Updated 15 September 2019
What type of information we have
We currently collect and process the following information:
Individual details: name, address (and proof of address), contact details (e.g. telephone number, e-mail address and social media contact details), marital status, family details, date and place of birth, country of residence, employer, job title and employment history.
Financial information: bank account number and account details, income, expenditure, investment interests, pension details, tax details, payroll information, details of assets owned.
Sensitive personal data:
We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include:
- Dietary restrictions or access requirements communicated when setting up meetings or when registering for in-person events, that reveal religious beliefs or physical health.
- Personal identification documents that may reveal race or ethnic origin of private individuals, beneficial owners of corporate entities, or applicants.
- Expense receipts submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
- Information provided to us by our clients in the course of a professional engagement.
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Establishing client relationships, including: fraud, anti-money laundering and sanction checks.
- General client care, including communicating with clients.
- Complying with our legal and regulatory obligations.
- Providing professional advice and delivering reports related to our bookkeeping, management accounting, financial reporting and tax services.
We also receive personal information indirectly, from the following sources in the following scenarios:
- Individuals’ employers, where the information is required for tax or accounting purposes.
- Tax information from the tax authorities, where we require the information to perform agreed professional services to clients.
- Companies House, where the information is required for tax or accounting purposes.
- Sanctions lists, on-line searches and other third-party databases for the purposes of client due diligence checks.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Contractual obligation – we may process personal data in order to perform our contractual obligations to clients for agreed services.
(b) We have a legal obligation – we may process personal data in order to meet legal or regulatory requirements.
(c) Consent – we may rely on your freely given consent at the time you provided your personal data to us. You are able to remove your consent at any time. You can do this by writing to: firstname.lastname@example.org.
What we do with the information we have
We use the information that you have given us in order to provide professional services agreed with our clients, including: bookkeeping, management accounting, financial reporting and preparation of tax returns. We also use the information to fulfil legal and regulatory obligations in relation to providing the above services.
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:
- Parties that support us as we provide our services (e.g. archiving services, document production services and cloud-based software services).
- Our professional advisers, including lawyers and insurers.
- Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
How we store your information
Your information is securely stored at our registered office, or with one of our approved service providers as detailed above. We do not store data or transfer data outside of the EEA.
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for seven years. We will dispose of personal data in a secure manner when we no longer need it.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com, 01732 617228 or at our registered office 24 Mabledon Road, Tonbridge, TN9 2TQ if you wish to make a request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113