This privacy notice provides an overview on how we use your personal data. By law we are required to make only safe and ethical use of the information that is provided and we believe it is important to ensure you understand how we use your data. This should be read in conjunction with the relevant notice about who you are to us, and considering the information provided in our policies covering privacy and data protection.
The reason we collect personal data changes depending on the activity for which we need the information.
We collect personal data to comply with our legal obligations e.g. providing information to regulators, law enforcement and statutory bodies.
Contract and engagement
We collect personal data when you want to enter a contract with us whether by engagement for services or as an employee.
- We hold this data to allow us to provide accountancy and tax compliance and tax advisory services (if applicable).
- We also hold data in order to make ID checks under the Money Laundering Regulations, this may include a copy of your passport or driving licence and evidence of your address.
- We hold this data to comply with our obligations as an employer.
- We hold this data to comply with our obligations as a training office for ICAEW, ACCA and as an apprenticeship provider.
- We hold this data to provide benchmarking and statistical data.
- We hold this data to allow us to focus our communications with our clients and our potential clients.
We process personal data where you have given consent for us to do so either as a client or potential client, an employee or potential employee, or student.
Stringent information security and personal data protection policies have been implemented. We have trained our workforce to ensure employees who come into contact with your personal data understand their obligations to adhere to our policies. We are committed to regular training in security and privacy best practice.
We apply appropriate technical and organisational measures in order to protect data, computing devices and the network from accidental / malicious activities or theft. Where appropriate, we encrypt our data and devices with confidential information securely destroyed when no longer required. We employ the use of Opensapce as a secure communication channel and encourage the use of this service.
Our offices are protected by physical access via swipe cards/thumb print recognition and a staffed reception. As a small office facility we are able to control visitors as they are by appointment only. Additional security measures are in place limiting access to our data centres including a locked room for our server. We do use an external provider of IT and rely upon their data protection measures to ensure privacy complies with legal requirements.
Data protection laws give you a number of rights with respect to how organisations process your personal data.
Right to be informed
You have the right to be informed of the use that your personal data will be put to, together with details of the Data Controller and your rights. Where you provide your personal data directly to us you will be directed to our PRIVACY NOTICE available at the time your data is obtained.
Where we obtain your personal data from a third party, these details will be made available within a reasonable period of having obtained the data. If your personal data is to be used to communicate with you, these details will be provided at the relevant time when the communication takes place. We shall use the Openspace portal as our secure communication channel. If disclosure to another recipient is envisaged, we shall ensure we have appropriate authority to disclose or have th right to do so to fulfil our legal obligations. Such third parties may be an Independent Financial Advisor, HMRC; a spouse or for a reference (financial or personal).
Right to Access
You have the right to access and obtain a copy of your personal data held and processed by us, on request.
We exercise a number of exemptions:
- Money Laundering obligations.
- Employment references.
- Contract negotiations.
- Ongoing investigations into conduct were it would prejudice the outcome.
You may exercise your right through the submission of a formal, written Subject Access Request to our Data Protection Office email: firstname.lastname@example.org administered by our practice manager, Mrs Wright; or by post to our main address marked “PRIVATE”
7 Lindum Terrace
Right to Rectification
You have the right to request a correction to inaccurate or incomplete personal data.
Right to Erasure (to be Forgotten)
You have the right to request eradication of your personal data from our systems and records. This is not an absolute right and does not normally apply to purposes covered by Legal Obligation or which are necessary for the performance of a Contract.
Right to Restrict Processing
You have the right to request cessation of or restriction to the processing of your personal data. This could be for example, if your personal data is no longer necessary for purpose of processing.
Right to data portability
You have the right to request a copy, in a portable format, of the personal data which you have provided directly to the SAL and which is automatically processed.
Right to object
You have the right to object to the processing of your personal data, where we rely upon Legitimate Interest as the lawful basis for processing.
Rights related to automated decision making including profiling
You have the right not to be subject to a decision based solely on automated processing (including profiling), which may significantly affect yourself.
If you are unhappy with how your personal data is processed by SAL, you have the right to complain to the Data Protection Office. If you remain unhappy, following our response to your complaint, you have the right to lodge a further compliant with our Supervisory Authority, The Information Commissioners Office (ICO).
The ICO’s address is:
Information Commissioner’s Office,
Wycliffe House, Water Lane
You can also contact them by telephone on +44 (0)1625 545 745 or via their website at www.ico.org.uk.
Data protection office
The data protection office has been established to ensure compliance with data protection laws. We are registered with the Information Commissioner’s Office (ICO) as a data controller for the processing of personal data (Z5765897).
- Updated 25 May 2018