This policy together with our Terms and Conditions sets out the basis on which any personal data we collect about you (our client) will be stored and used by us. This is consistent with the requirements of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (hereafter “GDPR”).
Why do we collect information?
- We are obliged to collect information about all our clients to satisfy the requirements of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (hereafter the “ML 2017 Regs”) and
- We collect information that we need to provide our services to you, specifically to complete your UK tax returns.
What information do we collect?
- We collect ID material and other information in the public domain
- We collect your financial data in so far as it is required to complete a UK tax return or advise you as requested
- We collect your contact information
Where do we get information about you?
- You, our client
- Your agents (letting agent, solicitor, lender etc)
- Other authorised parties
What will we use this information for?
- Satisfying our obligations arising under the ML Regs 2017
- The preparation of your accounts
- The completion of your UK tax returns
- Undertaking any other assignment you have instructed
- Corresponding with you
- Corresponding with other parties at your request
To whom will we disclose this information?
- You, our client (you have a right of access to our records concerning you at any reasonable time)
- H. M. Revenue & Customs (HMRC) and other UK government bodies
- Other parties where required to do so by order of the Court
- Veriphy Ltd (who do not have access to financial data). They provide an ID verification service to assist us comply with ML 2017 Regs.
- Other parties but only with your express approval
Who else might have access to this personal information?
- A very small number of our suppliers of services; we are particularly careful to restrict access to your personal data. We do this by controlling the very small number of organisations that need to see it, we restrict access to a single record where possible, and we anonymise this record where possible. While it is possible that our suppliers could occasionally have wider access to the data, we have obtained confirmation that they will not do so and that they recognise their obligations under the GDPR. It is in the nature of all email correspondence that your Internet Service Provider and our Internet Service Provider could have access to any transmitted data.
Why do these suppliers need the information?
- To fix software problems
- To fix hardware problems
- To conduct ID and passport verification in connection with our obligations under ML 2017 Regs
- To provide a bulk mailing service that we use for our newsletter distribution (name and email address only)
- To process or transmit the data
Where is my data stored?
We do not use a public cloud and we believe that using a private cloud enhances our security. The server on which the data is stored and the backup are both in the UK.
What are the risks?
We correspond with our clients by email. Emails may not always be secure. We cannot control the route an email takes to get to a client and where the client is outside the EU it follows that his or her personal data will travel by email outside the EU. In the first instance this is when it is sent to us by the client.
You should bear in mind that your ownership of property in the UK is a matter of public record because your title is registered at H. M. Land Registry (HMLR) which is accessible to the public.
Do I have a right to be forgotten?
Under the GDPR you have the right to ask for the personal information we hold about you to be deleted. However the nature of our work dictates that this is very restricted. We will retain sufficient data to support the contents of your tax returns for at least six years. Furthermore the ML 2017 Regs require us to retain personal information about you until six years after we have ceased acting for you. In practice this means that there is very little that can be deleted.