C & H STEDMAN
This Privacy Notice takes effect on 25 May 2018. It sets out the information summarised in the table of contents below:
- Who we are
- The categories of personal data we collect
- How that personal data is collected
- Our basis for processing your personal data and how we use that personal data
- Who we may share you data with
- Transfer and processing of your personal data outside the European Economic Area
- How long we will hold your personal data for
- Your rights
- Our communications, the Website and cookies
- Changes to this Privacy Notice
- How to contact us
1. Who we are
1.1 C & H Stedman (‘C & H’, ‘we’ or ‘us’) is a general partnership which provides accountancy and professional services covering the UK to UK and overseas clients.
1.2 We are:
(a) located at Noble House, Eaton Road, Hemel Hempstead, Herts, HP2 7UB
(b) responsible for the www.candhstedman.com website (‘Website’)
(c) for the purposes of the General Data protection Regulation EU 2016/679 (‘GDPR’) and UK data protection, the controller in respect of the processing described in this Privacy Notice; and
(d) registered with the UK Information Commissioner’s Office (Registration Number A8339223)
2. The categories of personal data we collect
2.1 We may collect the following categories of personal data about you:
(a) your name and contact information such as your home and / or business address, email address and telephone number;
(b) identity and biographical information including your nationality, date of birth, tax status, passport / national identity card details and country of domicile, your employment and employment history, job title and role, educational profile, interest and other information relevant to our provision of professional services.
(c) information in relation to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and other information necessary for processing payments and for fraud prevention purposes.
(d) an understanding of your goals and objectives and other information provided to us in connection with our provision of professional services.
(e) information about our meetings with you, in particular at our offices, and / or
(f) limited usage data relating to your viewing and accessing of our email marketing materials, and your marketing preferences (see Section 9 (Our communications, the Website and cookies) below).
2.2 Our provision of professional services may also require us to process special category data (including data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health and sexual life) and / or data relating to criminal convictions and offences (together ‘sensitive personal data’).
3. How that personal data is collected
3.1 We may collect your personal data or you may provide it to us through various means including from information:
(a) you provide to us when you meet us;
(b) about you provided to us by your organisation, agents, advisers, intermediaries or custodians of your assets;
(c) provided to us by our clients;
(d) you communicate to us by telephone, post, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
(e) collected when you complete (or we complete on your behalf) client engagement formalities or register for an event;
(f) drawn from publicly available sources or from third parties, for example when we need to conduct background checks about you;
(g) collected when you view or access our email marketing materials (see section 9 (Our communications, the Website and cookies) below); and / or
(h) collected otherwise in the normal course of providing professional services.
4. Our basis for processing your personal data and how we use that personal data
4.1 How we use your personal data will depend on whether you are a client, a representative of a client, a business contact, someone whose personal data we necessarily process as part of our provision of professional services, or otherwise. We may process your personal data for the following purposes:
(a) providing a proposal to you or your organisation in relation to the professional services we offer and for client engagement purposes (including the carrying out of background checks);
(b) providing professional services to you and / or our client (including research and advice, and associated advisory services);
(c) managing our relationship with you and / or our clients (including billing and financial management), for record-keeping purposes and more generally for the proper operation of C&H;
(d) dealing with any complaints or feedback you may have;
(e) monitoring and improving the performance and effectiveness of our services, including by training our staff;
(f) any other purpose for which you provide us with your personal data;
(g) the purposes set out in Section 9 (Our communications, the Website and cookies) below;
(h) seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;
(i) compliance with our professional obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (where such investigation complies with relevant law) and to comply with Court orders;
(j) safeguarding the security of our systems and communications; and / or
(k) for security purposes generally and to ensure the safety of our employees and visitors.
4.2 We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:
(a) the processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract with you;
(b) the processing is necessary for us to comply with our professional obligations;
(c) the processing is necessary for our legitimate interests (including the operation of C&H and the provision of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedom; and / or
(d) you have consented to the processing in question;
4.3 Where we process sensitive personal data, other lawful processing ground may apply, such as that the processing is necessary for the establishment, exercise or defence of legal claims (for example to protect and / or defend our property and rights, or those of our clients) or for reasons of substantial public interest; or where you have given us your explicit consent.
5. Who we may share your data with
5.1 We may share your personal data with:
(a) your organisation;
(b) with our client in the particular matter;
(c) third parties we engage to assist in providing our professional services, such as lawyers, other professional services firms, IT and other consultants, or advisers;
(d) intermediaries to whom we introduce you;
(e) third party service providers who provide business services to us;
(f) our own legal and professional services providers and insurers, where appropriate.
6. Transfer and processing of your personal data outside the European Economic Area
6.1 Very infrequently our provision of professional services may require us to transfer your personal data to countries outside the European Economic Area which may not provide the same level of data protection as within it.
6.2 We will ensure that any such transfer meets the requirements of GDPR.
7. How long we will hold your personal data for
7.1 We will retain your personal data for as long as is necessary to fulfil the purposes set out in the Privacy Notice.
7.2 In many cases this will mean that we shall retain your personal data for the same period as we retain your files or a copy of your files. Usually this will not be less than 7 years from the date that the relevant matter came to an end. In addition, we shall retain information obtained to meet our obligations under the anti-money laundering regulations for at least 5 years following the end of our business relationship with you.
7.3 Longer retention periods may be appropriate where, for example specific tax issues arise.
8. Your rights
8.1 Under GDPR you have the right to:
(a) obtain access to, and copies of, the personal data we hold about you and information about how we process it;
(b) require us to correct any inaccuracies in the personal data we hold about you;
(c) require, in certain circumstances, erasure of your personal data
(d) require us, in certain circumstances, to restrict our data processing activities;
(e) obtain from us the personal data you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
(f) object to our use of your personal data based on our legitimate interests, on grounds relating to your specific situation;
(g) withdraw your consent, where our use of your personal data is based on that consent; and
(h) complain to the Information Commissioner’s Office, which can investigate compliance with data protection law and has enforcement powers, if you are not satisfied with how we are processing your personal data.
8.2 Please contact us in writing using the contact details below if you would like to action any of your rights above. You should note that these rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply.
9. Our communications, the Website and cookies
9.1 We may use your contact details to send you (by post or electronically) briefings, newsletters, event invitations and other mailing promoting our services. We do so on the basis of our legitimate interests or your consent (as appropriate to the communication in question). You can always unsubscribe from these mailings, by clicking on the link in the relevant email; or by contacting us at email@example.com
9.2 We use mailing list management / marketing software to manage how we contact you as set out above.
10. Changes to this Privacy Notice
We may update this Privacy Notice in line with changes to how we process personal data. We will publish any new version of the Privacy Notice on the Website and, where appropriate, will provide a copy.
11. How to contact us
If you have any queries about this Privacy Notice or how we process your personal data, you can contact us at firstname.lastname@example.org or by post to Data Protection Officer, C & H Stedman, Noble House, Eaton Road, Hemel Hempstead, Herts HP2 7UB.