Who we are
Whiteley Accountancy Services LLP
Address: Heaton Moor, Stockport, SK4
Phone Number: 07907 537 741
E-mail:[email protected]
Overview
This Notice outlines the data protection policies and procedures we have adopted and to which we abide to ensure we are GDPR compliant. The purpose of this Notice and any other documents referred to in it, is to clearly list and identify the legal requirements, procedures and rights which must be established when we obtain, process, transfer and/or store your personal data. This Notice will assist you in understanding the obligations, responsibilities and rights which arise from the Data Protection Laws.
Everyone has rights with regards to the way in which their personal data is handled. In order to operate efficiently we need to collate and use information about the people with whom we work. This includes current, past and prospective employees, clients, and others with whom we communicate.
We regard the lawful and correct treatment of personal information as integral to successful operation and to maintaining the confidence of the people we work and communicate with. To this end we fully endorse and adhere to the principles of the relevant Laws. We are registered as a Data Controller on the Register kept by the Information Commissioner’s Office.
The type of personal information we collect
We currently collect and process the following information:
• Personal identifiers
• Contact details
• Financial information
• Personal identification
How we get the personal information and why we have it
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
Most of the personal information we process is provided to us directly by you for one of the following reasons:
• To provide the accounting service that you require and to meet legal and accounting requirements.
• To assist you in your relationship with our affiliates and banking partners.
In the course of our business, we shall process the Personal Data we receive directly from you (for example, by you completing forms, sending us papers or from you corresponding with us by mail, phone, email or otherwise) and your Personal Data which we receive from any other source.
We shall only process your Personal Data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities in our role as your accountant or for any other specific purposes permitted by the Enactments. Should we deem it necessary to process your Personal Data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first, to inform you of those purposes and our intent and may also apply for your consent.
We will only collect and process your Personal Data as required to fulfil the specific purpose/s of our contract and agreements with you.
We shall ensure that all Personal Data held is accurate and up to date and will check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. If you become aware that any of your Personal Data is inaccurate, you are entitled to contact us and request that your Personal Data is amended. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
We also receive personal information indirectly, from the following sources in the following scenarios:
Companies House information to comply with AML requirements. Name and part of date of birth which are publicly accessible from the site.
We use the information that you have given us in order to provide you with a safe and accurate service.
We will only collect and process your Personal Data to the extent that it is needed to fulfil our operational and contractual needs or to comply with any legal requirements.
We shall access and use your Personal Data in accordance with your instructions and as is reasonably necessary:
• to fulfil our contractual obligations and responsibilities to you;
• to provide, maintain and improve our accounting services;
• if we intend to use your personal data for the advertising and marketing of our services and/or the services of our affiliates such as Starling Bank. We shall seek your separate express consent and you are entitled to opt out of these services at any time;
• to respond to your requests, queries and problems; and
• to inform you about any changes to our services and related notices, such as security and fraud notices.
Sharing your data
In the course of us fulfilling our role as your accountant it will be necessary for us to disclose your Personal Data in certain situations:
• In our role as your accountant we may need to share your Personal Data with certain bodies to fulfil our contract with you such as your suppliers, contractors and subcontractors, HMRC, ICB and other governmental, regulatory bodies.
• We use the following software providers to process electronic data, including personal data, Microsoft. This provider states that it is GDPR compliant and/or applies equivalent/adequate safeguards. It’s privacy notice can be found here, https://privacy.microsoft.com/en-gb/privacystatement
• If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, lawful requests, court orders and legal process.
• To enforce or apply any contract or other agreement with you.
• To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.
Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction.
We maintain data security by protecting the confidentiality, integrity and availability of your Personal Data, and when we do so we abide by the following definitions:
1 Confidentiality: We ensure that the only people authorised to use your personal data can access it.
2 Integrity: We will make certain that your Personal Data is accurate and suitable for the purpose for which it is processed.
3 Availability: We have established procedures which mean only our authorised Data Users should be able to access your Personal Data if they need it for authorised purposes.
We may also share this information with your bank should the scope of our engagement include assisting you with a banking relationship with them.
GDPR bases
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. By notifying us.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
How we store your personal information
Your information is securely stored in encrypted online software storage which is formally GDP compliant.
We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. Once Personal Data is no longer required, we will take all reasonable steps to destroy and erase it. We keep all information for a period of 6 years after the termination of our relationship. We will then dispose of your information by deleting any online files and confidentially shredding any paperwork. You will be supplied with a copy of any documentation should you so require it.
We also maintain security procedures which include, but are not limited to:
1 Secure lockable desks and cupboards. Desks and cupboards shall be kept locked if they hold your personal data.
2 Methods of disposal. Paper documents containing Personal Data are shredded and digital storage devices shall be physically destroyed when they are no longer required.
3 Data Users shall be appropriately trained and supervised in accordance with this Notice which include requirements that computer monitors do not show confidential information to passers-by and that Data Users log off from or lock their PC/electronic device when it is left unattended.
4 Our computers have appropriate password security, boundary firewalls and effective antimalware defences. We routinely back-up electronic information to assist in restoring information in the event of disaster and our software is kept up-to-date with the latest security patches.
5 One or all of the following measures shall be applied to the personal data held; separating the personal data and/or pseudonymisation and/or the encoding of the data
6 Our Privacy Manager will ensure that this Notice is kept updated in response to any amendments to the Law.
We shall take appropriate security measures against unlawful and/or unauthorised processing of personal data, and against the accidental loss of, or damage to, your Personal Data.
We shall only transfer your Personal Data to a Data Processor (a Data User outside our business) if the Processor agrees to comply with our procedures and policies, or if the Processor puts in place security measures to protect Personal Data, which we consider adequate and are in accordance with the Enactments.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at [email protected] if you wish to make a request.
Your telephone and written queries and requests
When receiving telephone enquiries, in which Personal Data is requested we will only verbally disclose Personal Data held on our systems if we can confirm the caller’s identity so as to ensure that the data is only given to a person who is entitled to receive it.
We may suggest that a caller put their request in writing to assist in establishing the caller’s identity, and to enable us to clearly record the nature of the request and to assist in further identity checks.
If we have reasonable doubts about the identity of the person making the request, we may request additional information to confirm the caller’s identity.
In difficult situations our Data Users may refer a request to their line manager for assistance.
When responding to written requests Personal Data will only be disclosed if we can confirm the identity of the sender and/or sufficient supporting evidence is provided by the sender establishing their identity.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to our Data Protection Policy
We keep our privacy policy under regular review and reserve the right to amend and update the policy as required. Where appropriate, we will notify you of those changes by mail, email and/or by placing an updated version of the policy on our website.