR compliant. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes unless they are deemed to be controllers in their own right.

We will not share your information with any other third parties without your knowledge and consent.


We will endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure. Examples of these safeguards include password protected encrypted computers, 2 step authentication and ESET anti virus software


If you wish to update personal data submitted to us, please contact us below. Once we are informed that any personal data heldby us is no longer accurate we will make changes based on your updated information.


Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us below.


This statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability. For  further information on these rights please contact us below.


Our clients can request details of the information held by the company which relates to them. We may need to verify your identity if we have reasonable doubts as to who you are. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

They can do this by contacting Aidan Malone, the company’s Data Protection Officer. If at any time a client is unhappy with how the company has processed or processes their data, wishes to make alterations to any data which they believe is incorrect or irrelevant or wishes to stop receiving marketing information from us they can do this by contacting Aidan Malone by phone or email.

If you feel your request was not handled or dealt with correctly by the company, you may raise the issue with the Information Commissioner’s Office. You can contact them on 0303 123 1113.


Make An Enquiry

Or call us now 028 3026 8050