CK understands that your privacy is important to you and that you care about how your personal data is used and shared online. This privacy statement describes how and why we collect and use personal data provided to us. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. CK Chartered Accountants processes personal data for a number of purposes and the means of collections, lawful basis of processing, use and retention periods for each purpose may differ.
How do we collect information from you?
We obtain personal data about you, for example, when:
- you request a proposal from us in respect of the services we provide;
- you or your employer or our clients engages us to provide our services and also during the provision of those services;
- you contact us by email, telephone, post or social media (for example when you have a query about our services); or
- from third parties and/or publicly available resources (for example, from your employer or from Companies House)].
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, address, telephone number, email address, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details, your IP address, which pages you may have visited on our website and when you accessed them.
How is your information used?
We may process your personal data for purposes necessary for the performance of our contract with you or your employer or our clients and to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing and business development.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:
• contact you by post, email or telephone
• verify your identity where this is required
• understand your needs and how they may be met
• maintain our records in accordance with applicable legal and regulatory obligations
• process financial transactions
• prevent and detect crime, fraud or corruption
How long is the information retained?
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. We will only keep your personal data for as long as is necessary to provide you with our services or comply with legislation.
We take the security of all the data we hold very seriously. We use reasonable and appropriate physical, technical and administrative procedures to safeguard the information we collect and process. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
When and how we share personal data and locations of processing
We will only share personal data with others when we are legally permitted to do so. When data is shared CK put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection policy.
Personal data held by us may be transferred to:
- Third party organisations that provide applications, data processing or IT services to us. We use third parties to support us in providing our services and to help provide, manage and run our internal IT systems, for example website hosting and management, data back-up and storage services. The servers powering and facilitating the IT infrastructure are located in secure data centres within the European Economic Area.
- Third party organisations that otherwise assist us in providing goods, services or information.
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable laws and regulations. There are times where we may receive requests from third parties with authority to obtain disclosure of personal data. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Your rights and how to exercise them
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.
Access to personal data
You have a right to access any personal data held by us as a data controller. This right may be exercised by emailing us at email@example.com. In accordance with applicable law we may charge for a request for information. We will respond to any requests for information within the legally required time limits.
Amendment of personal data
To update personal data submitted to us, you may email us at firstname.lastname@example.org. When practically possible, once we are informed that any personal data processed by us is no longer accurate we will make corrections.
Withdrawal of consent
Where we process personal data based on consent, individuals have the right to withdraw consent. We do not generally process personal data based on consent as we can usually rely on another legal basis. To withdraw consent to our processing of your personal data please email email@example.com or to stop receiving an email from a CK marketing list please click on the unsubscribe link in the relevant email.
Deletion of your information
You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained
- you have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below
- our use of your personal information is contrary to law or our other legal obligations
- we are using your information with your consent and you have withdrawn your consent - see ‘withdrawal of consent’above.
Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information
Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. You have the right at any time to require us to stop using your personal information for direct marketing purposes.
Other data subject rights
As well as the rights of access and amendment individuals may have other rights in relation to the personal data we hold, for example the right to erasure, to restrict or object to our processing of personal data and the right to data portability. If you wish to exercise any of these rights please send an email to firstname.lastname@example.org.
Whilst we hope you won’t ever need to, but if you do want to complain about our use of personal data please send an email to email@example.com
. We will look into and respond to any complaints we receive. You also have the right to lodge a complaint with the Information Commissioner’s Office at:
Information Commissioner's Office
Telephone - 0303 123 1113 (local rate) or 01625 545 745
Data Controller and contact information
The data controller is CK Chartered Accountants. If you have any questions about this privacy statement or how and why we process personal data please contact Mark Nicholls at:
CK Chartered Accountants
Castle Court 2
Changes to our privacy notice
We keep this privacy notice under regular review. Paper copies of the privacy notice may also be obtained by request to our Data Controller.
This privacy notice was last updated June 2018.