Our Privacy Notice
Privacy Notice Introduction
At Cardens Accountants we value the importance of protecting and respecting the data you provide and entrust us with. We are committed to safeguarding any, and all, personal information provided to us. This includes; systematic and secured storing, ensuring all data is kept accurate and up to date as well as our commitment that the personal data we process will only be used in a way that is consistent with this privacy statement.
What Does This Notice Cover?
This Privacy Information Notice sets out the foundations for how we use your personal data;
• What is personal data?
• What personal data do we collect?
• How do we use your personal data?
• How do we store your personal data?
• How long do we hold your personal data for?
• Do we share your personal data?
• What are your legal rights relating to your personal data?
• How can you access your personal data?
• How to Contact us
What is Personal Data?
The General Data Protection Regulation (GDPR) 2018 definition of personal data/information is “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”
In other words, what we mean by “Personal Data” is; any information, that is provided to us, which relates to a living individual who could be identified from this information (or from any other information which is likely to be provided to us).
What Personal Data do we collect?
We may collect the following personal information:
• Your name;
• Your date of birth;
• Your gender;
• Your contact information such as:
– Your telephone number
– or email address;
• Your profession and job title;
• Your National Insurance Number and Unique Taxpayer Reference;
• Your payment information;
• Any other information you provide to us that may be relevant to our business services.
Emails – If you email us personal information, we may keep a record of this along with any correspondence on our hosted cloud based CRM and our accountancy software Iris.
Phone Calls –Inbound and outbound calls to our mainline number may sometimes be recorded and logged in our paperless filing system.
How do we use your personal data?
Under the GDPR, we must always have a lawful basis for using personal data. Our use of your information is necessary for us to provide a service to you and is only carried out once you have consented to our use of this personal data. Your personal information will be used for the following purposes:
• Providing and managing your account.
• Supplying our services to you.
• Your personal details are required in order for us to enter into contract with you.
• Communicating with you and with authorities on your behalf.
As part of our service to you we will occasionally email you on changes to the law where we feel it is either or direct or indirect interest to you based on the data we hold about you.
How do we store your personal data?
We use a software called IRIS, which has a virtually hosted interface equipped with data
encryption. Please contact us if you would like more information on our hosted cloud based CRM and its permissions.
All hard copy data is held securely within our office in non-client areas accessed only by employees of the company. We retain electronic copies of the hard copy records, when necessary, once the originals have been returned to you.
How long do we hold your personal data for?
We will not keep personal information any longer than 7 years after you cease to be a client. This will be dependent on the purpose for which it has been provided. Your personal data will, therefore, be stored for up to 7 years until you instruct us to either; destroy, securely archive or return this data to you.
Do we share your personal data?
We do not share your personal information with any third parties for any purposes, subject to any exceptions you have provided specific permission enabling us to do so.
In some circumstances we may be legally required to share certain personal data. This may apply where the individual relating to this data is involved in legal proceedings and we are required to hand over specific personal information. This would only occur if we were ordered to hand over personal data under a court order or under the instruction of a government authority in relation to the prevention or detection of crime.
What are your legal rights relating to your personal data?
Under the GDPR, you have rights by law which we always uphold. These rights include:
• The right to have all communications relating to your personal information between us and yourself to be transparent and honest
• The right to access your own personal information at any time
• The right to object to the use of your personal data for a particular purpose
• The right to obtain from us the rectification of your personal data if inaccurate
– (In other words; the right to instruct us to correct, update or complete your personal information if you feel this is required)
• The right to withdraw your consent for us to use your personal information
• The right to instruct us to erase your personal information
• The right to instruct us to provide your personal data to you, in a machine-readable state, and for you to be free to provide that information to any other body or individual without hindrance.
How can you access your personal data?
If you would like to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it. This is known as a “subject access request”.
All subject access requests are free of charge and should be made in writing via email or post. We will respond to this subject access request within 7 working days of receiving it.
How to Contact us
To contact us regarding anything to do with your personal data, data protection and a subject access request, please use the following details;
• Call us on 01273 739 592;
• Email us at firstname.lastname@example.org ;
• Write to our postal address: The Old Casino, 28 Fourth Avenue, Hove, West Sussex BN3 2PJ