Archer Associates and Archer Associates Finchley Limited – General Data Protection Regulations
Privacy Statement – May 2018
The Purposes of Processing Personal Data
Archer Associates and Archer Associates Finchley Limited are “processors” of personal information. We will use some, or all, of your personal data to:
- Enable us to supply professional services to you as our client;
- Fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”));
- Comply with professional obligations to which we are subject as a member of the Institute of Chartered Accountants in England & Wales (“ICAEW”);
- Use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;
- Enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen; and
- Contact you about other services we provide which may be of interest to you if you have consented to us doing so.
Lawful Basis for Processing
The processing of your personal data is necessary for the contract we have with you (Letter of Engagement) and legal obligations to which we are subject to (e.g. MLR 2017).
Categories of Personal Data Obtained
In addition to personal data obtained from yourself, and maybe your professional adviser(s), we sometimes obtain personal data from HM Revenue & Customs (“HMRC”) and Companies House to assist in the preparation of Accounts, Company Secretarial documents, Payroll, Reports and Tax Returns. When appropriate, we will request personal data from a previous Accountant/Tax Advisor to ensure a smooth handover of your affairs and to accurately prepare your Accounts, Tax Returns and other documents. Archer Associates and Archer Associates Finchley Limited does not purchase information about clients or potential clients. We do not obtain any data from people who access our website.
Recipients of Your Personal Data
We may share your personal data with:
- HMRC & Companies House;
- Any third parties with whom you require or permit us to correspond;
- An alternate appointed by us in the event of incapacity or death;
- Tax insurance providers;
- Professional indemnity insurers; and
- Our professional bodies (ICAEW in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).
If the law allows or requires us to do so, we may share your personal data with:
- The police and law enforcement agencies;
- Courts and tribunals; and
- The Information Commissioner’s Office (“ICO”)
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act. We will ensure that any third party that we deal with have shown us their privacy statements.
Retention Periods of Personal Data
In accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:
- Whilst you are a client of Archer Associates or Archer Associates Finchley Limited, it is our policy to retain our correspondence files and permanent data files whilst you are a client of ours and for 7 years thereafter. Except where we have a legal obligation to retain files for a specific period, you can request that the delete our correspondence files after you have ceased to be a client;
- Where Accounts and Tax Returns etc. have been prepared it is our policy to retain information for 7 years from the end of the tax year to which the information relates;
- Where ad hoc advisory work has been undertaken it is our policy to retain information for 7 years from the date the business relationship ceased; and
- Where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but should be deleted 7 years after the end of the business relationship unless you as our client ask us to retain it for a longer period.
Subject to the above, our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.
You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you for the appropriate time.
The Rights Available to Individuals
Subject to any overriding legal requirements, the GDPR provides the following rights for individuals:
- The right to be informed about our processing of your personal data;
- The right to request access of your data;
- The right to rectification of inaccurate and/or incomplete data;
- The right to erasure of your personal data;
- The right to restrict processing of your data;
- The right to data portability of your data; and
- The right to object to processing of your data.
There are rights in relation to automated decision making and profiling. Archer Associates and Archer Associates Finchley Limited are not involved in such activities.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law.
What Personal Data Do We Hold?
We hold personal data such as full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, national insurance number, tax reference number and financial details.
Where and How is Personal Data Secured?
We have computer systems to hold personal data in electronic format. We use commercial company secretarial, tax, payroll and accounting software supplied by ISCA Software Limited, Star Computers Limited and Wolters Kluwer Limited, plus Microsoft software. The computer systems are password protected and have professional malware and anti-virus software installed, which is up-dated regularly. We have a separate professionally installed firewall. Data is backed up regularly. Current paper-based data held in files and folders are held in lockable filing cabinets in locked offices.
Some data is held in cloud based systems which are regularly backed up and held in password protected environments. Some locations are outside the European Union but those companies have assured us that they comply with the same GDPR regulations that exist within the European Union
We may amend this privacy notice from time to time but the most up to date version of the privacy notice will be available on our website.
Your communication with us
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. We recommend that you always use the secure client area of our website to transmit your data to us. We will always transmit data to you in the same way. Once we receive your information, we make our best effort to ensure its security on our systems.
Name of the Responsible GDPR Officer
Mr Howard Archer
Please contact us to find out more.