We comply with the EU GDPR regarding data protection.
On our website, we do not collect or process any personal data from visitors.
If you contact us to request a meeting or use our services, and provide us with your personal data; your providing of this information will constitute your consent to us having and handling this data.
We will keep all such data according to the standards set out below.
It explains how we fulfil our obligations of the GDPR, how we process the personal data of clients, and what their rights are.
DATA PROTECTION AGREEMENT –
Compliance of the EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation was introduced in May 2018.
LAWFUL BASIS FOR PROCESSING DATA
Before undertaking work for clients, we agree a signed contract known as a "letter of engagement".
The processing of personal data is necessary for us to fulfil this contract.
Before agreeing this contract, we may hold your data for a short period of time because you have provided us with the data and asked us to act as your accountant, but have not yet agreed the written contract.
INTENDED PURPOSES FOR PROCESSING DATA
To fulfil services agreed in your letter of engagement.
To comply with regulations and laws set out by English law, HMRC, anti-money laundering regulations Companies House and our regulatory bodies, the AAT and IAB.
SOURCE OF PERSONAL DATA
All personal data we hold will be supplied by you, the client, or your previous accountant.
To comply with anti-money laundering regulations it is necessary for us to obtain 'satisfactory evidence' of client indentities. We may use electronic verification for this purpose, by means of Equifax. Although a record of our enquiry will be on your record, it will not affect your credit history.
DATA WE HOLD AND WHO HAS ACCESS
It is necessary for us to hold and process certain personal data about our clients. This includes, but is not limited to, the following: name, date of birth, address, national insurance number, contact details, UTR and other tax reference numbers, business name and details, bank details (in cases of tax repayment requests), and details of business capital funding and personal circumstances.
We do not store or process any special category data or criminal offence data.
We regularly review the data we hold for you and destroy any that is not necessary.
We store this data securely on site, where it is accessed only by the partners of the business, Adam and Joanne Kay. When sensitive information needs to be transmitted by email, such as payslips, or tax returns, these are password protected for additional security.
THIRD PARTY DATA SHARING
It is often necessary for us to share or store your personal information with third parties. Depending on which services we provide to you, these may include: HMRC, Companies House, our software providers including Quickbooks, Taxfiler, Brightpay and Microsoft, and pension providers including NEST and Smart Pensions. We check all of our third party providers to ensure that they too comply with the GDPR and we do not establish working relationships with providers that are not compliant.
We will not share your information with any third parties unless it is necessary in order for us to fulfil the services we have agreed to provide for you or fulfil legal obligations.
Upon request, we can provide you with an up to date and comprehensive list of the third parties with whom your data is shared or stored.
DATA STORAGE AND DESTRUCTION
HMRC require us to keep information relating to tax returns for five years after 31st January deadline of the relevant tax year. They require us to keep information relating to company returns for 6 years from the end of the last company financial year they relate to, or longer in some circumstances.
Unless you instruct us not to, we intend to destroy correspondence and other papers that we store after this date, other than documents which we think may be of continuing significance. If you require the retention of any document, you must notify us of that fact in writing.
We store all paper and electronic documentation securely. We review our data security annually.
As we are based from home with a dedicated office, restriction of access to physical data is relatively simple as all physical data can be accessed only by us.
We use up to date anti-virus software, and IT protection to ensure that digital files are kept secure.
To ensure that we do not hold any information that is not necessary or required, we aim to return all paper documentation e.g. receipts, bank statements, invoices, to you as early as possible after we have used them for the agreed purpose, i.e. completion of your VAT return or tax return. All electronic information that you have supplied will be deleted once we have used it for the agreed purpose. You are then obliged by HMRC to keep these records for the time stated above.
RIGHT TO BE FORGOTTEN - You may contact us at any time to request that all your personal data be forgotten. We have 28 days to respond to this request. This right is not absolute, and we will decide whether or not we can comply, depending on whether this request conflicts or contradicts with our existing obligations to HMRC, English law and our regulatory bodies (AAT & IAB).
If you do not agree with our decision you can submit a complaint to the ICO at https://ico.org.uk.
RIGHT TO RESTRICT PROCESSING - You may contact us at any time to request restriction or suppression of your personal data so that we can store it but not process it. We have 28 days to respond to your request.
RIGHT TO TRANSFER DATA - You may request to transfer your information to a new accountant or to use yourself. If you terminate your contract with us, we will issue a "letter of disengagement". At this time we will provide you (or your new accountant) with all the data we hold for you. The responsibility to keep this data under HMRC guidelines will then be yours.
RIGHT OF ACCESS - You may at any time request access to all the personal information that we hold for you. We will comply and send you all the information we hold about you within 28 days. This allows us an acceptable amount of time to gather the paper and electronic information and arrange to deliver it to you securely.
RIGHT TO RECTIFICATION - You may at any time request that we rectify incorrect or incomplete personal data that we hold or process for you.
DATA PROTECTION BREACH
Should we suffer a breach and your personal data is at risk, we will notify the ICO and yourself within 72 hours.
We are registered with the Information Commisioner’s Office, the UK’s data protection authority. If you believe we are not protecting or processing your data correctly, or that we are not conforming to the GDPR standards, you can lodge a complaint with the ICO through their website: https://ico.org.uk