Updated May 2018
This document sets out the basis on which any personal data that we hold for you will be processed by us, in order to comply with your Subject Access Rights under The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
Personal Data we may hold
The types of personal data that we hold may include the following:
d. Date of Birth
e. National Insurance Number
f. Tax Reference Number
g. Bank details/Utility Bill
h. Identity Documents (ie Passport/Driving Licence)
How we collect data
We will, in most cases, collect data directly from you. Some data will be created internally, for example uniquely identifiable client codes. H M Revenue & Customs, Companies House, external Due Diligence Companies and Experian are examples of external sources from which we may obtain personal data.
The Legal Basis for processing your data
We will process your personal data to carry out our obligations in accordance with the contractual agreement that we have entered into with you, for which you have provided your consent and information at the point of engagement, for us to process your personal data in the course of providing our services to you.
If at any time there is a need for us to obtain your express consent to process your data we will contact you to obtain your consent, explaining the actions we wish to take and why.
There will be circumstances where we are legally obliged to process your data, specific examples of this would be responding to the requirements of HM Revenue & Customs or to undertake the Due Diligence process requirements.
Where your data will be stored and who can access it
Your personal data in electronic format is stored on our secure server, on secure servers on the cloud and by paper files that are held at our offices. Your personal information will only be accessed by authorised employees to allow them to perform their specific duties. We will use strict procedures and security measures to try to prevent any unauthorised access to or accidental disclosure of your data.
Accuracy of Information
It is your responsibility to notify us of any changes to your personal data during the period we supply services and goods to you. We will ensure that any changes to data are amended as soon as you notify us of them.
It is our normal practice to retain documents relating to client dealings for 6 years. Documents which are more than 6 years old (unless separate arrangements have been made) will be destroyed without reference to you.
There are certain statutory obligations relating to the retention of some documents.
The right to request access the persona data we hold for you.
Please email your request to firstname.lastname@example.org
The right to have your personal data corrected or updated
The right to restrict the processing of your personal data. This will suspend the processing of your data to allow you to confirm the reason for it being processed or to check the accuracy of the data.
The right to be forgotten.
You can request to have your personal data deleted. This right will be subject to certain statutory requirements for us to retain certain records. In the event you wish to exercise your right to be forgotten we will provide you with details of any exceptions.
The right to withdraw your consent
You can withdraw your consent to our processing your personal data (subjects to any statutory exceptions) which will terminate our supply of goods and services to you.
The right to complain to the Information Commissioner’s Office (ICO). If you are concerned regarding the handling of your personal data you have the right to complain to the ICO, the supervisory authority in the UK.