PRIVACY NOTICE

Introduction

The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data. We are a data controller within the meaning of the GDPR and we process personal data. Our contact details are as follows: bradley@braccountancyservices.co.uk or 07555392060.

We may amend this privacy notice from time to time. If we do so, we will notify you of the changes within 14 days and/or make a copy of the amended privacy notice available on our website. If you require a previous version of this privacy notice, please contact us using the details provided.

Where we act as a data processor on behalf of a data controller (for example, when processing payroll), we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.

The purposes for which we intend to process personal data

• To enable to supply professional services to you as our client.
• To fulfil our obligations under relevant laws in force from time to time.
• To comply with professional obligations to which we are subject as a member of AAT.
• To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
• To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
• To contact you about other services we provide which may be of interest to you if you have consented to us doing so.

The legal bases for our intended processing of personal data

• At the time you instructed us to act, you gave consent to us processing your personal data for the purposes listed above.
• The processing is necessary for the performance of our contract with you.
• The processing is necessary for compliance with legal obligations to which we are subject.

Persons/organisations to whom we may give personal data

We may share your personal data with:

• HMRC
• Any third parties with whom you require or permit us to correspond
• Subcontractors
• An alternate appointed by us in the event of incapacity or death
• Tax insurance providers
• Professional indemnity insurers
• Our professional body, AAT, and/or OPBAS in relation to practice assurance and legal requirements.

Transfers of personal data outside the EEA

Your personal data will be processed in the EEA only. Should we need to transfer data outside the EEA in the future, we will ensure that appropriate safeguards are in place in accordance with GDPR.

Retention of personal data

When acting as a data controller, we will retain records as follows:

• Tax returns: 5 years from the end of the tax year.
• Ad hoc advisory work: 5 years from the end of the business relationship.
• Ongoing client relationships: data retained for the period of the relationship, then deleted 5 years after unless requested otherwise.

Your Rights

• Right to request access to personal data (SARs).
• Right to rectification of inaccurate personal data.
• Right to erasure of personal data.
• Right to restrict processing and object to processing.
• Right to data portability.

Cookies and Website Usage

We use cookies for functionality, analytics, and user preferences. You can manage cookies via your browser settings.

Data Breach Policy

In case of a data breach, we will take the following steps:

• Containment and assessment of the breach.
• Notification of affected individuals if high risk is posed.
• Report to the ICO within 72 hours if legally required.
• Investigation and implementation of corrective measures.

Complaints

If you have concerns, contact bradley@braccountancyservices.co.uk. You may also contact the ICO at www.ico.org.uk.