This explains what personal data we may collect about you when you use our services, how we may use it, and how we keep it secure.
Glossary of terms used throughout the policy
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
– Names and contact information i.e. emails and telephone numbers
– National Insurance Numbers
– Employment history
– Employee numbers
– Personal tax
– Payroll and accounting data
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is ADS Accountancy Limited, Bezant House, Bradgate Park View, Chellaston, Derby DE73 5UH.
The data protection officer is Adam Dominey, who can be contacted at the above address.
A “data processor” is a person or organisation which processes personal data for the controller.
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
Business to Business
PLC, LTD, LLP incorporated partnerships, trusts and foundations, local authorities and government institutions.
Business to Consumer
Private clients, sole traders, unincorporated partnerships, employees, trusts and foundations.
What information do we collect about you and how?
As a Data Controller, ADS Accountancy Limited is bound by the requirements of the General Data Protection Regulations (GDPR).
You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge the services for which you engage us (and for other related purposes) including;
– Updating and enhancing client records
– Analysis for management purposes
– Carrying out credit checks in relation to you
– Statutory returns
– Legal and regulatory compliance
– Crime prevention.
We collect information about you when you contact us via our website.
Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information can then be used to track visitor use of the website and to create statistical reports on website activity. For more information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. Please note in a few cases some of our website features may not function because of this.
An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. ADS Accountancy Limited do not have access to any personal identifiable information and we would never seek this information. Your IP address may be logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.
Directly provided by you
Upon engagement and subsequently, you may provide us with personal details verbally, electronically, or by other media.
How will we use your personal information and why?
We hold and process personal data about you, your employees, and other parties key to your business, only in order to fulfil the services engaged between ADS Accountancy Limited and you or your company.
For Business to Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests.
For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” for example, to supply goods and services you have requested, or to fulfil obligations under an employment contract. This also includes steps taken at your request before entering into a contract.
We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We will never pass your personal information on to a third party without your express consent.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
Transferring your information outside of Europe
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services. Where this is the case, we will take steps to make sure the right security measures are in place to ensure your privacy rights continue to be protected.
How do we keep your data secure?
When you give us personal information, we take steps to make sure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
In some instances, we will provide you with password protected information or documents. Where we have given (or where you have chosen) a password which enables you to access sensitive information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Where your personal information is stored offsite (in the “cloud”), we ensure that those IT providers are secure and GDPR compliant.
From time to time we may like to send you information about our services which may be of interest to you. We will obtain your written consent before we contact you in this manner. If you have consented to receive marketing, you may opt out at any point, by emailing email@example.com and letting us know.
How long will we hold your data for?
If you have contracted our services, we will hold your data for a minimum of seven years in line with our regulatory requirements. After this period, we will review annually, and may then delete or dispose of the data.
What are your rights?
You have the right to ask to be ‘forgotten’, and for us to delete all of your personal information sooner than our usual retention period as disclosed earlier in the policy.
You have the right to raise an objection to the processing of your personal data if you feel the “grounds relating to your particular situation” apply.
The only reasons we will be able to deny either of those requests is if we can show compelling legitimate grounds for retaining the information or for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
You also have the right of a “Subject Access Request”.
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email or write to us at the following address: ADS Accountancy Limited, Bezant House, Bradgate Park View, Chellaston, Derby DE73 5UH, or email firstname.lastname@example.org
We will respond to your request within 21 days of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by writing to the above address, or contacting the partner who looks after you.
If you have any queries or wish to speak to us about how your information will be used, then please contact us.
In the unlikely event that you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.