This policy is issued by Grineaux Accounts Limited on behalf of itself and it’s related company, Grineaux Accountants (Holdings) Limited, and is addressed to it’s customers, their employees, and other recipients of our services. This policy may be amended or updated from time to time to reflect changes in our practices with respect to processing of personal data or changes in applicable law.
2. Processing your Personal Data
Collection of personal data: We collect personal data about you from a variety of sources;-
• We obtain your personal data when you provide it to us, either at meetings, via email, by telephone or by other means
• We collect your Personal Data in the ordinary course of our relationship with you, through managing your accountancy affairs
• We collect Personal Data that you have made public, such as websites where data is freely available such as Companies House
• We receive Personal Data from Third Parties who provide it to us e.g. our customers, their employers, and government agencies
Relevant Personal and Sensitive Personal Data: The categories of Personal Data about you we process are as follows;-
• Personal details: given name(s); preferred name(s); nickname(s); gender; date of birth; marital status; national insurance number; unique tax payer reference; passport number; nationality; images of passports, driving licences and signatures;
• Family details: names and contact details of family members
• Contact details: address; telephone number(s); email address
• Employment details: employment status, employed or self employed; business activities; name of business; names of current and former employers; work address; work phone number; work email address; employer’s tax reference
• Financial details: billing address; bank account numbers; accountholder name and details
• Electronic Identifying Data: log on details; passwords
Processing your Sensitive Personal Data: We do not seek to collect or otherwise process your Sensitive Personal Data except where:
• The processing is necessary for compliance with a legal obligation
• The processing is necessary for the detection or prevention of crime including the prevention of fraud to the extent permitted by applicable law
• You have manifestly made those Sensitive Personal Data public
• The processing is necessary for the establishment, exercise or defence of legal rights or
• We have, in accordance with applicable law, obtained your explicit consent prior to processing your Sensitive Personal Data
Purposes for which we may Process your Personal Data and the legal bases for Processing: The purposes for which we may Process Personal Data, subject to applicable law, and the legal bases on which we may perform such Processing are:
Our lawful reason for processing your personal data is to supply goods and services that you have requested at the initial interview or to fulfil obligations under contract for our services. This may also include steps taken at your request before entering into a contract.
We also process your information to assist you in your compliance with applicable law concerning disclosure of relevant data to various governmental departments.
We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of money laundering and terrorist financing, or as otherwise subject to applicable law, or with your express consent.
Where our work requires us to pass your information on to a third party, such as mortgage references or other forms of business financing, we will only disclose the personal information with your express permission.
We collect information from our website and our app, we use this data to process your enquiry, give advice and improve our services. If you agree, we will also use this information to share updates with you about our services and updates relating to the latest changes in tax legislation.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
3. Disclosure of Personal Data to third parties
We may disclose your personal data to:
• You and, where appropriate, your family, your associates and your representatives
• Government including H.M. Revenue & Customs, legal, regulatory or similar authorities
• Debt collection agencies
• Anti fraud agencies
Any other disclose of personal data to third parties requires specific permission from our customers, or where appropriate their representatives. If we engage a third party Processor to Process your personal data the processor will be subject to binding contractual obligations to;
Only process the personal data in accordance with our prior written instructions and
Use measures to protect the confidentiality and security of the Personal Data together with additional requirements under applicable law.
4.International transfer of Personal Data
As we only have one establishment, based in the United Kingdom, we do not transfer personal data to other entities or third parties in other countries unless given specific permission by our customers.
Where we do transfer your personal data to other countries we do so on the basis that;
• We have taken suitable precautions to ensure security and confidentiality
• We use valid transfer mechanisms
5. Data Security
We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access and other unlawful or unauthorised forms of processing, in accordance with applicable law.
You are responsible for ensuring that any Personal Data that you send to us are sent securely.
6. Data Accuracy
We take reasonable steps designed to ensure that;
Your Personal Data that we process are accurate and where necessary kept up to date and
Any of your Personal Data that we process that are inaccurate (having regard to the purpose for which they are processed) are rectified without delay
From time to time we may ask you to confirm the accuracy of your Personal Data
7. Data Minimisation
We take reasonable steps designed to ensure that your Personal Data that we process are limited to the Personal Data reasonably required in connection with the purposes set out in this policy.
8. Data Retention
We take reasonable steps designed to ensure that your Personal Data are only processed for the minimum period necessary for the purposes set out in this policy. The criteria for determining the duration for which we will retain your Personal Data are as follows;
1) We will retain copies of your Personal Data in a form that permits identification only for as long as:
a) We maintain an ongoing relationship with you (e.g. where you are still a recipient of our services)
b) Your Personal Data are necessary in connection with the lawful purposes set out in this policy, for which we have a valid legal basis (e.g. where your Personal Data are included in a contract between us and your employer and we have a legitimate interest in
processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data)
2) The duration of:
a) any applicable limitation period under applicable law (i.e. any period during which H.M. Revenue & Customs, or any other entity, could bring a legal claim against you or ourselves in connection with your Personal Data; and
b) an additional three month period following the end of such applicable limitation period so that, if a claim was made we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim.
During the periods noted in paragraphs (2a) and (2b) above we will restrict our processing of your Personal Data to storage of and maintaining security of those data except to the extent that those data need to be reviewed in connection with any claim or obligation under applicable law.
Once the periods in paragraphs (1) and (2) above have concluded we will either;
• Permanently delete or destroy the relevant Personal Data, or
• Archive your Personal Data so it is beyond use
9. Your legal rights
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:
• The right to request access to, or copies of, your Personal Data that we process or control, together with information regarding the nature, processing and disclosure of those Personal Data;
• The right to request rectification of any inaccuracies in your Personal Data that we process or control
• The right to request, on legitimate grounds:
o erasure of your Personal Data that we process or control; or
o restriction of processing of your Personal Data that we process or control;
• the right to have your Personal Data that we process or control transferred to another Controller, to the extent applicable
• where we process your Personal Data on the basis of your consent, the right to withdraw that consent and
• the right to lodge complaints with a Data Protection Authority regarding the processing of your Personal Data by us or on our behalf
This does not affect your statutory rights.
11. Direct Marketing
We may process your Personal Data to contact you, primarily by mail or email, so that we can provide you with information concerning products and services that may be of interest to you provided that we have first obtained your consent, to the extent required by, and in accordance with, applicable law.
12. Contact details
If you have any comments, questions or concerns about any of the information in this policy please contact;
Grineaux Accountants Limited, 20 Market Hill, Southam, Warwickshire, CV47 0HF
For the purposes of this policy the relevant controllers are;
Grineaux Accounts Limited
14. Defined terms
The entity that decides how and why Personal Data is processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
Data Protection Authority
An independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
Information that is about any individual, or from which any individual is identifiable.
Process or Processed or Processing
Anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Any current, former, and prospective directors, officers, consultants, employees, temporary staff, individual contractors, interns, secondees and other personnel.
Any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller)
Sensitive Personal Data
Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, or any other information that may be deemed to be sensitive under applicable law.