Effective Date: July 1, 2025
Last Updated: September 15, 2025

1. Purpose and Scope

This Data Protection & Privacy Policy describes how Advington Stone Tax Advisors (“the Firm”, “we”, “our”, or “us”) collects, uses, stores, and protects client information. This policy applies to all partners, employees, contractors, and third parties who have access to taxpayer data and client records.

This policy fulfills our obligations as a firm operated by an Enrolled Agent under Circular 230 and complies with the FTC Safeguards Rule and Gramm-Leach-Bliley Act (“GLBA”).

2. Types of Information We Collect

We collect and maintain the following types of personally identifiable information (PII) and taxpayer data in the course of providing tax preparation and advisory services:

• Names, addresses, phone numbers, email addresses

• Social Security Numbers, Taxpayer Identification Numbers

• Dates of birth and marital status

• Income, wage, and tax return information

• Bank account and routing numbers (for refunds or payments)

• Copies of prior tax returns and tax correspondence

3. Use of Information

Client information is used solely for the following purposes:

• Preparation and filing of federal, state, and local tax returns

• Providing tax advisory and planning services

• Communicating with clients regarding their tax matters

• Maintaining required records for legal and regulatory compliance

We do not sell, rent, or share client data with unauthorized third parties for marketing or other unrelated purposes.

4. Data Security and Confidentiality Safeguards

We maintain administrative, technical, and physical safeguards to protect taxpayer data against unauthorized access, disclosure, alteration, or destruction.

Administrative Safeguards

• All staff are trained annually on data privacy, confidentiality, and IRS security guidelines.

• Access to client data is granted on a need-to-know basis and revoked promptly when no longer needed.

• Employees and contractors sign confidentiality and nondisclosure agreements.

Technical Safeguards

• All workstations use full-disk encryption, antivirus software, and automatic security updates.

• Passwords are strong, unique, and changed regularly.

• Multi-factor authentication (MFA) is enabled for all systems that support it.

• Encrypted email or secure portals are used to transmit sensitive data.

• Our tax software, TaxAct Professional, and practice management platform, TaxDome, are cloud-based solutions that use bank-level encryption and secure data centers.

Physical Safeguards

• Paper files, if any, are stored in locked cabinets in secured premises.

• Office premises are protected by key-based access and alarm systems.

• Paper records are shredded when no longer needed.

5. Data Retention and Disposal

• We retain client tax records for a minimum of seven (7) years or as required by law.

• Electronic files are securely deleted, and paper documents are cross-cut shredded when the retention period ends.

• Backup data is encrypted and stored securely, then destroyed when no longer required.

6. Third-Party Service Providers

We may engage third-party service providers (e.g., cloud hosting, electronic signature providers, e-file transmission services) who may have access to limited client data strictly for the purpose of providing contracted services.

All such providers are required to:

• Maintain equivalent data security standards

• Sign confidentiality agreements

• Comply with all applicable privacy and security laws

7. Client Rights and Access

Clients have the right to:

• Request a copy of the personal information we hold about them

• Request corrections to inaccurate or incomplete information

• Request deletion of data when it is no longer needed (subject to record retention requirements)

To exercise these rights, clients may contact us using the contact information below.

8. Breach Response Plan

If a data breach occurs, we will:

• Immediately investigate and contain the incident

• Notify affected clients without undue delay

• Notify the Internal Revenue Service and other regulatory agencies as legally required

• Document the incident and corrective actions taken

9. Policy Review and Updates

This policy is reviewed at least annually and updated as necessary to reflect changes in laws, regulations, technology, or our practices.

10. Contact Information

If you have questions or concerns regarding this policy or our data practices, please contact:

Advington Stone Tax Advisors
Email: support@advington.com
Phone: 516-205-7369
Mailing Address: 33 King Edwards Gardens, London, UK, W39RF

Acknowledgment

All staff and contractors must acknowledge they have read and agree to comply with this policy as a condition of access to client data.