Data Privacy Notice

Introduction

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation and the Data Protection Act 2018 (the “Data Protection Legislation”).

Certain terms that are used in the Data Protection Legislation are explained here:

What is a data controller? A controller determines the purposes and means of processing personal data.

What is a data processor? A processor is responsible for processing personal data on behalf of a controller.

What is a data subject? A living individual

What is personal data? The Data Protection Legislation applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from that data.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Who are we?

We are Charterhouse (Accountants) Limited. This notice explains where we act as a data controller of the personal information that we collect or that you provide to us. We have a nominated Data Protection Co-ordinator, who is responsible for ensuring our compliance with the Data Protection Legislation. Her contact email address is:

Email: rajesh.jiwani@charter-house.net

We ensure that all our staff are aware of their responsibilities in collecting, using and sharing personal data.

Who do we collect personal information from?

We collect personal information about the following categories of individuals:

• Visitors to our website and potential clients who contact us;
• Existing clients;
• Our suppliers and service providers.

Why do we process your personal data?

As data controller, we use personal data for the following purposes:

• To assist our clients in meeting their statutory compliance obligations (including but not limited to preparation of accounts, tax returns, compliance statements, payroll)
• For the purposes of advisory work that we undertake for our clients
• Administration and billing
• Delivering news, marketing newsletters, occasional seminar invitations and occasional surveys
• To respond to client enquiries and to setup initial appointments

We process the following categories of your data:

• Contact information for our clients and business associates (such as name, home address, business address, business role, email address, phone numbers) Identity information for our clients and potential clients(such as NI number, date of birth, driving licence or passport, utility bills)
• Financial information (such as bank statements, bank account details)
• Correspondence information (including certain correspondence between us in which a personal opinion is expressed)
• Third party information for our clients, where you wish to provide us with the personal data of any beneficiary or bookkeeper or other third party (in which case, you confirm that you have the authority to do so)
• Usage information includes information about how you use our website
• Technical information includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Marketing information includes information about whether or not you consent to receiving newsletters or marketing from us.

How is your personal data collected?

We use different methods to collect data from and about you including through:

• Direct interactions. We collect the majority of your data when you choose to give this to us through our secure client portal, by email, over the phone, in person at meetings or otherwise.
• Automated technologies or interactions (including analytical cookies). When you interact with our website, we use cookies to automatically collect your Usage Data and Technical Data. We collect information only from analytical cookies on our website to allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We don’t use any other non-essential cookies on this website. If you don’t want us to collect this sort of information about you, you can set your browser to refuse the Google Analytics cookie by following this link: https://tools.google.com/dlpage/gaoptout.

How do we use your personal data?

We only use your personal data where the law allows us to. Our lawful basis for processing your general personal data is most likely to be one of the following:

• in anticipation of or in accordance with an agreement that we have with you; or
• where we need to comply with a legal or regulatory obligation; or
• where use of your data is necessary for our legitimate interests (or those of a third party) in the operation of our business and we have made an objective assessment that your interests and fundamental rights do not override those interests (for example to promote our services to you, to manage our relationship with you and to improve the service that we offer);
• where you have provided us with specific consent (for example where you have agreed to the use of analytical cookies when you visit our website or where you consent to us sending you marketing by email).

Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

Sharing your personal data

We may need to share your personal data with the parties set out below for the purposes explained above.

• Our service providers who provide us with IT management and system administration services, book keeping services and marketing and mailing services.
• Website analytics companies who provide us with website functionality services.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Links to other websites

This website may, from time to time, provide links to other websites (such as youtube). We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary and we retain your data where necessary to comply with the relevant laws such as the Taxes Management Act, the Companies Act, and the Charities Act. By law we may have to keep certain personal data six years after we stop working together. In some circumstances you can ask us to delete your data (see below for further information).

Providing us with your personal data

Where our data collection is optional or permission based (for example in respect of some of our marketing) you are under no statutory nor contractual requirement or obligation to provide us with your personal data.

Your rights and your personal data

Unless subject to an exemption under the Data Protection Legislation, you have the following rights with respect to your personal data:

• The right to request a copy of the personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary to retain such data;
• The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data, (this is not an absolute right and only applies in certain circumstances).

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Transfer of Data Abroad

Certain companies who provide us with cookie analytic services have servers based in the US. We also use a book keeping service company that is based in India. This involves a transfer of personal information outside the European Economic Area (EEA).

We are required to ensure that when we store your personal data with companies like this, your personal data is as secure as it would be if it stayed in the UK and that it complies with one of the mechanisms specified by Data Protection Legislation. If you would like more detail about how we comply with the detail of this requirement, please let us know.

Automated Decision Making

We do not use any form of automated decision making in our business.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

If you wish to complain

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Coordinator by emailing: rajesh.jiwani@charter-house.net

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.