SCOPE
This policy applies to RS Partnership Limited – Registered number 10633474 – Registered Office Riverside House, 14 Prospect Place, Welwyn, AL6 9EN – regulated by the Association of Chartered Certified Accountants.
The object of the Privacy Policy is to specify how we use any personal information we hold on an individual.
Personal Data is data which can be used to identify you. This may include, but is not limited to:
• Name and contact information (email address, telephone number etc)
• National Insurance number
• Unique Tax Reference number
• Payroll and accounting data
• Credit history
• Bank account number and sort code
Sensitive Personal Data includes genetic and biometric data such as:
• Medical conditions
• Racial or ethnic origin
• Photo ID’s
• Convictions
The Data Controller in these circumstances is the person or organisation deciding the purposes and the methods of processing personal data.
• Data Controller is RS Partnership Limited, Riverside House, 14 Prospect Place, Welwyn, AL6 9EN
• Data Protection Officer is Chris Drinkwater, Director, who can be contacted at the above address, via email – chris@rspartnership.co.uk – or via telephone – 01438 718118
Data Processor processes personal data on behalf of the Controller. The Data Processor can be a person or an organisation.
Data Processing is any action carried out on personal data, either automated or manual, such as:
• Recording
• Storing
• Amending
• Retrieving
• Making available
• Deleting
Business Data – PLC, Limited, LLP, trust and foundations, sole trader, partnership Consumer Data – Private clients, an individual
THE INFORMATION WE COLLECT AND HOW WE COLLECT IT
As a Data Controller RS Partnership is bound by the General Data Protection Regulations (GDPR).
As our client you agree to us using and processing the information you provide to us to fulfil the Services as laid out in our Letter of Engagement and Terms of Business. This will include:
• Updating and enhancing your records
• Statutory returns
• Legal and regulatory compliance
• Crime prevention
• Analysis for management
We collect information about you when you fill in our online forms, communicate via our
portal or via the post, and also via encrypted emails.
Any website information collected can be seen by a 3rd party that we use to maintain the website. This is only stored inline with our policies on holding data.
As with most websites we use cookies to collect information about people who have visited the site. This allows us to understand how our website is being used to enable us to make improvements for marketing and future user experiences. At any point you can turn these off for your own browser to stop this. Please note however that the full functionality may be restricted because of this.
We use Google Analytics to record visits to our website, checking time spent and specific pages viewed. The cookies do not include any personal information and none of the data is ever shared. You can view Google’s privacy policy at http://www.google.com/intl/en/policies/privacy/
IP Addresses are unique numerical addresses assigned to a computer as it logs onto the internet. There is no access to personally identifiable information, this is just used to track how many visitors we have in different regions.
Internet based advertising – Linkedin, Facebook and Twitter. There are tracking codes installed for these on our website to monitor our advertising effectiveness, however this tracking does not include any personal data.
HOW WILL WE USE THE INFORMATION ABOUT YOU AND WHY?
At RS Partnership we know that privacy is a serious matter and will only use personal information to provide Services requested from us and detailed in your Letter of Engagement and Terms of Business and as identified above. We will only use the information upon instruction from you, within data protection law and subject to our duty of confidentiality.
For Business to Business Clients and Contacts our lawful reason for processing personal information will be ‘legitimate interests’. This means we can process personal information if we have a genuine and legitimate reason for so-doing and are not harming your rights or interests,
For Business to Consumer Clients and Contacts our lawful reason for processing personal information will be ‘a contract with the individual’ eg to supply goods and services requested or to fulfil obligations under an employment contract. This also includes actions taken at your request before entering into a contract.
We receive personal data for the purposes of money laundering checks, such as photo ID and proof of address. This can be things like a bank statement or passport. This data will solely be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your consent.
In our dealings with you we may need to pass your information to our third-party service providers, agents, subcontractors or other organisations in order to complete tasks and provide services to you on our behalf. As and when we use third party service providers we only disclose information that is necessary to deliver the services and we have contracts in place which require such third party providers to keep your information secure and never to use it for their own marketing purposes.
As previously mentioned we collect information from our website. This is to:
• Process enquiries
• Administrate event registrations
• Give advice
• Improve our services or the website itself
If you agree we will also use this information to share updates with you about any of our
services we believe may be of interest to you.
We will not, under any circumstances, share your information for marketing purposes with companies to enable them to offer you their products and services.
TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE
As part of the services offered to you, certain information given to us which is held with large third parties like Microsoft (Office 365) and Xero will transfer to countries outside of the European Union (‘EU’). These companies are GDPR Compliant. It is not a requirement to store information in the EU, only that if it is transferred/held outside then appropriate security policies must be in place to ensure compliance. With storage in the US there is the EU-U.S. Privacy Shield Framework which ensures compliance.
Xero – https://www.xero.com/uk/campaigns/xero-and-gdpr/
Microsoft – https://www.microsoft.com/en-us/trustcenter/privacy/where-your-data-is- located
SECURITY PRECAUTION FOR DATA COLLECTED
With all personal information we take steps to ensure that it is treated securely. Any sensitive information is encrypted and protected.
Non-sensitive details (email addresses etc) are sent normally over the internet and this can never be guaranteed to be 100% secure. Whilst we strive to protect your personal information we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information we will make our best effort to ensure its security on our systems. Where we have given, or you have chosen, a password which enables you to access certain areas and documents you are responsible for keeping this password confidential. We ask you not to share your passwords with anyone.
PROFILING
We may analyse your personal information, together with any extra information which may become available, to create a profile of your interests and preferences in order to contact you with information relevant to you. This is to help us provide you with a more bespoke service and hopefully not contact you unnecessarily.
We may also use personal information to aid in the detection of fraud or to cut credit risk.
MARKETING
We would like to send you information about services which might be of interest to you. If you have consented to receiving a certain type of marketing you may later opt out at any point as set out below.
You have a right to stop us contacting you for marketing purposes at any time. To opt out please email admin@rspartnership.co.uk
HOW LONG WILL WE HOLD YOUR DATA?
• Marketing. We will hold your data for a period of 6 years with a review every 3 years. You have the right to opt our or update or delete data at any point and details are set out in this policy on how to do that.
• Contracted Services. We will hold your data for 7 years in line with regulatory requirements.
ACCESS TO YOUR INFORMATION, CORRECTION, PORTABLITY AND DELETION
A Subject Access Request is your right to request a copy of the information we hold about you. If you would like a copy of some or all of your personal information in the first instance please email or write to us at the following address: Chris Drinkwater, RS Partnership Ltd, Riverside House, 14 Prospect Place, Welwyn, AL6 9EN.
We want to ensure your personal data is accurate and up to date. You can ask us to correct or remove information you think is incorrect by emailing admin@rspartnership.co.uk or writing to the above address.
Objections to processing of personal data are your right if you feel you have grounds to do so. We can only deny your request if we can show compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
Data portability. You also have the right to receive personal data which you have given to us in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without delay from the current controller if:
A the processing is based on consent or on a contract and
B the processing is carried out by automated means.
You have the right to be forgotten. Should you wish us to completely delete all information that we hold about you
• Email admin@rspartnership.co.uk
• Or write to Chris Drinkwater, RS Partnership Ltd, Riverside House, 14 Prospect Place, Welwyn, AL6 9EN
OTHER WEBSITES
Our website includes links to other websites. This privacy policy only applies to our website. When you link to other websites you should read their privacy policies.
COMPLAINTS
If you feel that your personal data has been processed in a way that does not meet the GDPR you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will keep you informed of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
CHANGES TO OUR PRIVACY POLICY
We may review our privacy policy when it is necessary however will ensure to communicate any update. This privacy policy was last updated on 9 May 2018.
This is currently version 1.0.
HOW TO CONTACT US
If you have any questions regarding our privacy policy or information we hold about you please contact us:
• Via email admin@rspartnership.co.uk
• Or write to Chris Drinkwater, RS Partnership Ltd, Riverside House, 14 Prospect Place, Welwyn, AL6 9EN