What is the purpose of this notice?
To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR).
What we need
Voisey & Co will be what’s known as the “Controller” of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). This does however include name, address, e-mail, telephone number, financial information, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details
Why we need it
We need to know your basic personal data in order to provide our agreed services in accordance with our agreed letter of engagement between you or your employer and us. We will not collect any personal data from you we do not need to provide and undertake this service to you.
What we do with it
We only ever use your personal data with your consent, or where it is necessary:
- to enter into, or perform, a contract with you
- to comply with a legal duty
- to verify your identity where required
- to understand your needs and how they may be met
- to protect your vital interests
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we will only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our websites
- to provide postal communications which we think will be of interest to you
- to determine the effectiveness of promotional campaigns and advertising.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so please click here. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
Where we keep it
- We are based in the UK and we store our data within the EU.
- We will not sell or rent your information to third parties.
- We will not share your information with third parties for marketing purposes.
- All our staff with access to your information have a duty of confidentiality under the ICAEW ethical standards under which Voisey & Co is required to follow.
How long we keep it
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we will keep a record of your preference not to be e-mailed).
We continually review what information we hold and delete what is no longer required. We never store payment card information. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be ten years, subject to legislation, regulation and our insurance requirements.
Third Party Service Providers working on our behalf
As part of the services that we provide we may pass your information to our third party service providers, subcontractors, agents and associated organisations for the purposes of completing the services on your behalf. This may include basic bookkeeping, legal and specialist advice.
When third party service providers are used, we only disclose the personal that is necessary to deliver the service and we have suitable arrangements in place that requires them to secure your information and not to use for their own purposes.
Unless required to do so by law, by a court order or for the prevention and detection of crime, fraud or corruption we will not release your information to third parties other than in the course of the services that we provide.
What we would also like to do with it
We would, however, like to use your name and e-mail address to inform you of our future offers and similar products. This information is not shared with third parties and you can unsubscribe at any time via phone, e-mail or on our website. Please indicate below if this is something you would like to sign up to.
Please sign me up to receive details about future offers from Voisey & Co.
We take every precaution to protect your personal data including:
- Using only EU based service providers
- Providing secure data transfer portals
- Adding passwords to relevant confidential documents
- Securing our office and physical data storage
Every effort is made to ensure the security on our systems and where password access is provided that you are responsible for keeping this password confidential and we ask for this not to be shared with anyone.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you wish to raise a complaint on how we have handled your personal data, you can contact Jonathan Urmston who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.