Data Protection Policy – Wings Accountants Limited
In the course of our work, we need to collect and use certain types of personal information about the people and entities we deal with, such as current, past and prospective clients, suppliers and others with whom we communicate.
Client confidence in the lawful and correct treatment of their data is paramount to the success of our business. We therefore must be fully compliant with current data protection legislation.
From 25th May 2018, the relevant data protection legislation will be “GDPR” (“General Data Protection Regulation”, Regulation (EU) 2016/679.
We can confirm that our firm will be fully compliant with the GDPR requirements. This means that we will treat your data in a lawful and correct manner, but please also have the confidence to know that we uphold honesty & integrity meaning that should there ever be any ambiguity, we will always put our client’s confidentiality first and foremost above our own commercial gain.
Please note that client confidentiality is set aside in the case of a legal obligation to disclose certain matters to the relevant agency. An example of this would be that accountants are legally bound to report any suspicion of Money Laundering.
In accordance with best practice and guidelines for our industry, it is our intention to retain data of clients after termination of engagement for a period of up to 7 years after the date of termination. An example of the reason behind this is if a body such as HMRC were to commence an investigation into a tax return, we may have data which would be necessary to complete this investigation.
The main principles, which we will adhere to and which are in line with our legitimate interest, are as follows:
• Use – the data we hold is for the purpose of conducting our Chartered Accountants business – this consists of the usual services, including, but not limited to; accounts preparation, tax return preparation, VAT processing, bookkeeping, payroll.
• Necessity – we only obtain data which necessary for the fulfilment of our engagement with each client, considered on an individual basis to correspond with the particular qualities of each engagement, or to comply with any legal requirements.
• Inform – we will inform you of the purpose of our processing of your information
• Collection – we endeavour to only collect the data which we require for the full execution of our duties
• Accuracy – we will ensure that data is as accurate as possible, and if we are made aware of any errors in the information we hold, we will correct these.
• Right of access – for every individual/entity for which we hold data, they have a legal right to see the personal information we hold. Should you wish to do this, please make a written request, either by post or email. We reserve the right to charge a small administration fee should the gathering and dissemination of the information be sufficiently time and resource consuming to warrant such an administration fee.
• Safeguarding of information – we have taken steps to ensure the safe and secure transmission and storing of data. This includes, but is not limited to, email encryption, passwords, virus protection, anti-malware.
• Overseas transmission – at this point in time, our firm has no contact with any overseas body or organisation, therefore there is no transmission of any personal data outside the EU. If at any time, there becomes a need, please rest assured that suitable safeguards will be put in place to ensure the safety and security of all personal data to an equivalent standard as EU requirements.
As part of GDPR compliance, we have reviewed and audited how we handle personal information. Should the way in which we process or store personal information change, or in accordance with any change in legislation, we will review and audit this going forward.
Wings Accountants Limited Data Protection Officer is Andrew Wing LLB FCA, 07849 747703, 01822 669001.
The full data used in our Chartered Accountants firm is only accessible to Andrew Wing LLB FCA, Director, and Katherine Wing BSc MAAT, Manager. This policy has been drawn up by Andrew & Katherine together, and they are suitably responsible for the upholding of this policy.
Data may be transferred to external parties for the purpose of outsourcing, however, in accordance with GDPR requirements, the relevant client(s) will be asked for permission to transfer the necessary data. Only the necessary data (not all the data) will be transferred, and safeguards will be put in place to secure the transfer of data, and checks will be made to ensure data is treated in a GDPR compliant way with the third party.
If you would like a copy of this policy, please email firstname.lastname@example.org.