Purpose of This Notice
JE Miller Accountancy and Taxation Services Limited is committed to protecting your personal data. This privacy statement explains how we collect, use and protect your personal data when we deliver the services you have requested from us in accordance with the General Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK.
Definition of Data Controller and Data Processor
A data controller is the person or organisation that decides the purpose for which and the way in which any personal data is processed. A Data processor refers to the person or organisation which processes personal data on behalf of the controller.
The data controller is JE Miller Accountancy & Taxation Services Limited, The Gatehouse, 33 St Andrews Street South, Bury St Edmunds, Suffolk, IP33 3PH.
The data protection officer is Michael Miller who can be contacted directly at the address above or e-mail firstname.lastname@example.org. Mr Miller is our Data Protection Point of Contact and is responsible for any enquiries relating to this privacy notice or matters concerning your personal data.
Definition Data Processing
The meaning of data processing is defined as any operation performed on personal data whether by automated systems or not and includes collection, use, recording etc.
Information We Collect
You agree that we are entitled to obtain, use and process the information you provide to us to enable us to provide our services to you. The information we collect may vary depending on which services you engage us to perform. Types of personal information we may collect in the course of performing the agreed services on your behalf may include:
- Personal information (for example, your name, email address, mailing address, phone numbers, date of birth, address, gender, Unique Tax Reference number, National Insurance Number, Bank Account Details)
- Information relating to complaints or enquiries you make to us
- Information from other sources, included publicly available information, information provided by your employer or our clients.
We do not collect any special categories of personal data about you ( this includes details about your race or ethnicity, religious of philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions or offences.
How we collect your personal data
We collect your personal data when you engage us to perform our services for you and the direct interactions that result from that engagement such as:
- You contact us directly by e-mail, telephone, post or supply contact data and/or queries about our services via our website
- You visit our offices to discuss the services you wish us to provide or you request a proposal from us in respect of the services we provide
- From third parties such as your employer or publicly available resources such as Companies House
- Other direct interactions such as giving us some feedback
How your personal data is used
We will only use your data when permitted to do so by the law.
- We will process your personal data when there is a need to do so to enable us to perform the contract we have either entered into or intend to enter into with you.
- Verify your identity where this is required
- Contact you by post, e-mail or telephone
- We may process your personal data, without your knowledge or consent, when we need to comply with a legal or regulatory obligation (such as to prevent and detect crime, fraud or corruption).
- Understand your needs and how they may be met
- Process financial transactions
- Maintain our records in accordance with applicable legal and regulatory obligations
Change of purpose
We will only use your personal data for the purposes for which we collected it. Where we need to use your personal data for another reason, we will do so only in circumstances where we reasonably consider it is compatible with the original purpose. In the event we use your personal data for a different purpose, we will notify you of the legal basis that allows us to do so before commencement.
Sharing your Data
We will share your data with third parties when required to do so by the law, to administer the relationship between us or where there is another legitimate interest to do so for the purposes of completing tasks and providing services to you on our behalf. External third parties may include professional advisors and third party service providers such as IT and cloud services, professional advisory services, subcontractors and other associated organisations. Other external third parties with whom we may share your data include HM Revenue & Customs and other regulators and authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
We will not release your information to third parties unless you have requested that we do so or are required to do so by law.
Any third party service provider we use are required to take appropriate security measures to respect the security of your data and treat it in accordance with the law. Third-Party service providers are not permitted to use your personal data for their own purposes and they are only permitted to process your personal data in accordance with our instructions and for specified purposes.
Finally, we may share your personal data if we choose to sell, transfer or merge all or some of our business or assets.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
We do not transfer your personal data outside the European Economic Area (EEA)
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agent, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have implemented procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
Data retention periods will depend upon a number of factors such as :
- The requirements of our business and services provided;
- Relevant statutory or legal obligations
- The purposes for which the data was originally collected;
- The lawful grounds upon which we based our processing;
- They types of personal data collected;
- The amount and categories of your personal data;
- Whether the purpose of the processing could be achieved by other means.
Our normal data retention period for data received in connection with contracted services will be 7 years in line with regulatory requirements unless there is a legitimate interest for retaining that data for a longer period.
Under certain circumstances you have rights under data protection laws in relation to your personal data as follows:
- Request access to your personal data (known as a data access request). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it.
- Request Correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to object to processing (see below) .
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which make you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible. (Note this right only applies to automated information which you initially provided consent for us to use or where we used this information to perform a contract with you.)
You will not have to pay a fee to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive form us), you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please email our data protection point of contact email@example.com.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law.
Changes to this Notice
Any changes we may make to our privacy notice in the future will be updated on our website.
This privacy notice was last updated in May 2018.
If you have any queries regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please e-mail our data protection point of contact, Michael Miller (firstname.lastname@example.org) or telephone him on 01284 829900.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Chesire, SK9 5AF
Telephone 0303 123 1113 (local rate) or 01625 545 745 (national rate).
Website – https://ico.org.uk/concerns