PURPOSE AND SCOPE OF PERSONAL DATA WE COLLECT AND USE
The primary purpose why we hold and use personal data is because our business clients engage us to perform professional services which involves sharing personal data they control as part of that engagement. For example, we will review payroll data as part of an audit and we often need to use personal data to provide payroll services to clients. Similarly, directors, employees, suppliers or customers of our clients may provide us with their personal data on occasions to facilitate our work.
We may also obtain personal data directly when, for example, we are seeking to establish a business relationship, recruit staff, or participate in various business networks.
Routinely, we collect and use contact details (including professional details). On rare occasions we hold more sensitive information relating to health issues, or adverse information relevant to Anti-Money Laundering or similar regulatory obligations. Mainly this sensitive information is provided to us by clients or by credit reference agencies in the course of a professional engagement.
- Here is a list of personal data we commonly collect to conduct our business activities.
- Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address).
- Professional details (e.g., job and career history, educational background and professional memberships, published articles).
- Family and beneficiary details for insurance and pension planning services (e.g., names and dates of birth).
- Financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records).
- Email tracking information (e.g., computer communication records)
- CCTV at our offices may collect images of visitors. Our policy is to automatically overwrite CCTV footage within 30 days.
- We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include:
- Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
- Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information and, more generally
- Any information provided to us consciously and deliberately by our clients in the course of a professional engagement (including recording of telephone conversations).
We will only use your personal information to deliver the] services you have requested from us, and to meet our legal responsibilities.
Privacy notice for Chittenden Horley Ltd (continued)
How do we collect information from you?
We obtain information about you when you engage us to deliver our services and/or when you use our website, for example, when you contact us about our services.
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, address, telephone number, email address, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details, your IP address, which pages you may have visited on our website or when you accessed them, and the details (date and time and IP address) relating to your reading of emails and attachments we sent to you.
How is your information used?
In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:
- contact you by post, email or telephone
- verify that you have opened our email communications and attachments
- understand your needs and how they may be met
- maintain our records in accordance with applicable legal and regulatory obligations (for example to prevent and detect crime, fraud or corruption)
- process financial transactions
- provide better evidential support for our work and in interpreting your instructions
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically five or six years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a period of seven years from the end of the period concerned, unless legislation or grant conditions require us to retain the information for longer.
Who has access to your information?
The employed staff of Chittenden Horley Limited are the main users of your personal information. All staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
We will not share your information with third parties for marketing purposes. However, third parties will have access to your data in the following ways.
- Directly In connection with the services that we deliver to you
We may pass your information to our third-party service providers, advisers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example to process payroll or basic bookkeeping. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
- Various IT service providers who process and/or store electronic data on our behalf
We rely on various commercial IT service providers for the following purposes
- IT systems support and maintenance
- Website, Email and web-based application
- Data backup/sharing services
All commercial IT service providers that we use are reputable businesses and we ensure that in contracting such services that their data protection policies are compliant with the requirements of the GDPR.
Privacy notice for Chittenden Horley Ltd (continued)
How you can update and access your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email us at firstname.lastname@example.org
You have the right to ask for a copy of the information Chittenden Horley Ltd holds about you. Please email us at email@example.com if you wish to receive a copy of the personal information we hold on you.
Security precautions in place to protect the loss, misuse or alteration of your information
Whilst we strive to protect your personal information, we cannot absolutely guarantee the security of any information. We undertake periodic reviews of our data security policies and practices as part of our corporate risk management and these reviews encompass the following issues that are relevant to data security
- Physical security of data (paper and electronic) held at our offices
- Staff training in relation to data security awareness and practices
- Firewalls, software security updates and anti-virus provisions
- Data backups and retention policies
- Arrangements for allowing third party access to our data
Your data is processed in our office in the UK. However, in addition to using our own in-house servers to store your data we routinely store your information on third-party servers located remotely and some of these servers are outside the UK. In all cases where data stored outside the UK, it is held under arrangements that comply fully with GDPR requirements.
We may contact you in future to ask you to decide whether or not to opt-in to receiving the following categories of information. If you decide to opt-in then, in addition to the foregoing uses of your data, you will be giving consent for us to use your data in connection with this purpose
- Marketing material about particular services we might offer to you
- Newsletters containing content that is relevant to your situation
- Invitation to events that we consider might be relevant to you
We may occasionally contact you by post / email / telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us as indicated under ‘Contact information’ below.
Access to your information: You have the right to request a copy of the personal information about you that we hold.
Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Privacy notice for Chittenden Horley Ltd (continued)
Deletion of your information: You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained
- you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below
- our use of your personal information is contrary to law or our other legal obligations (for example if we are using your information with your consent and you have withdrawn your consent - see ‘Withdrawing consent to use your information’ below.
Restricting how we may use your information:
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information: If you decide, at any time, to revoke your consent for any of the uses to which we put your personal information, then we will comply with your request - except where we are under an overriding obligation to continue using it (for example in relating to statutory reporting obligations).
If the effect of withdrawing consent is such that we are no longer able to provide an effective service to you, we will advise you accordingly. This situation would not apply if you only required that we should stop using your personal information for direct marketing purposes
Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in ‘Contact information’ below if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on www.chltd.co. Paper copies of the privacy notice may also be obtained on request, please email firstname.lastname@example.org or write to the Data Controller, Chittenden Horley Limited 456 Chester Road Manchester M16 9HD.
CONTACT INFORMATION SUMMARY
Purpose of communication
General enquiries regarding personal data
Chittenden Horley Limited
456 Chester Road
Manchester M16 9HD
Request for data held by us on you
Withdrawal or modification of consent for use of your personal information, or request to correct errors in data
This privacy notice was last updated on August 14 2018.
's where you can enter in text. Feel free to edit, move, delete or add a different page element.