Spencer Hyde Limited take the issue of your Privacy very seriously. Which is why we work hard to ensure we have policies and procedures in place to not only help your business, but to do so in a way which is respectful to your rights. The following privacy policy notice explains what personal data we collect from you, or that you provide to us, how we process it, who we may share data with, email updates and marketing news we may send to you. This notice also explains how we do this and tells you about your privacy rights and how the law protects you.
Our Commitment to Data Privacy
We at Spencer Hyde Limited believe in and are fully committed to respect the privacy of our customers. The personal data you share with us is given on trust and is a privilege we take seriously. As such we are committed to compliance with the General Data Protection Regulations (GDPR), which came into effect on May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, and we have been working hard to ensure that we are evolving with these developments.
We do not sell your personal data and we let you decide how to receive our news and marketing information.
We act as data controller as well as data processor. For the purpose of data protection legislation, Spencer Hyde Limited, 272 Regents Park Road, Finchley, London, N3 3HN is the data controller and data processor.
Who we are and what we do
We are a firm of accountants and registered auditors.
Our offices are located at the following address: 272 Regents Park Road, Finchley, London, N3 3HN.
You can find more about us at www.spencerhyde.co.uk
Data Protection Officer
The data protection officer (DPO) is responsible for overseeing the implementation of this policy, monitoring our compliance with data protection law, and developing related policies and guidelines where applicable.
They will provide an annual report of their activities directly to the Directors, and where relevant, report to the board their advice and recommendations on data protection issues.
The DPO is also the first point of contact for individuals whose data the firm processes, and for the ICO
Our DPO is Antony Youselli
Data Protection Principles
The GDPR is based on data protection principles that our firm must comply with.
The principles say that personal data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary for the purposes for which it is processed
- Processed in a way that ensures it is appropriately secure
This policy sets out how the firm aims to comply with these principles
Purpose of processing and the legal basis for processing
A legitimate interest is when we have a business reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Below is a list of all the ways that we may use your personal information as accountants, auditors and tax advisors, and which of the reasons we rely on to do so.
| What we use your personal information for | Our reasons | Our legitimate interests |
|---|---|---|
| Tax Returns / Consultancy
· Personal · Sole Trader / Company |
· Your consent
· Fulfilling engagement letters and standard terms of businesses · Money laundering regulations · Our legitimate interests · Our legal duty · Professional indemnity insurance · Financial promotions · Dealing with HMRC |
· Keeping records up to date
· Seeking consent when we need to contact you · Complying with regulations that apply to us · Improving how we deal with financial crime, as well as doing our legal duties in this respect · Being efficient about how we fulfil our legal and contractual duties |
| Company Secretarial | ||
| Accounts
· Self Employed · Rental · Business |
||
| Payroll | ||
| VAT | ||
| Other Activities
· National Insurance · Tax Investigations |
||
| Website
· Marketing · News Updates |
||
| · To manage our relationship with you or your business
· To develop new ways to meet our clients’ needs and to grow our business · To provide advice or guidance about our services · To manage how we work with other companies that provide services to us and our clients · To deliver of our products and services · To collect and recover debts that is owed to us · To respond to complaints and see to resolve them · To exercise our rights set out in agreements or contracts |
||
Grouping personal information
We may use different kinds of personal information and group them together like this
| Description | |
|---|---|
| Financial | Completion of tax returns, accounts etc |
| Contact | Where you live and how to contact you |
| Socio-Demographic | This includes details about your work or profession, nationality etc |
| Transactional | Details of your income, expenses, benefits, investments etc. when compiling tax returns, accounts etc. |
| Contractual | Details about the products or services we provide to you |
| Locational | Data we get about where you are for tax and accounting purposes |
| Communications | What we learn about you from letters, emails and conversations between us |
| Social Relationships | Your family, friends and other relationships |
| Open Data and Public Records | Details about you that are in public records, such as companies house |
| Documentary Data | Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate ie. Money laundering checks |
| Special types of data | The law and other regulations treat some types of personal information as special. We will only collect and use these types of data for tax purposes:
· Racial or ethnic origin · Trade union membership · Health date including gender · Criminal convictions and offences |
| Consents | Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, how you wish us to send compliance etc. |
| National Identifier | A number or code give to you by a government to identify who you are, such as a National Insurance Number, UTR |
Where we collect personal information from
We may collect personal data information from you, your business, other companies you may have dealt with etc, in order to fulfil our services we conduct on your behalf
Data you give us:
- When you enlist for one of our services
- Communication via telephone, emails and letters
- At events
Data we collect when you use our services:
- Profile and usage data: this includes when setting you up as a client to identify you when enlist in one of our services
- Income, expenses, benefits, investment
- Payment information
Data from third parties:
- Banks
- Financial advisors
- Previous accountants
- Social networks and internet searches
- Lawyers and solicitors
- Public information such as companies house
- Companies that introduce you to us
- Agents working on your behalf
- Government and law enforcement agencies
Who we share your personal information
- Yourself, (spouse, issue, other family member or relative etc. with your consent0
- Businesses ie. The individuals own company, assistants, PA’s
- Our website
- Successor accountants
- Banks
- Remote partner outside of the UK
- Financial advisors / institutes
- HMRC and other government regulators and authorities
- Fraud prevention agencies
- Credit reference agencies
- Lawyers and solicitors
- Companies that introduce you to us
- Companies we have a joint venture or agreement to co-operate with
- Companies that we introduce you to
- Companies you ask us to share your data with
How we use your information to make automated decisions
We sometimes make decisions based on the information we have. This helps improve the efficiency of our services we conduct on your behalf based on what we know. Any major decisions we will contact you for your consent before proceeding.
Here are some examples of automated decisions we make:
- Correcting PAYE coding notices
- Obtaining rental agent statements
- Obtaining pensions and financial investments for completion of tax returns
- Reducing tax payments on account
- National insurance deferment or overpayment
- Money laundering checks
Fraud Prevention Agencies (FPAs)
We need to confirm your identity before we provide our services to you or your business. Once you have become a client of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We may use Fraud Prevention Agencies to help us with this.
Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law, or for a ‘legitimate interest’.
A legitimate interest is when we have a business or commercial reason to use your information. This must not unfairly go against what is right and best for you.
We will use the information to:
- Confirm identities
- Help prevent fraud and money-laundering
- Fulfil any contracts you or your business has with us
We or any FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
FPA’s can keep personal information for different lengths of time. They can keep your data for up to six years if they find a risk of fraud or money-laundering.
Sending data outside of the EEA
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with the data protection law.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform our services to you. Any data collection that is optional would be made clear at the point of collection.
How long we keep your personal information
We will not hold your data longer than necessary unless we have been given specific instruction by the individual or we feel required for professional indemnity.
How to get a copy of your personal information
You can access your personal information we hold by contacting your managing partner by phone, email or post.
Letting us know if your personal information is incorrect
If you think the information we hold about you is incorrect or needs updating, please do not hesitate to contact us. We will take reasonable steps to check its accuracy and correct it.
What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.
There may be a legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
Please contact us if you object how we use your data or ask us to delete it or restrict how we use it.
How to complain
You also have the right to complain to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk
Contact
We hope that we have shared with you all the information you need, but in the event that we haven’t, or if you have any questions then please do not hesitate to contact us at: info@spencerhyde.co.uk