Issued by Teesside Financial Accountants (TFA)
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data. This privacy statement explains how we collect and use personal information about you.
How we use your personal data
We use your personal data for the following purposes:
To enable us to supply professional services under the terms of our contract with you or your employer or as our client.
To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering Regulations 2017).
To comply with professional obligations to which we are subject as a member of The Institute of Financial Accountants (IFA).
To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
To communicate with you by post, email or telephone.
To contact you about services we provide which may be of interest to you, with your consent where required, unless you have specifically requested us not to.
If you do not provide your personal information
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
Source of personal data collected
Data may be collected from you or your personal representative, HMRC or other relevant sources, for example stockbrokers or banks that you may have authorised to provide data directly to us.
Persons/organisations to whom we may give personal data
We may share your personal data with:
any third parties with whom you require or permit us to correspond and parties that support us in providing our services to you.
tax insurance providers
professional indemnity insurers
our professional body, IFA, and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)
any organisation where the law allows or requires us to do so
Transfers of personal data outside the EEA
Your personal data may be processed outside the EEA. We will ensure all such data export is compliant with the relevant Data Protection Regulations by only using organisations where security measures equivalent to the EU regulations are in place in the relevant countries.
Retention of personal data
Our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.
Where we act as a data processor as defined in DPA 2018, we will delete or return all personal data to the data controller as agreed with the controller under the terms of our contract.
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:
You consider that we no longer require the information for the purposes for which it was obtained.
We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
Our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information
You have the right at any time to require us to stop using your personal information for our direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us at firstname.lastname@example.org if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by contacting Julia Gerrard at email@example.com.
This privacy statement was last updated on 18 February 2019.
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to Julia Gerrard at firstname.lastname@example.org.
If you are not happy with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).