Sometimes we have to do things which are a little boring but your information and privacy is important to us so here goes...
Reading Time: 13-16 minutes.
Privacy, Cookies and Data Protection (GDPR)
It also explains how we handle personal data (shared with us through this site & in our business in general) with respect to the data protection laws of England and Wales and the EU’s General Data Protection Regulation.
We never sell your personal data to any third party. We only share your data with third parties where it is required to do so by law and or to deliver the information and or services you have requested from us. This would also only be done with respect to the laws of England and Wales and the EU’s General Data Protection Regulation.
Collection of Personal and Anonymous Data
We may collect, process and store the following kinds of personally identifiable data, and we may also collect certain types of anonymous statistical data. Sometimes we may need to ask for your explicit consent to collect personal data and when this is required we will make that request clear. This might include the following:
(a) technical information about the type of computer you are using and about your visits to, and use of, this website. This is anonymous data such as your computer’s IP address, geographical location, browser type, referral source, length of visit and the number and type of pages viewed. This is anonymous statistical data and it cannot identify a specific person if or when it is collected;
(b) information that you provide to us – with your consent – through the website contact form for the purpose of registering with us or asking us to contact you or receive an email newsletter. This information may include e.g. your name, email address, telephone number, postal address, the procedures (services) you’re interested in, how you found out about us);
(c) information relating to any discussions or transactions carried out between you and us submitted through the website contact form, chat windows or subsequent email exchanges;
(d) information that you provide to us for the purpose of enquiring about our services and or subscribing to, for example, email notifications and/or newsletters; and
(e) any other information that you choose to send to us and for which you gave your consent for us to use.
The information collected by the cookies is sent back to the web server each time the browser requests a page from the server. This enables the web server to identify and track how the web browser is using our website.
The cookies we use allow us to understand things such as which pages a visitor views, for how long and how a visitor came to the website (from which source e.g. Google, Twitter, Facebook). They cannot identify a specific person’s identity. They only collect anonymous data about how a person is using our website.
If you are concerned about allowing cookies to be stored on your browser, even temporarily, most browsers now recognise when a cookie is offered and will permit you to refuse or accept them.
You can, by default, set your browser to permanently block cookies from any website from being placed on your browser, but doing this may cause some functionality to be lost and the website may not look as intended in your browser.
You can find out more about how to control cookies in some of the most popular browsers by visiting their help pages.
We may also use anonymous cookie data for remarketing purposes. This means, you may see our promotions and advertisements on other websites that you visit.
You might also wish to visit the Information Commissioner’s website to find out more about cookies.
We use analytics to help us understand how our website is being used so that we can improve how it functions and our services. Analytics generates statistical and other information about how websites are used by using cookies.
Linking to Third-Party Websites
Using Personal Data
With respect to Article 13 of the EU’s GDPR, this website processes personal data for a specific purpose and according to legitimate interest. In the regulation’s terminology, this means:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We may also use anonymous or personal data to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send to you downloads purchased via the website;
(e) send information to you about our services, statements and or invoices, and collect payments from you;
(f) send you non-marketing communications e.g. updates about the status of your purchase or relating to your enquiry;
(g) contact you via email, phone and or post with information you have knowingly requested or that we think you may want to know or need to know e.g. for business or legal reasons;
(h) send to you our newsletter and other marketing communications which we think may be of interest to you by phone, post, email or similar technologies;
(i) provide third parties e.g. Google with statistical information about our website visitors. This information will not identify any specific individual; and
(j) deal with enquiries and complaints made by or about you relating to the website
Are you still here? You're doing pretty well to have got this far so go grab a Coffee and carry on....
(a) to the extent that we are required to do so by the laws of England and Wales and the EU’s GDPR;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
International Data Transfers
Depending on the nature of your enquiry and relationship with us, personal information that you consent to provide to us may be processed in the UK and or in locations outside the UK in order to deliver our service to you.
For instance, if you are based in the United States and submit information to us via email, from an email account hosted in the US, your email hosting provider will have processed the data you sent. If we reply to that email address, even though we are in the UK, we may be transmitting your data across international boundaries.
Anonymous website analytic data that is collected from your use of our website may also be transferred, processed and stored, for example, on Google’s servers outside the UK and EU. Unlike some Accountants we do not currently employ contract workers outside of the UK therefore any data passed between our staff stays within the UK.
We have taken reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal data. We will store all the personal data you provide in secure servers or systems which meet or exceed ‘Official-Sensitive’ classification.
However, we cannot guarantee the security of any data you choose to send to us over the internet. Our website does however use an SSL certificate to help ensure that any information sent to us through it, is more secure than it otherwise would be.
If you look in the address bar of your browser, when visiting our site, you will see the letters https. The S stands for secure and means that information sent to us through our site is sent to us through an encrypted channel, including data your send us from contact forms within our site.
All our email is protected by TLS 2.0 security which means between us and our service provider all email is encrypted, most major email providers provide TLS encryption which means your message is protected end-to-end. If in any doubt please contact us telephone to discuss prior to sending important documents or data by email.
Your Rights (re the EU General Data Protection Regulation)
Giving and Withdrawing your Consent to be Contacted
In certain circumstances, we must have your consent before we contact you.
We may ask for your consent, for example, when you fill in one of our contact forms and you provide your consent by ticking the box on the form.
We also keep a record of your consent in our systems until we no longer need to.
You can withdraw your consent at any time by contacting us
Transferring and Providing you with Confirmation of what Personal Data we Hold
You may instruct us to transfer any of the information we hold about you at any time. You may also instruct us to provide you with electronic confirmation of what personal information we hold about you at any time.
Depending on the nature of your request, this doesn’t necessarily mean we would need to provide you with the information itself – although we can do that if you request it – but a list of the types of information we hold e.g. name, phone number, email address etc.
If you would like us to transfer the data, please provide us with the details of to where you would like it to be ported to. If we don’t think this will be a secure destination to transfer it to (or the method of transferring is not secure), we will tell you.
Please also let us know what information you require to be transferred or confirmed e.g. all the information we hold or just a specific detail. Please also tell us what format you would like the information provided in and when you would like to receive it e.g. a paper copy or in an email.
To protect your privacy and confidentiality, we may, in certain cases, only be able to provide you with the detail in paper format as opposed to electronic formats.
We will endeavor to provide the information you require in your preferred format by the date you request, but this may not be possible depending on the precise details of your request and with respect to our operational schedule and any third parties that may need to be involved.
If you engage another Accountant and you wish us to transfer your documents to them, it may be necessary for us to send you the data for onward transmission in a format of your choice. Where we disengage clients and data is held within Third Party application that you control we will no longer have access to your date on the disengagement date; therefore it will be your responsibility to transfer data or engage a professional for ongoing assistance.
You can instruct us to do this at any time by contacting us.
Deleting Your Information
You may also instruct us to delete any and all information we hold about you at any time.
We will endeavor to do this with respect to your wishes and compliance with the applicable laws of England and Wales and or EU laws and regulations i.e. GDPR.
We will endeavor to delete all the information we hold about you in the time frame you request, but depending on the nature of your request, and any third parties involved, this may not be possible.
This is because of our legal obligation to retain certain types of customer information for certain time periods e.g. for tax and or accounting purposes, we may need to keep your contact details on file for longer periods if they appear on an invoice or receipt for example.
In any and all cases, we only ever keep information on file for as long as it is needed with respect to the services you have enquired about and or that we have agreed to provide you, or to meet a legal requirement.
You can instruct us to do this at any time by contacting us.
Updating Your Data
You can and should instruct us to correct or update any personal information we hold about you e.g. if you change your name or address for instance.
You can instruct us to do this at any time by contacting us.
Finding out More About Your Rights under GDPR
You can find out more about your rights according to GDPR by visiting the Information Commissioner’s website (UK).
Third Party Applications
We work with a number of third party providers, some of which will require you to sign Privacy Policies directly with them, whilst we endeavor to ensure security & privacy of your data we cannot be held responsible for third party privacy issues.
We hold all data on systems which are encrypted to a minimum of ‘Official-Sensitive’ this is suitable for client data that is commercially sensitive. We do not hold medical information (other than periods of sickness for payroll clients).
Staff are only able to access client data for which they are authorised, network administrators do not have access to client data unless required by their job role OR on specific client request.
For security we do not publish a list of specific applications we use, however should you require more information about how data is stored or processed please contact us.
From time to time clients may ask us to access or process data which is held in ‘legacy’ applications or systems. It should be understood that these systems do not provide data security that more modern applications provide; we will endeavor to assist clients where possible however we will require a disclaimer to be signed in these circumstances.
We may require data to be ‘sheep dipped’ prior to ingest into our systems, unfortunately this will require data to be provided in a format which can be read by a Microsoft Windows system; we are unable to ingest Apple native formats. We charge a fee for this work which will be advised prior to work commencing.
We do not sell or transfer client data for marketing purposes by other business.
We will only contact clients in the following circumstances:
Reply to a client request
For routine bookkeeping and accounting services
Changes to products or services to which the client subscribes
Marketing only with explicit client consent
Changes to this Policy
You should check this page occasionally to ensure you are happy with any changes. If you have any questions about this policy, please contact us as soon as possible and we will endeavor to answer your question as quickly and clearly as we can.
More Information About Data Protection
The website of the Information Commissioner’s Office (UK) also has to more detail about data protection and your rights.
We have to tell you that we may monitor or record communications that you make with us, for example, we may record Teams conversations so we can review the information later, all emails are kept for a minimum of 6 years whilst you are our client. We don't make these available to anyone else, unless we receive a legal order to do so. Thanks for reading.
Last updated 24/02/2022 - removing mention of 'Skype' calls & clarification of International Data Transfers