For clients, suppliers, and contacts.
We request that you read our privacy notice carefully as it covers important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and regulatory authorities in the event you have a complaint.
When David Woodyatt & Co. Limited processes your personal data we are required to comply with the Data Protection Act 1998 (“DPA”) up to and including the 24th May 2018 and from the 25th May 2018, the General Data Protection Regulation 2016 (“GDPR”) (the DPA and GDPR are together referred to as the “Data Protection Legislation”)
Who we are
David Woodyatt & Co. Limited are Certified Public Accountants regulated by the Certified Public Accountants Asscociation. We collect, use and is responsible for certain personal information about you in course of our business with you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom). We are also the data controller of that personal information for the purposes of those laws.
Information collected by us
In the course of our business dealings as the providers of professional services, we collect the following personal information when it is provided to us and categorized as below:
- Clients: Contact details (individual name, business address, telephone number and/or email address, date of birth), financial details, information pertaining to clients’ personal circumstances, and data to prove clients’ identity, as provided to us by our clients;
- Suppliers: Contact details of suppliers who provide/have provided goods or services to us as individuals or on behalf of their employer’s business (“the Supply Contract”);
- Contacts: Contact details of individuals who are or have been connected with us and have given personal information to enable us to stay in contact with them.
Information collected from other sources
We collect information available on public records (e.g. Companies House, client’s website), we do not obtain personal information from any other sources except information transferred and or requested by us from client’s previous accountants and tax advisors.
How we use your personal information
If you are our Client and you have given us or we have gathered your own data we just utilize that information to empower us to provide our services to you;
If you are our Supplier and you have given us individual data we just utilize that information to empower us to get in touch with you in connection and to the degree of our Supply Contract;
If you are our Contact (counting previous customers) we just utilize the individual data you have given to us to get in touch with you about our administrations and other data about our association that we accept will be applicable and important to you.
Who we share your personal information with
We don’t routinely share individual data. On Clients’ directions, we may need to share individual data where the administrations we give include a distinguished outsider provider in which case we will find a way to guarantee that any data shared will be constrained to what is vital for the particular reason and might be prepared as per GDPR standards.
We will share personal information with law enforcement or other authorities if required by applicable law.
We do not transfer any of your personal data to third parties without your prior consent. We will use your personal data within our organization, our subcontractors, and any associates. We will take reasonable steps to ensure that any information shared with our subcontractors and associates will be limited to what is necessary for the specific purpose. We will have a strict confidentiality agreement with them and would have made necessary checks about their data protection policy.
How long your personal information will be kept
If you are our Client we will retain your personal data for so long as you continue to be a client of David Woodyatt & Co. Limited;
If you are our Supplier we will hold your name and address (incl. email and phone) for up to 7 years after the Supply Contract is finished and past that we will just keep that data for inasmuch as we sensibly figure we may need to get in touch with you about further, comparable products and ventures that you may have the capacity to supply to us;
If you are a Contact (counting previous customers) we will hold your contact points of interest just for inasmuch as we sensibly consider that the data we may give to you is significant to and important to you and we will erase your contact subtle elements in the event that you request that us not keep on sending such data to you or whenever on the off chance that we have the
motivation to surmise that the data is outdated. We will, for the most part, keep your own information for a time of 7 years after you last reached us.
Reasons we can collect and use your personal information
If you are a Client we depend on the way that it is essential for us to have and to utilize that data for the execution of our agreement with you as the legitimate premise on which we gather and utilize your own information.
If you are a Supplier we likewise depend on our authentic advantages as the legitimate premise on which we gather and utilize your own information (notwithstanding authoritative need). Our authentic advantages in such manner are two-overlap. Right off the bat, we may need to reach you about the Supply Contact. Also, we may need to get in touch with you about further comparable merchandise and administrations.
If you are a Contact (counting previous customers) we depend on our true blue interests as the legal premise on which we gather and utilize your own information. Our genuine advantages are to keep you educated of our occasions, administrations and other data about our association we sensibly consider may hold any importance with you. This will be restricted to data sent to you by email to your business email address and with each correspondence, you will be given a reasonable and clear alternative to quitting facilitate interchanges and to request that we erase the individual data that we hold about you. We have considered the danger of mischief to your protection rights and to your information security and have inferred that the hazard is negligible given (I) the kind of information (your contact subtle elements) that we procedure for this reason, (ii) the strategy, volume and substance of the correspondences that we may send to you (which will be neither unnecessary nor liable to cause offense) and (iii) your entitlement to quit assist interchanges and to request that we erase your data from our records whenever any unrequested contact by electronic correspondence to an individual (not business) record will regard your own e-security rights by being confined to the utilization of e-contact points of interest that you furnished to us regarding the supply by us to you of administrations that you paid us for or enquired about beforehand and restricted to the same or comparable services.
The result of our utilization of your own data
We don’t trust that there are probably going to be any genuine outcomes to you of our utilization of your own data. The potential outcomes that we have distinguished are:
The danger of the individual data that we hold about you being unintentionally lost, or utilized or got to in an unapproved way. We have found a way to ensure against this (please observe additional data under the heading “Keeping your own data secure” beneath).
You may, occasionally, get spontaneous correspondences from us. Be that as it may, we don’t trust that the recurrence, substance or way of these interchanges will chance any rupture of your protection rights
Transfer of your information out of the EEA
For the most part, we don’t plan to exchange your data out of the EEA. Be that as it may, once in a while we may utilize MailChimp as a way to get in touch with you about imperative data. This will include a portion of your own information (name and email address) being exchanged outside the EEA to the United States. MailChimp ensures to the Privacy Shield structure.
Under the General Data Protection Regulation, you have various important rights complimentary. In synopsis, those incorporate rights to:
- fair handling of data and transparency over how we utilize your personal information
- access to your own data and to certain other supplementary data that this Privacy Notice is as of now intended to address
- require us to remedy any oversights in your data which we hold
- require the deletion of individual data concerning you in specific circumstances
- receive the individual data concerning you which you have given to us, in an organized, generally utilized and machine-clear arrangement and have the privilege to transmit that information to an outsider in specific circumstances
- object whenever to the handling of individual data concerning you for coordinate showcasing
- object to choices being taken via robotized implies which create legitimate impacts concerning you or comparably fundamentally influence you
- objection in certain different circumstances to our kept preparing of your own data
- otherwise, limit our preparing of your own data in specific conditions
- claim remuneration for harms caused by our data protection breach
additional information on each of those rights, incorporating the conditions in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
On the off chance that you might want to practice any of those rights, please:
- email, call or keep in touch with us (contact subtle elements beneath),
- let us have enough data to distinguish you,
- let us have confirmation of your personality and address (a duplicate of your driving permit or passport and a current utility bill), and
- let us know the data to which your request relates to
- Keeping your personal information secure
We have proper safety measures set up to keep individual data from being coincidentally lost, utilized or got to in an unauthorized way. We constrain access to your own data to the individuals who have honest and genuine business need to know it. Those handling your data will do as such just in an approved way and are liable to an obligation of confidentiality.
We additionally have techniques set up to manage any speculated information security breach. We will inform you and any regulators of a presumed information security rupture where we are legitimately required to do as such.
How to complain
We believe that we can resolve any query or concern you may raise about the way we use your information.
If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website – https://ico.org.uk/concerns/
Changes to this privacy notice
This privacy notice was published in August 2018.
We may change this privacy notice from time to time when we do we will inform you via our website.
If you have any questions or would like more information about the ways in which we process your data, please contact firstname.lastname@example.org or you can write to:
David Woodyatt & Co. Limited, Chapel House, 22 Warrington Road, Lymm, Cheshire, WA13 9BG
Telephone - 01925 756817