GDPR – PRIVACY NOTICE
Important Information about the General Data Protection Regulation
On 25th May 2018, the General Data Protection Regulation (GDPR), a new Europe-wide data protection regulation came into effect. This new regulation seeks to strengthen and unify data protection for all individuals within the European Union and grants new and enhanced rights for individuals in relation to their personal information.
- How we process personal data
For people who contact us through our website
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal data will become part of your file with us. If you do not become a client, we will delete your personal data 6 months after your last contact with us.
For people whose information we received from one of our clients
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of 7 years because we believe we have a legal responsibility to retain it for this period.
- Whom we share data with
We share your personal data with our IT service providers, including our accounting software provider and our cloud data storage provider. These providers are not permitted to use this data, except on our behalf. We may share your personal data with advisors who are subject to rules of confidentiality. We may also be obliged to provide access to your personal data to regulators, including our professional body.
If we received your personal data from one of our clients, then we also share your personal data with that client.
We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.
- Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
- Your rights
You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:
• Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• Right to rectification– you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
• Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
• Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.