The corporation tax rate was set at 19% to 31 March 2023.  From 1 April 2023 profits over £250k will be taxed at 25%, with profits under £50k being taxed at 19%, and profits between £50k-£250k being taxed at a marginal rate.  

Personal allowance for 2024-25 is £12,570

Personal allowance for 2023-24 is £12,570

Personal allowance for 2022-23 was £12,570

Capital gains annual exemption for 2024/25 is £3,000.   2023/24 it was £6,000 reducing from £12,300 in 2022/23

If selling a rental property with gains subject to capital gains tax, you must now declare this to HMRC within 60 days of selling the property.

HMRC have different accounts and ways to pay.  The easiest way to get up to date information is to google 'pay HMRC for SA or CT etc), this will then provide the link and ifnormation to assist you further.

For 2024/25 the annual pension allowace is £60k.

PRIVACY POLICY

This Privacy Policy applies between you, the User of this Website, and Arubus Limited, the owner and provider of this Website. Arubus Limited takes the privacy of your information very seriously. This Privacy Policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website.

Please read this Privacy Policy carefully.

Definitions and Interpretation

1. In this Privacy Policy, the following definitions are used:

Data collectively all information that you submit to Arubus Limited via the Website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws;

Data Protection Laws any applicable law relating to the processing of personal Data, including but not limited to the GDPR, and any national implementing and supplementary laws, regulations and secondary legislation;

GDPR the UK General Data Protection Regulation;

Arubus Limited, we  or us

  Arubus Limited, a company incorporated in England and Wales with registered number 11228819 whose registered office is at The Old Smithy, Stocktons Courtyard, Overbury,   Gloucestershire,  GL20 7NT; 

User or you any third party that accesses the Website and is not either (i) employed by Arubus Limited and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Arubus Limited and accessing the Website in connection with the provision of such services; and

Website the website that you are currently using, www.arubus.co.uk, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

2. In this Privacy Policy, unless the context requires a different interpretation:

a. the singular includes the plural and vice versa;

b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Privacy Policy;

c. a reference to a person includes firms, companies, government entities, trusts and partnerships;

d. "including" is understood to mean "including without limitation";

e. reference to any statutory provision includes any modification or amendment of it;

f. the headings and sub-headings do not form part of this Privacy Policy.

Scope of this Privacy Policy

3. This Privacy Policy applies only to the actions of Arubus Limited and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

4. For purposes of the applicable Data Protection Laws, Arubus Limited is the "data controller". This means that Arubus Limited determines the purposes for which, and the manner in which, your Data is processed.

Data Collected

5. We may collect the following Data, which includes personal Data, from you:

a. name;

b. date of birth;

c. gender;

d. job title;

e. contact Information such as email addresses and telephone numbers;

f. demographic information such as postcode, preferences and interests;

g. financial information such as credit / debit card numbers;

in each case, in accordance with this Privacy Policy.

How We Collect Data

6. We collect Data in the following ways:

a. data is given to us by you; and

b. data is collected automatically.

Data That is Given to Us by You

7. Arubus Limited will collect your Data in a number of ways, for example:

a. when you contact us through the Website, by telephone, post, e-mail or through any other means;

b. when you elect to receive marketing communications from us;

in each case, in accordance with this Privacy Policy.

Data That is Collected Automatically

8. To the extent that you access the Website, we will collect your Data automatically, for example:

a. we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

Our Use of Data

9. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:

a. internal record keeping;

in each case, in accordance with this Privacy Policy.

10. We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights" below).

Who We Share Data With

11. We may share your Data with the following groups of people for the following reasons:

a. our employees, agents and/or professional advisors - to obtain advice from professional advisers;

b. third party service providers who provide services to us which require the processing of personal data - to help third party service providers in receipt of any shared data to perform functions on our behalf to help ensure the website runs smoothly;

c. relevant authorities - to facilitate the detection of crime or the collection of taxes or duties;

in each case, in accordance with this Privacy Policy.

Keeping Data Secure

12. We will use technical and organisational measures to safeguard your Data, for example:

a. access to your account is controlled by a password and a user name that is unique to you.

b. we store your Data on secure servers.

c. payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology.

13. We are certified to ISO 27001. This family of standards helps us manage your Data and keep it secure.

14. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: bonnie@arubus.co.uk.

15. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Data Retention

16. Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request that the Data be deleted.

17. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

Your Rights

18. You have the following rights in relation to your Data:

a. Right to access - the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

b. Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.

c. Right to erase - the right to request that we delete or remove your Data from our systems.

d. Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.

e. Right to data portability - the right to request that we move, copy or transfer your Data.

f. Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.

19. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: bonnie@arubus.co.uk.

20. If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.

21. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

Links to Other Websites

22. This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the Privacy Policy or statement of other websites prior to using them.

Changes of Business Ownership and Control

23. Arubus Limited may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Arubus Limited. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

24. We may also disclose Data to a prospective purchaser of our business or any part of it.

25. In the above instances, we will take steps with the aim of ensuring your privacy is protected.

General

26. You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected.

27. If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

28. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

29. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to This Privacy Policy

30. Arubus Limited reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Privacy Policy on your first use of the Website following the alterations.   You may contact Arubus Limited by email at bonnie@arubus.co.uk.

DATA PROCESSING AGREEMENT

This Data Processing Agreement (DPA) is made on the date of last signature below between:

Parties

1. Arubus Limited a company incorporated in England and Wales under No. 11228819 whose registered office is at The Old Smithy Stocktons Courtyard, Overbury, Gloucestershire, GL20 7NT, England (Supplier);

2. Our client. (Customer).

(each a party and together the parties)

Background

3. The Supplier is a provider of Accountancy and taxation services as set out in our engagement letter (Services).

4. The parties have agreed to enter into this DPA in relation to the processing of personal data by the Supplier in the course of providing the Services. The terms of this DPA are intended to apply in addition to and not in substitution of the terms of the Agreement.

AGREEMENT

Meanings

1. In this DPA, the following words are defined:

Affiliate any entity that directly or indirectly controls, or is controlled by, or is under common control with the subject entity. 'Control' for the purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

Data Protection Law a. all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom applicable to the Processing of Personal Data under the Agreement, including, but not limited to EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR; and

b. to the extent applicable, the data protection or privacy laws of any other country. 

GDPR a. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the EU GDPR); and

b. the EU GDPR as implemented or adopted under the laws of the United Kingdom (UK GDPR) (General Data Protection Regulation).

Personnel in relation to a party, those of its employees, workers, agents, consultants, contractors, sub-contractors, representatives or other persons employed or engaged by that party on whatever terms.

Sub-processor any entity (whether or not an Affiliate of the Supplier, but excluding the Supplier’s Personnel) appointed by or on behalf of the Supplier to process Personal Data on behalf of the Customer under this DPA.

Working Day any day, other than a Saturday, Sunday, or public holiday in England and Wales.

2. Terms such as “Data Subject”, “Processing”, “Personal Data”, “Controller”, and “Processor”, "Supervisory Authority" and "Personal Data Breach" shall have the same meaning as ascribed to them in the Data Protection Law.

3. In this DPA unless the context requires a different interpretation:

a. the singular includes the plural and vice versa;

b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this DPA;

c. a reference to a person includes firms, companies, government entities, trusts ad partnerships;

d. 'including' is understood to mean 'including without limitation';

e. reference to any statutory provision includes any modification or amendment of it; 

f. the headings and sub-headings do not form part of this DPA; and

g. 'writing' or 'written' will include fax and email unless otherwise stated.

Processing Customer Personal Data

4. For the purpose of Data Protection Law, the Customer shall be the Controller and the Supplier shall be the Processor.

5. The Supplier and each Supplier Affiliate shall:

a. comply with all applicable Data Protection Law in the Processing of Customer Personal Data; and

b. only Process Personal Data on the Customer's documented instructions, unless Processing is required by any applicable law to which the Supplier is subject (in which case, the Supplier shall, to the extent permitted by applicable law, inform the Customer of such legal requirement before undertaking the Processing).

6. The Supplier and each Supplier Affiliate shall take reasonable steps to ensure the reliability of Personnel who have access to the Personal Data, ensuring in each case that such Personnel is subject to a strict duty of confidentiality (whether a contractual or statutory duty) and that they Process the Personal Data in compliance with all applicable law and only for the purpose of delivering the Services under the Agreement.

Security

7. The Supplier will establish data security in relation to the Processing of Personal Data under this DPA. The measures to be taken must guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the systems. The state of the art, implementation costs, the nature, scope and purposes of the Processing, as well as the probability of occurrence and the severity of the risk to the rights and freedoms of natural persons must be taken into account. Such measures may include, as appropriate:

a. the pseudonymisation and encryption of Personal Data;

b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and

d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.

8. In assessing the appropriate level of security, the Supplier shall take into account any risks that are presented by the Processing, in particular, from a Personal Data Breach.

9. The Supplier has laid down the technical and organisational measures in Schedule 2 of this DPA. Technical and organisational measures are subject to technical progress and further development. In this respect, the Processor may implement alternative adequate measures from time to time and shall notify the Customer in writing where it has done so.

Sub-Processors

10. The Customer authorises the Supplier and each Supplier Affiliate to appoint the Sub-processors listed in Schedule 3 (if any) and any new Sub-processors in accordance with the subsequent provisions.

11. With respect to each Sub-processor, the Supplier, or the Supplier Affiliate shall:

a. carry out appropriate due diligence prior to the Processing by such Sub-processor to ensure that the Sub-processor is capable of providing the level of protection for Personal Data required by the terms of the Agreement and this DPA;

b. enter into a written agreement with the Sub-processor incorporating terms which are substantially similar (and no less onerous) than those set out in this DPA and which meet the requirements of Article 28(3) of UK GDPR; and

c. remain fully liable to the Customer for all acts or omissions of such Sub-processor as though they were its own.

12. The Supplier and each Supplier Affiliate may continue to use Sub-processors already engaged by the Supplier or Supplier Affiliate as at the date of this DPA subject to the Supplier or Supplier Affiliate meeting the obligations set forth in the preceding clause as soon as reasonably practicable.

13. The Supplier shall give the Customer prior written notice of the appointment of any new Sub-processor, including the name of the Sub-processor it seeks to appoint and the Processing activity to be undertaken by the Sub-processor.

14. If within 30 days of receipt of notice under the preceding clause, the Customer (acting reasonably and in good faith) notifies the Supplier in writing of any objections to the proposed appointment:

a. the parties will work in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of the proposed Sub-processor without unreasonably burdening the Customer; and

b. where such a change cannot be made within 30 days of the Supplier's receipt of the Customer's notice, the Customer may, notwithstanding the terms of the Agreement, serve written notice on the Supplier to terminate the Agreement to the extent that the provision of the Services is or would be affected by the appointment.

Data Subject Rights

15. Taking into account the nature of the Processing, the Supplier and each Supplier Affiliate shall assist the Customer in implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising Data Subjects' rights under the Data Protection Law.

16. The Supplier shall:

a. promptly (and in any event, within 24 hours) notify the Customer if it (or any of its Sub-processors) receives a request from a Data Subject; and

b. fully cooperate with and assist the Customer in relation to any request made by a Data Subject,

under the Data Protection Law in respect of Personal Data Processed by the Supplier under the terms of the Agreement or this DPA.

Personal Data Breaches

17. The Supplier shall:

a. notify the Customer without undue delay (in any event, no later than 72 hours) upon becoming aware of any Personal Data Breach affecting the Personal Data Processed by the Supplier under this DPA;

b. provide sufficient information to enable the Customer to evaluate the impact of such Personal Data Breach and to meet any obligations on the Customer to report the Personal Data Breach to a Supervisory Authority and/or notify the affected Data Subjects in accordance with the Data Protection Law;

c. provide the Customer with such assistance as the Customer may reasonably request; and

d. cooperate with the Customer and take such reasonable commercial steps (as directed by the Customer) to assist in the evaluation, investigation, mitigation and remediation of each such Personal Data Breach.

Data Protection Impact Assessment and Prior Consultation

18. The Supplier and each Supplier Affiliate shall provide reasonable assistance to the Customer with any data protection impact assessments and prior consultations with Supervisory Authorities or other competent authorities which the Customer considers necessary pursuant to Articles 35 and 36 of the UK GDPR.

19. Such assistance from the Supplier shall be limited, in each case, to the Processing of Personal Data under this DPA.

Return and Deletion of Personal Data

20. Subject to the subsequent clause, the Supplier and each Supplier Affiliate shall promptly and in any event, within 30 days of the expiry or termination of the Agreement, delete or return all copies Personal Data Processed by the Supplier and/or its Sub-processors on behalf of the Customer by such means as the parties shall agree in writing.

21. The Supplier (and its Sub-processors) may retain Personal Data Processed under this DPA to the extent required by any applicable law to which the Supplier (or any Sub-processor) is subject and only to the extent and for such period as required by applicable law. Where applicable, the Supplier shall notify the Customer of any such requirement and ensure the confidentiality of such Personal Data. Any Personal Data Processed under this DPA and retained by the Supplier (or any Sub-processor) in accordance with this clause shall be not Processed for any other purpose other than the purpose specified in the applicable laws.

22. The Customer may require the Supplier to provide written certification confirming that it has complied in full with its obligations under this section entitled 'Return and deletion of personal data.'

Audits

23. The Supplier and each Supplier Affiliate shall make available to the Customer on request all information necessary to demonstrate compliance with this DPA.

24. The Supplier shall allow for and contribute to audits, including inspections, by the Customer (or any other auditor mandated by the Customer) in relation to the Processing of Personal Data under this DPA.

25. The Customer (or any other auditor mandated by the Customer) shall give the Supplier or Supplier Affiliate reasonable notice of any audit or inspection, and shall make all reasonable endeavours to avoid causing any damage, injury or disruption to the Supplier or Supplier Affiliate's premises, equipment, personnel and business in the course of the audit or inspection.

26. Such audit rights may be exercised only once in any calendar year during the term of the Agreement and for a period of 3 years following the expiry or termination of the Agreement.

Liability

27. Nothing in this DPA limits or excludes either party's liability for death of personal injury caused by its negligence, or fraud or fraudulent misrepresentation.

28. Subject to the preceding clause, the total liability of either party to the other for any non-compliance with this DPA shall be subject to any limitation regarding monetary damages set forth in the Agreement.

General Terms

29. Except in respect of any provision of this DPA that expressly or by implication is intended to come into or continue in force on or after the expiry or termination of the Agreement, this DPA shall be coterminous with the Agreement.

30. No party may assign, transfer or sub-contract to any third party the benefit and/or burden of the DPA without the prior written consent (not to be unreasonably withheld) of the other party.

31. No variation of the DPA will be valid or binding unless it is recorded in writing and signed by or on behalf of both parties.

32. No variation of the Agreement will be valid or binding unless it is recorded in writing and signed by or on behalf of both parties.

33. The Contracts (Rights of Third Parties) Act 1999 does not apply to the DPA and no third party has any right to enforce or rely on any provision of the DPA.

34. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

35. If any court or competent authority finds that any provision (or part) of the DPA is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of the DPA will not be affected.

36. Any notice (other than in legal proceedings) to be delivered under the DPA must be in writing and delivered by pre-paid first class post to or left by hand delivery at the other party’s registered address or place of business, or sent by fax to its main fax number. Notices:

a. sent by post will be deemed to have been received, where posted from and to addresses in the United Kingdom, on the second Working Day and, where posted from or to addresses outside the United Kingdom, on the tenth Working Day following the date of posting;

b. delivered by hand will be deemed to have been received at the time the notice is left at the proper address; and

c. sent by fax will be deemed to have been received on the next Working Day after transmission.

Governing Law and Jurisdiction

37. This DPA will be governed by and interpreted according to the law of England and Wales and all disputes arising under the DPA (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.

Schedule 1 - Processing Activities

This Schedule 1 includes certain details of the Processing of Personal Data as required by Article 28(3) UK GDPR. The subject matter and duration of the Processing of the Personal Data are set out in the Agreement and this DPA.

The nature and purpose of the Processing of Personal Data

The Supplier will Process Personal Data as necessary to provide the Services pursuant to the Agreement, and as further instructed by the Customer in its use of the Services.

The types of Personal Data to be Processed

The Customer may submit Personal Data to the Services, the extent of which, is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following types of Personal Data:

• Personal details

• Personal details issued as an identifier by a public authority

• Family, lifestyle and social circumstances

• Employment details

• Financial information

The categories of Data Subject to whom the Personal Data relates

The Customer may submit Personal Data to the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:

• Staff, including volunteers, temporary and casual workers

• Customers (including their staff)

• Clients (including their staff)

• Suppliers (including their staff)

The obligations and rights of Customer and Customer Affiliates

The obligations and rights of the Customer (and any Customer Affiliates) are set out in the Agreement and this DPA.

Schedule 2 - Technical and Organisational Measures

The Supplier will conduct the activities covered by this DPA in compliance with its Information Security Policy, available from the Data Protection Officer or another person responsible for data protection compliance, and relevant data protection policies and guidance, available from the Data Protection Officer or another person responsible for data protection compliance. 

The Supplier also has the following technical and organisation measures in place:

• A Data Protection Officer has been appointed, who is responsible for ensuring data protection compliance within the business.

Schedule 3 - Sub-Processors

NONE 

TBC