Letter to our clients re privacy
As you are no doubt painfully aware after the barrage of emails pointing you in the direction of the new privacy notices and asking you to agree that you have read them; we too, are informing you we have updated our notices.
The new general data protection regulation became effective on the 25th of May 2018. We have been working in the past 12 months towards being able to comply with the new regulations. One of the main changes we have implemented has been to provide access to a protected communication channel via Openspace. You will have received emails direct from Openspace when we upload a document or letter or other communications onto this secure cloud-based server.
We have received a few complaints and some “express written authorities” to carry on attaching personal data to emails BUT we cannot comply if we continue to use email attachments without some form of encryption. To separately encrypt every email attachment would be labour-intensive and would increase charges and inconvenience clients as passwords would have to be stored for each encryption and notified via a separate medium (eg text). The more humans involved, the greater the margin for error!
As we explained when we first introduced Openspace; it would not be possible for us to monitor and provide the necessary evidence of compliance if we stepped outside of our chosen solution so we have decided that any communication from us containing personal data will be protected via Openspace. To ensure we are not leaving documents In the cloud unnecessarily, our policy is to remove these after a reasonable period of time to enable you to download onto your own secure servers. Reasonable time lapses will normally be notified to you for different items or documents. For example if they are payslips we shall remove the earlier month as the current month is uploaded. This will avoid confusion as to which document needs to be downloaded, opened and dealt with.
This should be easier for you as it also allows e-approval of documents rather than the hassle of printing paper, signing and returning to us for onward submission.
Looking at it from a pragmatic viewpoint, there is only one more step in the process of the receipt of an email: the email carries a link direct to the document being sent and you just choose a password which stays current until you decide to change it. No-one else is party to that password.
We as SAL are your trusted advisors, and we hold and process personal data about you, our client, in order to meet your compliance obligations and to provide business, tax and financial planning.
When collecting and processing your data as a data controller we must comply with relevant data protection legislation whilst carrying out our obligations and legal duties to provide you with advice. These include some of the following activities:
- calculating your tax liabilities;
- Preparing your tax returns and accounts and financial statements;
- Offering advice for future planning and long-term growth;
- Complying with legal regulatory and good governance obligations as arise from time to time.
Whilst much of the data we hold has been provided by you directly , It may also have been provided by third parties such as HMRC, NHS business services and perhaps others, such as an IFA or mortgage advisor and bank or solicitor.
We may also receive information from you about your family and business associates and partners which include such personal data as names, addresses, UTR and national insurance numbers, etc. including their relationship to you. We will assume that you have the consent of those individuals to provide us with this information and that you will share our privacy notices with them.
From time to time we also hold and process some special categories or sensitive data about you for the purposes of planning for such events as divorce, new business development or investment purposes.
We will process this data in the performance of our legal obligations in connection with our engagement terms, or as allowed or required by legislation.
We may also do so, where necessary for the establishment exercise or defence of legal claims or in conducting internal dispute resolution cases and other legal procedures.
In some circumstances we share your personal data with third parties who are also involved in the completion of your tax returns, financial statements and planning for your future, for example, an independent financial advisor, solicitor, HMRC, the Pensions Regulator to name but a few. Unless we have written authority to do so we will only provide information or share information when there is a legal obligation with which to comply or we have written authority to share information.
In limited circumstances some access to your personal data may be shared with our IT providers or to our own advisors.
In any circumstances where we are required to transfer personal data to other countries including outside the European Economic Area (EEA), the parties involved will ensure that adequate safeguards are in place to ensure continuing compliance with data protection legislation if this is necessary we would ask for your authority to do so.
Tax advice and compliance is carried out over a long period and this means that information we hold may go back many years. Our policy is to retain information relating to you throughout the period of our engagement. Once our engagement ends we shall hold your data for at least six years for the purpose of complying with our legal obligations. Should you engage with a new advisor we shall perform the handover procedures in accordance with our Institutes’ (ICAEW and ACCA) agreed mechanism and send you disengagement terms.
You have the right to obtain access to all copies of your personal data and request that we rectify any errors in the data that we hold, or request that we erase your personal data. You can also ask that we restrict the way we process your personal data or object to it being processed. In some circumstances, you have a right to request a copy of your personal data for the purposes of transmitting it elsewhere. You can exercise these rights by contacting the administrator of SAL at
7 Lindum Terrace
Telephone (01522) 546606
Where we have requested and obtained your consent to process particular information, you can request to with draw that consent at any time. However if we do not hold all the data necessary to complete your returns we shall not be unable to meet the terms of our engagement and will not be responsible for any consequent penalties arising as a result of your action.
If you are not satisfied that we have handled your personal data in an appropriate manner you should send a complaint to us at the above address in the first instance. If you remain dissatisfied with our response to your complaint or believe our processing of your information does not comply the data protection legislation, you may also make a complaint to the Information Commissioner’s Office (ICO). This is in addition to and separate from our internal dispute resolution policy.
ICO contact details are:
Information Commissioner’s Office
Telephone 0303 123 1113 or 01625 545745.
We reserve the right to amend this Privacy notice from time to time.