This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
This privacy notice is to help you understand what data we collect, why we collect it and what we do with it.
Data Controller: Hardwick & Morris LLP of 41 Great Portland Street, London W1W 7LA is the data controller responsible for deciding how we hold and use personal information about you.
Data Protection Leader: The Business Development Director is responsible for enquiries regarding compliance with this privacy notice and can be contacted at [email protected] or Data Protection, Hardwick & Morris LLP, 41 Great Portland Street, London W1W 7LA.
Information collected: personal information about you (your data) as necessary for the provision of the accountancy services by us to you (Services) and to comply with our statutory requirements (i.e. anti-money laundering legislation). This includes information which you provide to us (by phone, e-mail or otherwise), collected online (for example, credit checks and searches), and/or received from third parties or other sources. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide your data when requested, we may not be able to provide you with the Services. In this case, we may have to cease performing the Services you have with us, but we will notify you if this is the case at the time. If we do not obtain your data from you, we will inform you of the source your data originates from and whether it is publicly available. The categories of your data which we may collect, store, and use will depend on the type of Services, which categories are as follows:
CATEGORIES OF PERSONAL INFORMATION WE COLLECT FROM YOU:
- Contact details.
- Bank/other Financial Services details.
- Pension and benefits details.
- Tax details.
- Income and pay details.
- Annual leave details.
- Sick leave details.
- Employment history.
- Identification (including, for example photographs).
- Financial transaction spending history.
- Date and place of birth.
- Marital status and dependents.
- ID numbers, e.g. NINO, UTR, driving licence.
- Log-in information/passwords.
- Lifestyle information.
We will not process any special categories of personal data (for example, information about your race, religion, ethnic origin, genetics, biometrics, health or gender) or criminal offence data unless we expressly request this information from you. We do not collect data relating to children except where it is provided by you in the nature of an instruction with us.
How your data is used: it will be used to perform the Services. If you do not provide us with your data, we will not be able to perform the Services and we may be prevented from complying with our statutory obligations. We may also process your personal data for the purposes of our own legitimate interests provided that those interests provided that those interests, rights, and freedoms which require the protection of personal data. This includes processing for marketing, business development and management purposes. We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
Disclosure of your data: your data may be disclosed by us to third parties including other data controllers where it is: necessary for the provision of our Services; required by law; or where we have another legitimate reason for doing so (such as a court order). Depending on the type of Services, we may share your data with our agents, suppliers, and contractors. For example we may share data with First Stop IT Limited who manage the firm’s IT services, H&M & LL LLC in the USA to provide US accounting and taxation services (see, “Transfer of data outside the UK”), Bullocks 1 Limited for Royalty Management Services, First Corporate Services Limited for company secretarial services and HM Revenue & Customs and any regulator (for example, Institute of Chartered Accountants and the FCA) to comply with the law.
Protection of your data: we have put in place commercially reasonable and appropriate security measures aimed at preventing your data being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to those employees, agents, contractors and third parties who have a business need to know and require that your data is only processed for specified purposes in accordance with our instructions and where they have agreed to treat the information confidentially and to keep it secure. We do not allow our third-party service providers to use your data for their own purposes. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Transfer of data outside the UK: we may transfer your data to third parties outside the UK. We will only do so where there is an adequate level of protection of personal data or there are measures giving equivalent protection of personal rights, either through international agreements or contracts approved for use in the UK which give personal data the same protection it has in the UK.
How long is your data kept: your data will only be retained as long as necessary for the provision of our Services and insurance and regulatory requirements, being 6 years from the provision of our Services or for 6 years from the end of the accounting/tax year to which the data relates. You may request access, erasure and rectification of your data during this period, after which we will securely destroy your data in accordance with applicable laws and regulations. Please note that we may keep your data for longer than the periods stated above if it is necessary. However, this will be assessed on a case by case basis. If we determine that it is necessary to keep your data for longer than the periods listed above, we will confirm this to you in writing at the end of our retainer with you and explain why it is necessary.
Your right to access, correct, erase and restrict data we hold about you: it is important that your data is accurate and current. Please keep us informed if your data changes during your working relationship with us. Under certain circumstances, by law you have the right to:
- Request access to your data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of your data. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons.
- Object to processing of your data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- Request the restriction of processing of your data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate measure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints:
if you have any queries, concerns, or complaints about the use of your data by us, please raise them with the Data Protection Leader. If this does not resolve the problem to your satisfaction, or, if you prefer to raise the issue with somebody else, then please speak with the designated Complaint Partner named in our Engagement Letter, who will deal with your complaint. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO’s contact details are as follows:
Information Commissioner’s Office, Wycliffe House, Water Lance, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113
Changes to this Notice: we may change this notice from time to time, in which case we will provide you with a new notice. We may also notify you in other ways from time to time about the processing of your data.