What is the purpose of this notice?
To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 1998 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Who we are
Stratus Accounting Ltd, practising as Michael Warner & Company, is an accountancy and tax advisory firm. We are registered in England and Wales as a limited liability company under number 08637989 and our registered office is at Basepoint Business Centre, 1 Winnall Valley Road, Winchester, SO23 0LD.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
What data we need
We collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). It does however include name, address, email address, telephone number, other identity information required to meet anti-money laundering regulations, as well as financial and other information which you or third parties give us.
Why we need it
We need to know your basic data, including specific financial and other information in order to comply with anti-money laundering regulations and to complete accounts and tax returns and provide other services in accordance with your instructions. For example:
- For tax returns the information we need includes your national insurance number, tax code and details of all income.
- To enter into a contract with you we have to obtain photo ID (passport or driving licence) and a copy of a recent bill showing your home address.
What we do with it
We only ever use your personal data with your consent, or where it is necessary:
- to enter into, or perform, a contract with you
- to comply with a legal duty
- to protect your vital interests
- for our own (or a third party’s) lawful interests, provided your rights don’t override these. This includes processing for statistical and management purposes.
In any event, we will only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We will not share your information with third parties for marketing purposes.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers
- to identify and prevent fraud
- to enhance the security of our network and information systems
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
Where we keep it
We are based in the UK and we store our data within the EU. Some organisations which provide services to us may transfer personal data outside of the EU. For example, some of our systems use Microsoft products. As a US company, it may be that using their products results in personal data being transferred to or accessible from the US. Use of your personal data by Microsoft is protected under the terms of the USA’s Privacy Shield scheme.
How long we keep it
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, by law, information regarding tax returns and accounts has to be kept for 6 years. Information collected to satisfy anti-money laundering regulations has to be kept for five years after the termination of our business relationship with you.
We continually review what information we hold and delete what is no longer required.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. Under normal circumstances your data is shared only with HMRC (tax returns) and Companies House (accounts, company secretarial returns).
Which third-party service providers process my personal data?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT services, including cloud services, professional advisory services, administration services, payroll and banking services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- The right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request).
- The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason).
- The right to have inaccurate data rectified.
- The right to object to your data being used for marketing or profiling.
- Where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you have any questions about this notice or wish to raise a complaint about how we have handled your personal data, please contact Michael Warner at firstname.lastname@example.org, who will investigate.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
This Privacy Notice was last updated on 22nd May 2018.