In accordance with the Data Protection Act 1998 and the General Data Protection Regulation (‘GDPR’) 2018 we are committed to ensuring that your privacy is protected. Aysgarth Accountants Limited t/a Aysgarth Chartered Accountants [Aysgarth] takes the security of your personal data and our legal responsibilities relating to your personal data very seriously.
Personal data is any information relating to an identifiable living person. Aysgarth processes personal data for numerous purposes. For each purpose the means of collection, lawful basis of processing, disclosure, and retention periods may differ.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This policy is effective from 2012 and has been updated to fall in line with the GDPR from 25 May 2018.
How do we collect information from you?
Information provided by you
We obtain information about you when you engage us to deliver our services and/or when you use our website, for example, when you contact us about our services. You provide us with personal data via completion of electronic forms, submission of data files or over the telephone. This may also include sensitive information received directly from you in relation to the performance of services we have been engaged to, or may be engaged to, carry out on your behalf.
We may also keep information contained in any correspondence you may have with us by post or by email or by other means.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity. This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from third party businesses that we believe to be reputable and that appear to operate in accordance with the GDPR.
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, address, telephone number, email address, your date of birth, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details, your IP address, which pages you may have visited on our website and when you accessed them.
How is your information used?
We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Performance of a contract: We may process your personal data to fulfil and manage the services that we have been engaged or may be engaged to provide to you.
Compliance of a legal obligation: We are required as engaged advisors to submit certain legal and personal information to HMRC to fulfil our clients legal and statutory obligations.
Legitimate Interest: We may process your personal data for the purposes of our own legitimate interests provided that those interests are not overridden by any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
The following is a list of typical situations in which we will use your personal data. We may use your personal data in order to:
Provide professional services
We provide a range of professional services. Some of our services require us to process personal data in order to provide advice and deliver our contract.
Administer, manage and develop our businesses and services
We process personal data in order to run our business, including:
- managing our relationships with client;
- developing our businesses and services (such as identifying client needs and improvements in service delivery); maintaining and using IT systems;
- hosting or facilitating the hosting of events; and
- administering and managing our website, our systems and applications.
Prevent and detect crime, fraud, corruption and high risk / restricted business
We have security policies and procedures in place to protect both our own and our clients’ information (including personal data). Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. As part of our engagement and acceptance procedures we carry out searches using publicly available sources. These searches are to check that there are no issues that would prevent us from working with a particular client, such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues.
Share information and news relating to our services or activities
We use contact details to provide information that we think will be of interest about us and our services. For example, other services that may be relevant and invitations to events/workshops run by Aysgarth.
Comply with any requirement of law, regulation or a professional body of which we are a member
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically five or six years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a period of seven years from the end of the period concerned.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Third Party Service Providers working on our behalf
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and ensure we have a lawful basis for doing so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security policies.
Personal data held by us may be transferred to:
- Regulatory authorities like HM Revenue & Customs (‘HMRC’) and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures;
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so;
- Third party organisations that provide applications/ functionality, data processing, administrative or IT services to us, to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based accounting software, identity verification, data, data back-up, security and storage services;
- Third party organisations that otherwise assist us in providing goods, services or information within our lawful basis for doing so but will never include sharing data for marketing purposes;
- Auditors, other professional advisers and pension administrators.
How you can access and update your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please write to us at the ‘Contact information’ noted below.
You have the right to ask for a copy of the information Aysgarth holds about you.
Security precautions in place to protect the loss, misuse or alteration of your information
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems, including encryption. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
As part of the services offered to you, the information which you provide to us will be stored within the EU. Occasionally however, data may be transferred to countries outside of the EU via the use of services utilised by our IT providers. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
We may occasionally contact you by post, email or telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us as indicated under ‘Contact information’ below.
Access to your information: You have the right to request a copy of the personal information about you that we hold.
Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information: You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained
- you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below
- our use of your personal information is contrary to law or our other legal obligations
Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Please contact us at the address set out in the ‘Contact information’ below if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on https://www.aysgarthaccountants.co.uk/privacy-policy.
This privacy notice was last updated on 11 June 2018.
The Data Protection Officer
Aysgarth Chartered Accountant
40A York Place
Leeds LS1 2ED
We seek to resolve directly all complaints about how we handle your personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office at
Information Commissioner's Office
Telephone - 0303 123 1113 (local rate) or 01625 545 745