Fixed fees • Clear scope • Ireland-wide

Privacy Policy

This Privacy Policy explains how EBR Accounting & Tax (“we”, “us”, “our”) collects and uses personal data when you visit our website, contact us, or use our accounting and tax services.

We aim to keep this policy clear and short. If you become a client, we will also provide an engagement letter and related documents that explain service-specific processing and statutory obligations.

1. Who we are

Business name: EBR Accounting & Tax
Business address: 77 Lower Camden Street, Saint Kevin’s, Dublin, D02 XE80, Ireland
Email: info@ebr.ie
Website:  ebr.ie

We provide accounting, bookkeeping, tax compliance and related advisory services in Ireland. We are regulated by Chartered Accountants Ireland for public practice and comply with applicable anti-money laundering (AML) obligations.

2. Personal data we collect

We only collect what we need to operate the website and provide our services. Depending on how you interact with us, we may collect:

  • Website enquiries: name, email address, phone number (if provided), and the contents of your message.
  • Client service data: contact details and the information needed to provide accounting and tax services (for example invoices, receipts, bank statements, payroll details, tax records and Revenue correspondence).
  • Identity and verification data (AML/KYC): photo ID and proof of address, and (where relevant) business ownership and control information.
  • Website technical data: basic logs and device information (such as IP address, browser type and pages accessed) for security and troubleshooting.
  • Special category data: only where strictly necessary for a tax/legal purpose you ask us to handle (e.g. medical expense receipts), and where required we rely on your explicit consent and appropriate safeguards.

We usually receive personal data directly from you. In some cases, we may also receive limited information from public registers or authorities (for example Revenue or CRO) where you ask us to act on your behalf.

3. Why we use your data (and our legal bases)

We process personal data only where we have a lawful basis under GDPR. In most cases this will be:

  • Contract: to provide the services you request and manage the engagement.
  • Legal obligation: to meet legal and regulatory requirements (for example Revenue record-keeping obligations and AML legislation).
  • Legitimate interests: to run our practice efficiently and securely (for example responding to enquiries, maintaining business records, preventing fraud, and improving service quality).
  • Consent: where you actively choose an optional feature (for example non-essential cookies or marketing communications). You can withdraw consent at any time.

If you choose not to provide information we reasonably need (for example to respond to an enquiry or to complete a filing), we may be unable to proceed.

We do not carry out automated decision-making (including profiling) that produces legal or similarly significant effects.

4. Who we share personal data with

We do not sell your personal data. We share it only where necessary to run our practice, to provide services you request, or where we are required by law.

  • IT and business service providers who support our systems (for example email, secure storage/backup, practice software, website hosting and payment processing). They act under contract and must protect personal data.
  • Public bodies and authorities where required or where you ask us to make filings (for example the Revenue Commissioners and the Companies Registration Office (CRO)).
  • Our professional body/regulator (Chartered Accountants Ireland) in the context of practice review, AML supervision or regulatory enquiries (where applicable).
  • Professional advisers you ask us to liaise with (for example your solicitor, bank or financial adviser).
  • Law enforcement or other competent authorities where we are legally required to disclose information (including AML reporting obligations).

We can provide a list of our current key service providers on request.

5. International transfers

Some service providers may process data outside the European Economic Area (EEA). Where this happens, we use appropriate safeguards required by GDPR (for example Standard Contractual Clauses).

6. How long we keep personal data

We keep personal data only as long as needed for the purpose it was collected for, and in line with legal and professional obligations. Typical retention periods are:

  • Website enquiries / quote requests: up to 12 months after our last contact, then deleted or anonymised (unless you become a client or we need to keep it to establish, exercise or defend legal claims).
  • Website security/server logs: typically 30–90 days (security and troubleshooting).
  • Cookie consent record: 6 months.
  • Analytics (Google Analytics 4) data: up to 14 months.
  • Client accounting and tax records: up to 10 years (to meet Revenue and professional record-keeping expectations).
  • Client communications (emails and business correspondence): kept with the client engagement file for up to 10 years.
  • AML/KYC records: at least 5 years after the end of the client relationship (statutory AML retention).

In some cases, we may retain information for longer where required by law, professional/regulatory obligations, or to establish, exercise or defend legal claims.

7. Your rights

Under GDPR you have rights including: access, rectification, erasure (where applicable), restriction, objection, and data portability. You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC). See dataprotection.ie for guidance.

To exercise your rights, contact us at info@ebr.ie. We may need to verify your identity before responding. We normally respond within one month.

8. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption for sensitive data, and multi-factor authentication on key systems. We also maintain backups and incident-response procedures.

WhatsApp Business (optional): We may use WhatsApp Business for short messages/calls if you choose, but we do not accept client records or documents via WhatsApp. Please do not send PPSNs, identity documents, or full bank/Revenue statements via WhatsApp.

9. Cookies Policy

We use strictly necessary cookies to make this website work properly and securely (for example, to support basic site functions, help prevent spam, and remember your cookie preferences).

With your permission, we use analytics cookies (Google Analytics 4) to understand website traffic and improve the site. We do not use marketing/advertising cookies and we do not run behavioural advertising.

You can manage cookies in two ways:

  • Cookie Preferences: use the link in the website footer to accept or refuse non-essential cookies.
  • Browser settings: you can also control or delete cookies in your browser settings. Disabling some cookies may affect how the website works.

See our Cookies Policy page.

10. Changes to this Notice

We may update this Privacy Policy from time to time. The latest version will always be published on our website.
If you have any questions about this Notice or our data practices, please contact us at info@ebr.ie.

Last updated: 2026-03-02