The firm is committed to investment in training, equipment and software to keep our data subject’s data secure. We have a comprehensive policy covering the security of electronic and printed data. Our policy is regularly reviewed at a senior level and with expert advice to ensure it remains appropriate to meet the needs of data subjects whose information we process.
Classes of data subjects
We gather data on the following classes of data subjects: –
- Other data subjects (including suppliers and employees).
Reasons for processing information
We gather information on clients for the following purposes: –
- Identification documents for compliance with money laundering and professional regulations. This will be retained for 7 years after the date that the engagement ends or longer as statute requires.
- Accounting, correspondence and financial data for the purposes of providing accounting, tax and audit services.
- Administrative details for financial management.
We gather information on other data subjects for the following purposes: –
- Managing finance.
- Managing human resources.
Third party data
Where client data we hold pertains to third parties, we act as agents for the data processor. For example, when we act as payroll agents for a client company, the data processor directly answerable to the employees whose data is processed is our client rather than the firm. It is our practice to keep all third party data at least as secure as data we process as principal.
Types of data held
The type of data we hold includes but is not limited to: –
- personal details
- goods and services
- financial details
- education details
- employment details
Who the information may be shared with
Where necessary or required we share information with:
- HMRC in accordance with the terms of engagement letters agreed with clients.
- Companies House in accordance with the terms of engagement letters agreed with clients.
- Business associates, professional advisers where consent has been obtained.
- Family, associates and representatives of the data subject where consent has been obtained.
- Local and central government where consent has been obtained.
- Financial organisations where consent has been obtained or otherwise in accordance with the terms of engagement letters.
- Ombudsmen, professional bodies and regulatory authorities where required by professional regulation or law.
- Credit reference and debt collection agencies where necessary for our own commercial interests.
- Healthcare professionals, social and welfare organisations where consent has been obtained.
- Current, past or prospective employers in respect of employee data where consent has been obtained.
Transfers of data
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the Data Protection Act.