Purpose of this Policy:
Parker Hartley & Co is a York based firm of Incorporated Financial Accountants and Bookkeepers for whom taking care of our clients is of paramount importance.
Core to our business are personal interactions and we respect the privacy of every individual involved. This Policy sets out how we collect and use personal data, lets you know about your data protection rights and has been implemented for the reasons of lawfulness, fairness and transparency.
When we refer to “Parker Hartley & Co”, “Parker Hartley”, “we”, “our” or “us” in this Policy we refer to Parker Hartley and Co, 2 Waverley Street, The Groves, York YO31 7QZ, registered with the ICO as a Data Controller, ICO Registration Number Z9393959.
Personal Identifiable Information (PII) or Sensitive Personal Identifiable Information (SPII) is any information identifying a living person. Where we decide how and where to process personal data we are a Data Controller and where we process personal data on behalf of a Data Controller we are a Data Processor.
How we obtain your personal data:
Directly collected from you via the completion of electronic forms, data files, by email, telephone or post for the purposes of the performance of services we have been engaged, or may be engaged to carry out on your behalf. This means that our lawful basis for holding this personal data is for one or more of the following reasons:
• “Performance of a Contract” – the necessary holding and processing of personal information about or on behalf of our clients in order to deliver a contract
• “Legal obligation” – the requirement to process personal data in order to submit certain legal and personal information to HMRC to fulfil our clients’ legal and statutory obligations
• “Legitimate interest” – the processing of personal data in order to facilitate the effective and lawful operation of our business as Accountants, Bookkeepers and Tax Advisers
Indirectly from third parties as permitted by law including obtaining information to, for example, verify your identity. Only the information relevant for our purposes, including your name, address, email address, date of birth etc, will be obtained from reputable third party companies that operate in accordance with the UK Data Protection Act and EU General Data Protection Regulation.
How we use your personal data:
We use your personal data to provide, manage and fulfil those services we have been asked or may be asked to provide you with. We will take all reasonable steps necessary to ensure that your data is protected and kept securely in storage and in transit. We may process your information to enable us, amongst other things, to:
Provide Professional services: such as tax, payroll and financial advice (not investment advice) in order to fulfil our contracts
Manage our business: develop our business and services by identifying improvements in, for example, service delivery and client needs
Conduct security, quality and risk management activities: with security policies and procedures in place to protect both your and our information
Manage Client engagement: by collecting and holding personal data as part of our client acceptance and engagement procedures
Provide clients and potential clients: deliver information about us and our services which may be of interest by using your contact details
Comply with legal or regulatory requirements: by keeping certain records which may contain personal data to demonstrate that our services are provided in compliance with the legal, regulatory and professional obligations we are subject to
We will disclose or share personal data with third parties in order to comply with any legal or regulatory obligations or requests or to investigate actual or suspected breaches. When personal data is shared with third parties, this is done with contractual arrangements and security mechanisms in place to ensure protection and compliance with our data protection, confidentiality and securities policies.
We will never share personal data with any third party unless it is for lawful basis, nor will we share your personal data outside of Parker Hartley for marketing purposes.
Transfer of personal data outside the European Union (EU)
The information you provide to us will be held within the EU as part of the services provided to you. It may be necessary however, via the use of servers utilised by our IT providers, to occasionally to share data with suppliers or group companies located outside of the EU. Where this happens we apply additional safeguards to the data protection including an assessment of the adequacy of the third countries, Privacy Shield certification for US located entities where applicable and the use of European Commission approved model contracts where appropriate.
We will keep your personal data for as long as we need it to provide the services you have signed up for. We may also keep it to comply with our legal obligations, respond to queries and resolve any disputes to meet our legitimate interests and enforce our rights.
Personal data may be collected during our audit and file review processes and will be stored for a minimum of 7 years.
Our standard email retention period is 7 years.
Your Data Protection Rights:
With effect from 25 May 2018, The General Data Protection Regulation (GDPR) grants you certain rights over your personal data:
• The right to be informed – You have the right to be informed about the collection and use of your personal data
• The right of access – You have the right to have access to your personal data requesting it either verbally or in writing
• The right to rectification – You have the right for inaccurate or incomplete personal data to be rectified or completed and can request this either verbally or in writing
• The right of erasure – You have the right to have personal data erased also known as the “Right to be Forgotten” and this can be requested either verbally or in writing
• The right to restrict processing – In certain circumstances you have the right to request the restriction or suppression of processing of your personal data. Where processing is restricted we are permitted to store your personal data but not use it. This right can be requested either verbally or in writing
• The right to data portability – You have the right to obtain and re-use your personal data allowing you to move, copy or transfer it from one IT environment to another in a structured, commonly used machine readable format. This right only applies to information provided to a Data Controller and can be requested either verbally or in writing
• The right to object – In certain circumstances you have the right to object to your personal data being processed and the absolute right to stop the data being used for direct marketing. The objection can be made either verbally or in writing
In addition to the GDPR rights there are additional provisions for:
• Rights related to automated decision making or profiling – Solely automated decision making (making a decision by automated means without any human involvement) that has legal or similar significant affects on you and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision making process
• Consent – If consent has been given for your data to be processed, including electronic marketing communications, you have the right to withdraw that consent at any time either by using the unsubscribe options presented on email communications, verbally or in writing
Questions and Queries:
If you have a complaint about the use of your personal data please contact us by writing to the Data Protection Officer, Parker Hartley & Co, 2 Waverley Street, The Groves, York YO31 7QZ or email us at email@example.com
If your complaint is not resolved to your satisfaction you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the supervisory authority who regulates personal data in the UK. You can contact them by:
• Going to their website www.ico.org.uk
• Calling them on 0303 123 1113
• Writing to them at Wycliffe House, Water Lane, Wilmslow SK9 5AF