At Cavendish Accountancy the protection of your privacy and the personal information we collect is of paramount importance. We only use your personal information to provide services you have requested from us, and to meet our legal responsibilities.
The purpose of this notice
This notice explains how we collect and use personal data about you, in accordance with the General Data Protection Regulations (GDPR) and other Data Protection Legislation. Please read the following as it describes our practices regarding your personal data and how we use it.
Cavendish Accountancy Limited (Cavendish Accountancy, ”we”, ”us”, ”our” and ”ours”) is an accountancy and tax advisory firm. Our Registered Office is 45 Church Road, Tiptree, Essex CO5 0SU. Company Number 08158132, registered in England and Wales.
For the purpose of the Data Protection Legislation and this notice, we are a data controller. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Our Data Protection Representative is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Representative you can do so using the contact details noted below.
How we may collect your personal data
We obtain personal data about you, for example:
when you make an enquiry as to the services we provide;
when you, or your employer or a client engages us to provide services and during the provision of those services;
when you contact us by email, telephone, post, website or social media (for example when you have a query about our services);
from third parties and/or publicly available resources (for example, from your employer, from Companies House or from HMRC);
Website – IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and internal marketing and to report aggregate information to our marketing advertisers.
This is statistical data about our website users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service.
They enable us:
To estimate our audience size and usage pattern.
To store information about your preferences, and so allow us to customise our website according to your individual interests.
To speed up your searches.
To recognise you when you return to our website.
Website – Where we store your data
The type of information we collect from you
The information we collect and hold about you will vary depending on the services you engage us to deliver but may include:
your personal details (such as your name, address, email, telephone numbers);
personal and financial data required to complete personal tax returns, accounts, payroll and other services;
personal data about your spouse and/or children required to complete your personal tax returns;
information about contact we have had with you in relation to the provision, or the proposed provision, of our services;
details of services you have received from us;
communications and correspondence between us;
information about any complaints and enquiries you make to us;
information we receive from other sources, such as publicly available information, information provided by your employer or our clients;
details of any goods or services you may provide to us.
How your information is used
Depending on which services you engage us to provide we may use your information to:
contact you by post, email or telephone;
verify your identity where this is required;
understand your needs and how they may be met;
maintain our records in accordance with applicable legal and regulatory obligations;
process financial transactions;
process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client;
prevent and detect crime, fraud or corruption.
Persons or organisations with whom we may share personal data
We may need to provide your personal data to a regulator or to otherwise comply with the law.
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings regarding the Tax Investigation Service). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We will share your data with third parties with whom you require or permit us to correspond.
We may need to provide information to our professional body (the Association of Chartered Certified Accountants) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).
We will never sell or rent your data to third parties.
We will never pass your data to third parties for marketing purposes.
We will never sell or pass on your data to any commercial or charity organisation.
All staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Data Security and transfers of personal data outside of the European Economic Area (EEA)
We endeavour to protect your personal information, however we cannot guarantee the security of any data transmitted to us, and you do so at your own risk.
Once we receive your information, we make every reasonable effort to ensure that it is secure on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Your data will usually be processed in our office in the UK. However, we sometimes need to store or transfer information to servers located outside the UK and the EEA. We take the security of your data seriously and so the systems or service providers we use have appropriate security in place that complies with all applicable legislative and regulatory requirements and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have legal rights to control what we do with your information. You can request a copy of the personal information about you that we hold, ask us to correct any personal information about you that you believe to be incorrect, or ask us to delete it where you consider that we no longer require the information for the purposes for which it was obtained. However please be aware that this may mean that we are no longer able to provide you with an effective service.
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.
You may request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
We do not intend to use automated decision-making in relation to your personal data.
We will need confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You have the right to withdraw your consent at any time and we will stop using your personal information for the purpose for which consent was given, unless we have another legitimate basis for doing so in law. Please note that withdrawal of consent does not affect the lawfulness of earlier processing.
We do not keep your data for longer than we need to. This will depend on the services that we have provided, the purposes for which the data was collected and the applicable legal and regulatory requirements.
We are required by legislation, other regulatory requirements, our insurers and our professional body to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically five or six years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a period in excess of this from the date we cease to act.
Updates to this privacy notice
Changes made to this privacy notice will be available on our website at www.cavendish-accountancy.co.uk
This privacy notice was updated on 20th October 2018
If you have any questions regarding this notice or would like to speak to us about the way we process your personal data, please call or write to:
Data Protection Representative
45 Church Road
Telephone – 01621 734890
We attempt to resolve any complaints about how we handle your personal information directly, but you also have the right to make a complaint if you are not happy with our response to the Information Commissioner’s Office at:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745
20th October 2018