RICHARD PLACE CUST & CO.
Data Protection Policy and Privacy Notice
Richard Place Cust & Co (the company) is committed to respecting our client’s privacy and protecting your information from misuse or unauthorised disclosure. We value our reputation and will comply with privacy laws.
This privacy notice lets you know what happens to any personal data that you give us, or any that we may collect about you. It applies to all services and instances where we collect your personal data.
This privacy notice applies to personal information processed by or on behalf of Richard Place Cust & Co.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.
Richard Place Cust & Co and our Data Protection Officer
We are Richard Place Cust & Co, Chartered Certified Accountants, Hereford House, 9 Massetts Road, Horley, Surrey RH6 7PR. We are a data controller of your personal data.
We have a dedicated data protection office (“DPO”). You can contact the DPO using the details below, or by writing to the above address, marking it for the attention of the DPO.
Name – Greg Cust
Tel No – 01293 772727
Email address – firstname.lastname@example.org
Data Protection Principles
The company processes Personal Data in accordance with the following data protection principles which require Personal Data to be:
- Processed lawfully, fairly, and in a transparent manner;
- Collected only for specified, explicit and legitimate purposes;
- Processed only where it is adequate, relevant and limited to what is necessary for the purposes of processing;
- Accurate and for the Company to take all reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay;
- Kept only for the purpose of processing; and
- Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The Company tells individuals the reasons for processing their Personal Data, how it uses such data and the legal basis for processing in its privacy notices. It will not process Personal Data for other reasons.
The Company will update Personal Data promptly if an individual advises that his/ her information has changed or is inaccurate.
The Company keeps full and accurate records of its processing activities in respect of Personal Data in accordance with the requirements of the data protection legislation.
The types of personal data we collect and use
What data do we collect?
When you become a client, we will need to gather certain pieces of personal data to enable us to do the work you have engaged us to do on your behalf. The personal data that we collect and hold about you may include:
- Full name and personal details including contact information (e.g. home and business address and address history, email address, home, business and mobile telephone numbers);
- Date of birth and/or age;
- Financial details (e.g., salary and details of other income, accounts, tax returns, bank account details);
- Family, lifestyle or social circumstances if relevant to the services we are providing;
- Employment details/employment status;
- Personal data about your spouse and other family members where this is relevant to the work we are undertaking on your behalf; and
- Reference and code numbers for liaising with regulatory and other third party legal bodies (e.g. HMRC, Companies House, Financial advisors and Charities Commission), where we need to communicate with the third party on your behalf.
Provision of professional services
Richard Place Cust & Co will also often receive personal information in the course of providing professional services – ordinarily when we provide services to private individuals, employers and businesses with personal customers. Our engagement letters and terms of business govern our relationship with you, including what we may do with personal data that is provided to us. Richard Place Cust & Co provides many different types of services and the purpose of the data may not always be obvious to the individuals who are data subjects.
More generally, Richard Place Cust & Co complies with its obligations under the Data Protection Act 1998, and applicable regulatory guidance which relates to our handling of personal data (e.g. as published by our principle regulator, the Association of Chartered Certified Accountants)
Provision of personal data
We will let you know if providing some personal data is essential for the purposes of the services we are contracted to carry out or if they are optional.
When we may need to collect your personal data
We rely on the following legal basis to use your personal data:
- Where we have a contractual obligation to provide you with our services
By engaging us to supply accounting, taxation, payroll, company secretarial or advisory services to you we will need to hold certain personal data to carry out our work. Details of the services we are instructed to provide, and the terms of the work will be set out in our engagement letter.
- Where it is in our legitimate best interests to do so
- Managing your services relating to the work we do for you, updating your records, tracing your whereabouts to contact you about the work we have done for you, your account and doing this for recovering debt (where appropriate);
- To follow guidance and recommend best practice of governance and regulatory bodies;
- For management and audit of our business operations including accounting;
- To carry out identification procedures required under the Money Laundering regulations before accepting your instructions and periodically after that;
- To carry out monitoring and to keep records of our communications with you and your staff;
- To administer our good governance requirements, such as internal reporting and compliance obligations and administration required;
- Where we need to share your personal information with people and organisations in order to run our business or comply with any legal and/or regulatory obligations.
- To comply with our legal obligations
How long do we hold data for?
Unless we explain otherwise to you, we will hold your personal information based on the following criteria;
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations;
- For as long as we provide services to you and then for as long as someone could bring a claim against us;
- Retention periods in line with legal and regulatory requirements or guidance; and /or
- We use reasonable efforts to retain personal data collected from you only for so long as we need such data in accordance for the purpose for which it was collected or until we are requested to delete it (if earlier).
Data security and storage
Richard Place Cust & Co has appropriate technical and organisational security policies and procedures in place to protect personal data and information from loss, misuse, alteration or destruction.
Additionally, we aim to ensure that access to your personal data is limited to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website is run by Practice Track, which collects IP addresses for system administration, for independent audit and to produce reports so that we can see how our site is being used, for example, what services and facilities are popular, and how long you spend on particular pages. This is data about our users’ browsing actions and patterns and it does not identify anyone individually. We have reviewed Practice Track’s procedures and systems to confirm we are satisfied that they are GDPR compliant are not using personal data collected on our behalf for any other reasons than mentioned above. Practice Track’s privacy notice can be found at https://www.practicetrack.co.uk/privacy-policy/
When you telephone Richard Place Cust & Co we will not record your call. Although if the information we are given relates to a service we are performing for you, we may make notes of the call and place these on client files.
Your rights under data protection laws.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we will explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information;
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased. This right is only applicable where it does not conflict with legal and regulatory requirements;
- The right to request access to your personal information and to obtain information about how we process it;
- The right to move, copy or transfer your personal information (“data portability”); and
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
You have the right to complain to the Information Commissioner’s office which enforces data protection laws: http://ico.org.uk.
You can contact us using the contact details shown at the foot of this notice.
Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by contacting the DPO in the first instance.
Sharing of personal data
We will use your personal data only for the purpose for which it was collected, unless we obtain your specific consent for other uses, or unless otherwise required or permitted by law or professional standards. For example, if you send us an email message requesting information about Richard Place Cust & co we will use your email address and other information that you supply to respond to your request.
We use 3rd parties to store current data in a digital format on external servers and to store archived data in paper form. We are satisfied that these organisations are GDPR compliant and that their security arrangements are at least equal to ours.
We do not disclose your personal data to third parties except as described above and where required and permitted by law.
We do not sell your personal data or provide it to third parties for their direct marketing use.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the contact us section of our website. Alternatively, you can write to Richard Place Cust & Co, Hereford House, Massetts Road, Horley, Surrey, RH6 7PR, marking it for the attention of the DPO.