Data Protection Policy and Privacy Notice
Richard Place Dobson (the company) is committed to being transparent about how it collects and uses Personal Data and to meeting its data protection obligations.
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all services and instances where we collect your personal data.
This privacy notice applies to personal information processed by or on behalf of Richard Place Dobson Services Limited.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website
Richard Place Dobson and our Data Protection Officer
We are Richard Place Dobson, Chartered Accountants, 1 – 7 Station Road, Crawley, West Sussex. RH10 1HT. We are a data controller of your personal data.
We have a dedicated data protection officer (“DPO”). You can contact the DPO using the details below or by writing to the above address, marking it for the attention of the DPO.
Name – Karen Corduff
Tel No – 01293 521191
E-mail address – email@example.com
Data Protection Principles
The Company processes Personal Data in accordance with the following data protection principles which require Personal Data to be:
• Processed lawfully, fairly and in a transparent manner;
• Collected only for specified, explicit and legitimate purposes;
• Processed only where it is adequate, relevant and limited to what is necessary for the purposes of processing;
• Accurate and for the Company to take all reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay;
• Kept only for the period necessary for the purposes of processing; and
• Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The Company tells individuals the reasons for processing their Personal Data, how it uses such data and the legal basis for processing in its privacy notices. It will not process Personal Data for other reasons.
The Company will update Personal Data promptly if an individual advises that his/her information has changed or is inaccurate.
The Company keeps full and accurate records of its processing activities in respect of Personal Data in accordance with the requirements of data protection legislation.
The types of personal data we collect and use
What data do we collect?
When you become a client, we will need to gather certain pieces of personal data to enable us to do the work you have engaged us to do on your behalf. The personal data that we collect and hold about you to use may include:
• Full name and personal details including contact information (e.g. home and business address and address history, email address, home, business and mobile telephone numbers);
• Date of birth and/or age;
• Financial details (e.g. salary and details of other income, accounts, tax returns, bank account details);
• Family, lifestyle or social circumstances if relevant to the service we are providing;
• Education and employment details/employment status;
• Personal data about spouse and other family members where this is relevant to the work we are undertaking on your behalf; and
• Reference and code numbers for liaising with regulatory and other third party legal bodies (for example – HMRC, Companies House, Financial advisors and Charities Commission), where we need to communicate with the third party on your behalf.
Provision of professional services
Richard Place Dobson will also often receive personal information in the course of providing professional services – ordinarily when we provide services to private individuals, employers and businesses with personal customers. Our engagement letter and terms of business govern our relationship with you, including what we may do with personal data that is provided to us. Richard Place Dobson provides many different types of services and its role may not always be visible to the individuals who are data subjects.
More generally, Richard Place Dobson complies with its obligations under the Data Protection Act 1998, and applicable regulatory guidance which relates to our handling of personal data (for example, as published by our principal regulator, the Institute of Chartered Accountants in England and Wales).
Provision of personal data
We will let you know if providing some personal data is optional, including if we ask for your consent to process it.
Why we may need to collect your personal data
We rely on the following legal bases to use your personal data:
1. Where we have a contractual obligation to provide you with our services
By engaging us to supply accounting, taxation, payroll or advisory services to you we will need to hold certain personal data to carry out our work. The terms of the work we will do and information we require you to supply to us will be set out in our engagement letter.
2. Where it is in our legitimate interests to do so
a) Managing your services relating to the work we do for you, updating your records, tracing your whereabouts to contact you about the work we have done for you, your account and doing this for recovering debt (where appropriate);
b) To perform and/or test the performance of our services and internal processes;
c) To follow guidance and recommended best practice of government and regulatory bodies;
d) For management and audit of our business operations including accounting;
e) To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that;
f) To carry out monitoring and to keep records of our communications with you and our staff;
g) To administer our good governance requirements, such as internal reporting and compliance obligations or administration required;
h) For market research and analysis and developing statistics;
i) For direct marketing communications and related profiling to help us to offer you relevant services and news on updates/changes to regulatory or legal standards which may impact you. We will send marketing to you by email, post and social media; or
j) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.
3. To comply with our legal obligations
4. With your consent or explicit consent:
a) For some direct marketing communications;
b) For some of our profiling and other automated decision making; or
c) For some of our processing of special categories of personal data such as about your health, if you are a vulnerable customer or some criminal records information.
How long do we hold data for?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations;
• For as long as we provide services to you and then for as long as someone could bring a claim against us;
• Retention periods in line with legal and regulatory requirements or guidance; and/or
• We use reasonable efforts to retain personal data collected from you only for so long as we need such data in accordance with the purpose for which it was collected or until we are requested to delete it (if earlier).
Data security and storage
Richard Place Dobson has appropriate technical and organisational security policies and procedures in place to protect personal data and information from loss, misuse, alteration, or destruction.
Additionally, we aim to ensure that access to your personal data is limited to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In order to try and keep transmission of data as secure as possible we have set up a portal system called OneClick and it is our policy to transmit personal and company information via this rather than using e-mail or the internet.
Subject to applicable laws, we may monitor calls, emails, text messages, social media messages and other communications in relation to any dealings with you. The purpose for this monitoring will be for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. We may also monitor activities on your account where necessary for these reasons and this is justified by our legitimate interests or legal obligations.
Our website is run by PracticeWEB, which collects IP addresses for system administration, for independent audit and to produce reports so we can see how our site is being used, for example, what services and facilities are popular, and how long users spend on particular pages. This is data about our users’ browsing actions and patterns and it does not identify anyone individually. We have reviewed PracticeWEB’s procedures and systems in place to confirm we are satisfied that they are GDPR compliant and are not using personal data collected on our behalf for any other reasons than mentioned above. PracticeWEB’s privacy notice can be found http://www.placedobson.co.uk/privacy-statement-and-cookie-policy.
When you telephone Richard Place Dobson we will not record your call. Although if the information we are given relates to a service we are performing for you, we may make notes of the call and place these on our internal client files.
Your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
• The right to be informed about the processing of your personal information;
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
• The right to object to processing of your personal information;
• The right to restrict processing of your personal information;
• The right to have your personal information erased (the “right to be forgotten”);
• The right to request access to your personal information and to obtain information about how we process it;
• The right to move, copy or transfer your personal information (“data portability”); and
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by contacting the DPO in the first instance.
Sharing of personal data
We will use your personal data only for the purpose for which it was collected, unless we obtain your specific consent to other uses, or unless otherwise required or permitted by law or professional standards. For example, if you send us an email message requesting information about Richard Place Dobson we will use your email address and other information you supply to respond to your request.
We may share personal data that you submit to us via this website to firms or to suppliers or subcontractors working on our behalf (including transfers across geographical borders worldwide) in accordance with our data protection obligations.
We do not disclose your personal data to third parties (excluding those identified above) except as required and permitted by applicable law.
We do not sell your personal data or provide it to third parties for their direct marketing use. We may add your personal data to our CRM (Contact Relationship Management) database which we use to develop our relationship with current and prospective contacts.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the contact us section of our website. Alternatively, you can write to Richard Place Dobson, Chartered Accountants, 1-7 Station Road, Crawley, West Sussex. RH10 1HT, marking it for the attention of the DPO.