PURPOSE OF THIS NOTICE
This notice will tell you how we look after your personal data, ab out your privacy rights, and about our compliance with and your protections under Data Protection Legislation.
In this notice, ‘Data Protection Legislation’ means any applicable law relating to the processing, privacy, and use of Personal Data, including the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020.
Deacon’s is a firm of chartered accountants regulated to carry on audit work in the UK, regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales.
For the purpose of the Data Protection Legislation and this privacy notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Sandra Deacon is our Data Protection Officer (DPO) and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data.
HOW WE COLLECT YOUR PERSONAL DATA
We obtain personal data about you when you initially engage us and on an ongoing basis as services are provided. The data may be collected by email, telephone and post, and sometimes from publicly available resources on the internet.
THE KIND OF PERSONAL DATA WE HOLD ABOUT YOU
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect may include your name and/or address, telephone number, Unique Tax Reference, National Insurance No, email, bank account details, photo ID (for Money Laundering Legislative purposes).
HOW WE MAY USE YOUR DATA
We may process your personal data for purposes necessary for the performance of our contract with you and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Generally, and depending on the services we are engaged to deliver, we may use your information to:
- Contact you by post, email or telephone;
- Verify your identity where this is required;
- Carry out our obligations arising from any agreements entered into between us (which will most usually be for the provision of our services);
- Carry out our obligations arising from any agreemenst entered into between our clients and us (which will most usually be for the provision of our services) where you may be a subcontractor, supplier or customer of our client);
- Understand your needs and how they may be met;
- Advise you of changes in legislation and/or new services that could be relevant to you, provided that your interests are not overridden;
- Maintain our records in accordance with applicable legal and regulatory obligations;
- Prevent and detect crime, fraud or corruption.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
We will only retain your personal data for as long as we consider it is necessary to fulfil the purposes for which it is collected and where it is compatible with your future needs.
When assessing what retention period is appropriate for your personal data, we take into consideration that the type of services that are provided and statutory and legal obligations.
When we no longer act for you, we reserve the right to retain your data where we are required to do so by legislation and by our insurers.
We will only share your personal data with third parties where we are required by law or where you have given us permission, including outside the European Economic Area (EEA), if part of our contract with you.
We have in place security measures to prevent data from being accessed in an unauthorised way. Our staff who process your data are subject to a duty of confidentiality.
Should we suspect a breach of our security measures we will notify you and the Information Commissioners Office and any applicable regulator where we are legally required to do so.
You have the right to:
- Request a copy of the personal information that we hold or for it to be corrected if inaccurate.
- Request erasure of your personal data - this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent.
- Object to or restrict the use of your personal data for example where your personal situation has changed or you do not wish your personal data to be used for direct marketing purposes.
If you want to exercise any of the above rights, please email Sandra Deacon at email@example.com.
CHANGES TO THIS NOTICE
Any changes we may make to this notice will be updated on our website.
This privacy notice was last updated in May 2022.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our Sandra Deacon at firstname.lastname@example.org or call 01799 543453. Our address is The Stables, Shipton Bridge Farm, Widdington, Saffron Walden, Essex CB11 3SU.
We would seek to resolve directly any complaints however you also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner's Office
Telephone - 0303 123 1113 (local rate) or 01625 545 745
Website - https://ico.org.uk/concerns