1.1 Please take the time to read this Policy, which contains important information about the way in which we process personal data.
1.2 McKie & Co LLP is committed to respecting and protecting your privacy. We shall take all reasonable steps to ensure your personal data is protected against unauthorised access, it will not be sold or disclosed (other than as specified under this policy) to another company or organisation. The only time we shall disclose your personal data is when we are legally required to do so or as required by our regulators.
1.3 The Data Protection Act 2018 (the ‘DPA 2018’) and the General Data Protection Regulation (Regulation (EU) 2016/670) (‘GDPR’) impose certain legal obligations in connection with the processing of personal data (the ‘Data Legislation’).
1.4 McKie & Co LLP of Rudge Hill House, Rudge, Somersetshire, BA11 2QG is a data controller within the meaning of the GDPR and we process personal data. Our ICO registration number is Z7402500.
1.6 This Policy may change from time to time and if it does, the current version will be available on our website and will become effective immediately.
2 Information we may collect about you
2.1 We may collect and process information about you and your personnel through various means, including:
• in the course of providing advice to you (or your business). We will usually act as a data controller in this capacity;
• via our website (e.g. on our ‘Contact Us’ page) etc;
• by email or other electronic correspondence;
• by telephone;
• networking (e.g. at conferences, events and/or other meetings or events attended by us);
• otherwise through providing our tax advisory services or operating our business.
2.2 The personal data that you might give to us includes:
• your name and title;
• contact information, including telephone number, postal address and email address;
• employment and job application details, e.g. date of birth, employment history and qualifications;
• photographic identification;
• in certain circumstances, your and others’ signature(s), National Insurance number(s) and financial details such as bank account details;
• in certain circumstances, data relating to health (including disabilities), ethnicity, race, religious beliefs and other ‘special category personal data’;
• the content of any enquiry submitted over our website;
• any other personal data we collect in the context of our work for our clients or in the course of operating our business.
2.3 If you contact us, we may keep a record of that correspondence.
2.4 The personal data described above may relate to any of the following categories of person:
• our clients and our clients’ personnel;
• our prospective employees or other job applicants;
• those emergency contacts whose details have been provided to us by our employees;
• third parties with whom we have contact by virtue of providing tax advisory services;
• our contacts at other professional advisors or others with whom we work in the context of our tax advisory services;
• our prospective target clients;
• our contractors and suppliers;
• those who submit enquiries through our website or whose details are otherwise entered into our client management system;
• any other visitor to our offices.
4 How we shall use your information
4.1 We may use your information for the following purposes:
a) to respond to a query that you submit to us;
b) to manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes;
c) to complete our contractual obligations to you, or otherwise to take steps as described in our engagement agreement (including any associated administration);
d) to carry out any relevant conflict of interest checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017);
e) to verify your identity using electronic verification. Any personal data received from you for the specific purpose of proving your identity will be processed only for the purposes of preventing money laundering or terrorist financing (as detailed above), unless any additional use is permitted by law or you consent to us using it for a different purpose;
f) to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation;
g) to ensure that our website’s content is presented in the most effective manner for you and your device;
h) to administer and manage our website;
i) as part of our efforts to keep our website safe and secure;
j) to measure or understand the effectiveness of advertising we send to you and others, and to deliver relevant advertising to you;
k) to ensure we appropriately administer any attendance or visits to our offices;
l) to comply with any other professional and regulatory obligations which apply to us or policies that we have in place;
m) as we feel is necessary to prevent illegal activity or to protect our interests.
5 Legal basis for processing your information
5.1 We shall rely on the following legal bases for the processing of your personal data:
a) In respect of our performance of a contract. The personal data that we are required to collect in order to comply with any professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform a contract. If you do not provide the personal data that we request, we may not be able to provide our professional advice to you;
b) To comply with any legal and regulatory obligation to which we are subject;
c) Where we have a legitimate interest, in the provision of our advice and in the effective delivery of that advice (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights). These legitimate interests will include our interests in managing our client relationships and achieving compliance with policies, practices or procedures;
d) Where processing of ‘special category data’ is necessary in the context of the establishment, exercise or defence of legal claims.
5.2 Generally we do not rely on consent as a legal basis for processing your personal data, other than in relation to sending third party direct marketing communications to individuals via email. You have the right to withdraw consent to marketing at any time by contacting us at email@example.com.
6 Sharing your information
6.1 We may disclose your information to third parties when:
• you specifically request this or it is necessary in order for us to provide our advisory services to you; for example, when we need to instruct lawyers in the UK or in another jurisdiction to provide advice which you have requested;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights or property of ourselves, our clients, or others and the security of our website.
6.2 The third parties include:
• our insurers;
• other professional advisors or third parties including counsel, lawyers or accountants with whom we engage as part of our work for our clients or those who our clients separately engage in the same context;
• the professional bodies of which our partners are members or with which we are registered, including the Chartered Institute of Taxation, the Society of Trust and Estate Practitioners and the Institute of Chartered Accountants in England and Wales;
• HM Revenue & Customs;
• our data processors providing security, email security, data governance, archiving and other IT and business support services;
• our email marketing platform provider and our website platform provider;
• analytics and search engine providers that assist us in the improvement and optimisation of our website;
• any third party you ask us to share your data with.
6.3 Where the law allows or requires us to do so, we may share your personal data with:-
• the police and law enforcement agencies;
• courts and tribunals;
• the Information Commissioners’ Office.
We may need to share your personal data with one of the above parties in order to comply with our legal obligations. In the event that you asked us not to share your personal data with such third parties we may cease to act for you.
6.4 We may share your details with carefully selected third parties. These may include those who provide services to us and may include organisations that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and, or, our clients in the course of business.
6.5 Where we are legally required to obtain your explicit consent to provide you with marketing material, we shall only provide you with such marketing materials if you have provided consent for us to do so.
6.6 Our website may, from time to time, contain links to and from the websites of other organisations. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
7 Storage and retention of your personal data
7.1 We have strict security procedures as to how your personal information is stored and used which we follow to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
7.3 We keep contact information (such as mailing list information) until a recipient unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honour your request.
7.4 We shall not store your information for longer than is necessary or required by law.
8 Sending your information outside the EEA
8.1 Your personal data will be processed in the European Economic Area (‘EEA’) only. If we need to provide your personal data to a professional adviser, or third party who is situated outside the EEA engaged by you, as part of our work under our Engagement Agreement we shall ensure that we do so in accordance with the Data Protection Legislation.
9 Your information rights
9.1 The Data Protection Legislation gives you the right to access information held about you (an ‘access request’). You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold, details of the purposes of our processing of your personal information and details of any third party with whom your personal information has been shared.
9.2 You can access the personal information we hold on you by writing to us at the following address: FAO: Data Protection Officer, McKie & Co LLP, Rudge Hill House, Rudge, Somerset, BA11 2QG. You can also contact us by email at firstname.lastname@example.org.
9.3 We shall ask you to provide proof of identity before we show you your personal information – this is so that we can prevent unauthorised access to it.
9.4 We shall not charge a fee for dealing with your access request but there are certain situations in which a fee may be charged, for example, where an access request is excessive or repetitive.
9.5 You are entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another data controller. You can exercise this right by contacting us at email@example.com.
9.6 In the event that an access request is excessive or especially repetitive, we may refuse to comply with the request.
9.7 You have the additional rights to request rectification and erasure of your personal data and to request restriction of, and to otherwise object to, our processing of your personal data and you can exercise these rights at any time by contacting firstname.lastname@example.org. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable we shall supply you with the reasons for refusing your request.
10 Withdrawal of consent
10.1 Where we process your personal data on the basis that you have provided your consent for us to do so when you submitted your personal data to us, you may withdraw your consent to this processing at any time by contacting us at email@example.com.
10.2 It should be noted that:-
• the withdrawal of consent does not affect the lawfulness of earlier processing;
• if you withdraw your consent, we may not be able to continue to provide services to you.
10.3 If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and we shall notify you of those grounds at such time.
11.1 If you consent to us contacting you, we shall always aim to be respectful and only to send relevant and appropriate material to you. If at any time you do think that we have behaved otherwise, please contact us straight away to let us know.
11.2 You also have the right to make a complaint to the Information Commissioner’s Office. For more details please visit the ICO website.
Questions, comments and requests regarding this Policy should be addressed to:
Name: Simon McKie
Address: Rudge Hill House, Rudge, Somerset, BA11 2QG
Email address: firstname.lastname@example.org
Telephone number: 01373 830956
Alternatively you can contact us through the Contact Us section of our website.