We at Stepping Stones Accountancy Ltd take the security and privacy of your data seriously. We gather and use information about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.
We have measures in place to protect the security of your information.
This policy explains how we will hold and process your information and your rights as a data subject.
Personal information that we collect
When you contact us you provide us with your name contact number and email address.
When you contract with us for professional services you provide us with your personal details, including without limitation your name, postal and billing addresses, email addresses, phone numbers, date of birth, title, marital status, dependants, employment status, income, assets, national insurance number, criminal record and identification documents as well as any other category of personal data that we may request from time to time.
Why we process your personal information
We will use your personal information:
- in order to perform the contract of services between us;
- in order to comply with any legal obligation; or
- if it is necessary for our legitimate interests but we can only do this if your interests and rights do not override ours. You have the right to challenge our legitimate interests and request that we stop this processing.
We can process your personal information for these purposes without your knowledge or consent. We will not use your personal information for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
If you choose not to provide us with certain personal information you should be aware that we may not be able to carry out certain parts of the contract between us.
When we might process your personal data
We have to process your personal information in various situations for example
- to carry out the contract between us;
- running our business and planning for the future;
- the prevention and detection of fraud or other criminal offences;
- to defend the Company in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure;
- for any other reason which we may notify you of from time to time.
We will only process your criminal record (which is a special category of personal information) with your consent for example when we are acting on your behalf in an application for Licenses or Permits under the Licensing Act 2003 or the Gambling Act 2005. You can withdraw consent later if you choose by contacting Nathan Brady.
We do not take automated decisions about you using your personal information or use profiling in relation to you.
Sharing your personal information
We will share your personal information with other organisations to carry out our obligations under our contract with you or for our legitimate interests for example when we are acting on your behalf in applications for Licenses or Permits under the Licensing Act 2003 or the Gambling Act 2005.
We will also share your personal information if required or permitted to do so by law; if required to do so by any court, or any other applicable regulatory, compliance, governmental or law enforcement agency; or if necessary in connection with legal proceedings or potential legal proceedings.
Personal information is kept in the European Economic Area and the USA. Where data is stored in the USA it is done so in a way that is compliant with GDPR and in compliance with the EU-US Privacy Shield framework. Adhering to the Privacy Shield Principles ensure an organisation provides adequate privacy protection under the EU data protection directive.
Subject access requests
You can make a ‘subject access request’ (‘SAR’) to find out what information we hold about you by writing to Nathan Brady. We will respond within one month unless the request is complex or numerous in which case we can extend the period for a further two months.
There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
- You have the right to correct any inaccuracies in your personal information by writing to Nathan Brady.
- You have the right to request that we erase your personal information if we were not entitled to process it or it is no longer needed by writing to Nathan Brady.
- You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
- You have the right to object to us using your personal information for direct marketing.
- You have the right to a copy of your personal data and to transfer your personal data to another data controller. We won’t charge for this and aim to do this within one month.
- You have the right to be notified of a data security breach concerning your personal data.
- If we have relied on your consent to process your personal information for a specific purpose, you have the right not to consent or to withdraw your consent later by writing to Nathan Brady.
- You have the right to complain to the Information Commissioner by contacting the Information Commissioner’s Office directly and whose contact details can be found at (ico.org.uk).