CHALMERS & CO (SW) LIMITED

PRIVACY STATEMENT

Purpose of this Notice

We are committed to protecting your personal data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR).
This notice describes how we collect and use personal data about you, in accordance with UK Data Protection Legislation.

About Us

Chalmers & Co (SW) LIMITED is an accountancy, business and tax advisory firm. For the purpose of the Data Protection Legislation we are the “data controller” and are required to notify you of the following.

Data we hold and process

We process personal data for several purposes and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
Our policy is to collect only the personal data necessary for agreed purposes and we ask clients to only share personal data where it is strictly needed for those purposes. We collect personal data from our clients or from third parties acting on the instructions of the relevant client.
We may cold you own or your client’s details which may include names, private addresses, date of birth, tax and NI reference, company number (if applicable), employer’s tax references and name (if applicable), payroll details, business details (if applicable) and details of past and present taxable income and gains and data on other taxes.
We hold this data to allow us to provide accountancy and tax compliance, payroll, company secretarial and tax advisory services.
We also hold data in order to make ID checks under the Money Laundering Regulations, and this may include a copy of your passport or driving licence and evidence of your address.
Your business contact details are used to provide you with information about our services and other information which we think will be of interest to you, unless you tell us not to.

Data Retention

We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. Personal data processed is kept by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our retention policy period for records and other documentary evidence created in the provision of services is 7 years.
We hold data electronically and on paper.

Data Security

We take the security of your data we hold seriously. We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We limit access to your personal data to those employees, agents, contactors and other third parties who have a business need to know. They are subject to a duty of confidentiality and will only process your personal data on our instructions.
We store data on our in-house server and that data is highly protected by security features including firewalls and regular scans against viruses and malware.
We process and store data using our payroll, tax, company secretarial and accounting software. Such software may be located in “the Cloud” and if so we rely on the software providers security features and all access is password protected. Our IT support is outsourced and that IT support may work on software programmes that hold that data.
When software is installed on our local machines all access is password protected.
We will only share data with HMRC and HM Court’s and Tribunal’s Service, during the course of an enquiry or investigation or tax appeal or other reasons if:
• We are authorised to do so by a taxpayer, or
• In the case of a Schedule 36 FA 2008 Information Notice, we have either been so authorised by a Tribunal or we are compelled to provide data under the terms of a third party notice, or
• We are obliged by other regulations to provide data.
We are registered with the Information Commissioner.

Under the DPA (2018) and GDPR, Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.

Access to data

You have a right to access your personal data held by us and you can exercise that right by contacting us below. Our aim is to respond a request promptly and within the legally required limit of 30 days. You will not pay a fee to access your personal data. However we may charge a reasonable fee if your request for access is clearly unfounded or excessive.

Update of personal data

If you wish to update personal data submitted to us, please contact us below. Once we are informed that any personal data held by us is no longer accurate we will make changes based on your updated information.

Withdrawal of consent

Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us below. Once we have received notification that you have withdrawn your consent, we will no longer process data unless we have another legitimate basis for doing so.

Other rights

This statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability. For further information on these rights please contact us below.

Complaints

If you do want to complain about our use of your personal data, please contact us below with the details of your complaint. You also have the right to register a complaint with the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to their website.

Contacting us about your data

If you have any questions about this privacy statement or how and why we process personal data, please contact our Data Protection Point of Contact at:

Name: Chalmers & Co (SW) Limited
Address: 6 The Linen Yard, South Street, Crewkerne, Somerset, TA18 8AB
Email: info@chalmersaccountants.co.uk
Telephone: 01460 279000