Garbetts Chartered Accountants- Privacy Policy

Garbetts takes the protection of your privacy very seriously. Our privacy statement explains why and how we collect and use personal data and provides information about individual’s rights.

Garbetts is Garbetts (IOW) Limited, a company registered in England and Wales with registered number 08074705.

We obtain personal data about you, for example, when:

• You request a proposal from us in respect of the services we provide

• You (or your employer, or our clients) engages us to provide our services, and during the provision of those services

• You contact us by email, telephone, post, or social media, or access our website (for example when you have a query about our services)

• From third parties and/or publicly available resources (for example from your employer or from Companies House)

• We engage your services (or those of your employer or contractor) as a supplier or contractor

• We correspond with you as a business contact or potential supplier

• You apply to us as a prospective employee

Where we need to process the personal data of others (for example directors of companies, family members, employees, customers or suppliers) to provide professional services, we ask that you provide the necessary information to the data subjects regarding its use. You may direct data subjects to this privacy statement to do so.

The personal data we hold about you will vary depending on the reasons for our processing the data. The information we hold may include the following:

• Your personal details (such as your name, address, and contact details)

• Your financial details (such as tax references, National Insurance numbers, bank account and other financial details)

• Details of any services you have received from us

• Details of any goods or services you have provided to us

• Our correspondence and communications with you

• Information about any complaints or enquiries you make to us

• Information we receive from other sources, such as publicly available information, information provided by your employer, or our clients.

We may process your personal data for the purposes necessary for the performance of our contract with you, or your employer, and to comply with our legal and regulatory obligations.

We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.

We may process your data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data.

We may process your personal data for certain additional purposes with your consent and in these limited circumstances where your consent is required for the processing of your personal data you have the right to withdraw your consent to processing for such specific circumstances.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

In some circumstances we may anonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal and regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required to do so.

We will only retain your personal data for as long as it is required to fulfil the purposes for which it was collected, and any legal or regulatory obligations.

For data processed in the provision of a service provided to you, or to our client where you are an employee, subcontractor, supplier, or customer of our client, we are required by regulation and our insurers to retain your data for a minimum period. The period of retention varies with applicable legislation but to ensure compliance with such requirements it is the policy of the firm to retain data for a period of seven years from the end of an engagement.

We will not sell or rent your information to third parties, or share your information with third parties for marketing purposes. Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.

Third-parties include third-party service providers. We may pass your information to third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example in maintaining your accounting records on accounting software or in providing advice in specialist areas. When we use third party service providers, we disclose only the personal information that is necessary to deliver the service, and we have a contract in place that requires them to keep the information secure and not to use it for their own purposes.

Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example a court order or for the purposes of prevention and detection of crime, fraud or corruption.

How you can access and update your information

Keeping your information up to date and accurate is important to us. Should your personal information change, please let us know, in writing or email.

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you, and any applicable regulator of a suspected breach where we are legally required to do so.

Your data will usually be processed in our offices. However, to allow us to operate efficient digital processes we sometime need to store information in servers located outside the UK, but within the European Economic Area (EEA). We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.

You acknowledge that data sent by email is unencrypted and our email communications may contain some personal data.

Where you provide an email address for communication you are responsible for ensuring the security of access to that address.

Where considered appropriate we may also communicate with you using our secure online portal, which will be used for information and documents considered to contain more sensitive information, and provides a secure way to access your data.

We understand the importance of protecting children's privacy especially in an online environment. Our website is not intentionally designed or directed at children 16 years of age or younger and it is our policy not to knowingly collect or maintain information about anyone under the age of 16 years.

Where collection of information in respect of children is necessary to provide our services (for example because a child is the beneficiary of a trust and details are required to be reported to HMRC) we acknowledge the additional level of care expected in respect of those details and will ensure that only information absolutely required by the engagement will be collected.

Right to access: You have the right to request a copy of the personal information about you that we hold by making a "data subject access request". Any formal subject access request should be made in writing.

Right to rectification: You have the right to request that we correct any personal information we hold about you that you believe to be inaccurate.

Right to Object: You have the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless we demonstrate compelling grounds for continuing the processing or that the processing is necessary in connection with our legal rights and obligations.

Right to be Forgotten: You may ask us to delete personal information about you where:

• The information is no longer necessary for the purposes for which it was obtained;

• You have validly objected to our use of your personal information; or

• Our use of your personal information is contrary to law or our other legal obligations.

Right to restricting processing: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, alternatively we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We recognise that data protection is an ongoing responsibility and so will keep this privacy notice under regular review.

If you have any questions regarding this notice or if you would like to speak to us about the way we process your personal data, please email office@garbetts.com.

We seek to resolve directly all complaints about how we handle your personal information, but you also have a right to lodge a complaint with the Information Commissioner's Office (ICO) at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website: https://ico.org.uk/for-the-public/raising-concerns/