Who we are
This is the privacy statement of Accounts4. We provide accountancy and tax services to small businesses.
What personal information we collect and why we collect it
In order to perform the work requested by clients we may collect the following: name, address and date of birth; tax, company, employment and employer details; bank account numbers, income past and present, spouse and marriage details. In addition, for the purposes of verifying identity we may require to keep copies of passport information, driving licence information and proof of address.
The source of the personal information
Clients provide their data directly to us. In addition we may receive specific further data from HMRC where previously authorised by the client.
How we use your personal information
- deliver services and meet legal responsibilities
- verify identity where this is required
- communication by post, email or telephone
- understand needs and how they may be met
- maintain records
- process financial transactions
- prevent and detect crime, fraud or corruption
Who we share your data with
Data may be shared with HM Revenue and Customs, software providers, an identification and sanctions checking service and online document signing service.
In all cases this is either to comply with the law, for example Money Laundering Regulations or in order to perform the work you have asked us to do.
How long we retain your data
We retain data for as long as statute or regulations demand.
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained.
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
- You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
- Our use of your personal information is contrary to law or our other legal obligations.
If we are required by law to retain certain data for a minimum time period, this takes precedence.
Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out on the Contact page if you wish to exercise any of these rights.
Where we send your data
See ‘Who we share your data with’
Legal basis of processing
Article 6(1)(b) gives us a lawful basis for processing where:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
We consider we have a lawful basis for processing if:
We have a contract with the individual and need to process their personal data to comply with our obligations under the contract. Or, we haven’t yet got a contract with the individual, but they have asked for something as a first step (eg provide a quote) and we need to process their personal data to do what they ask.
How we protect your data
We use a firewall, anti-virus software and scan regularly
What data breach procedures we have in place
If a personal data breach occurs, we will establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk we will notify the Information Commissioners Office within 72 hours.
If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly as soon as possible.
Normally records will be retained for six years then securely destroyed.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns