Hansen Sweeney Accountants Limited is committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information Hansen Sweeney Accountants Limited collects and processes in accordance with the General Data Protection Regulation (GDPR).
Data we process
Hansen Sweeney Accountants Limited is a Controller of the personal data you (data subject) provide us. We may collect the following types of personal data from you:
Our services may require us to process the following data about you.
- Email address
- Telephone number
- Mobile phone number
- National Identity Documents (E.g.: Passport, driving license)
- Bank details
- Home or Work address
- National Insurance number
- Date of Birth
- Unique Tax payer reference (UTR)
- Credit and debit card numbers
- Directorship details
- Salary details
- Pension details
- Tax returns
With your explicit consent we may also process the following information to simplify the provision of services to you:
- HMRC login details
- Bank login details
If you choose not to provide us with this information we may be unable to process payments or submit tax returns on your behalf but your access to our core services should not be impacted.
Sensitive personal data:
In some cases, such as when you have claimed statutory sick pay, processing of payroll may require us to process the following sensitive information:
- Medical data
- Sickness details
Children’s personal data:
If you are a recipient of Child Benefit we may be required to process the following personal information about your child:
- Children’s name
- Children’s date of birth
We do not seek any sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from our clients, unless we are legally required to do so or it is necessary for the performance of our contracts.
How we collect your data
We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their business card, complete our online forms, subscribe to our newsletters, attend meetings or events we host, visit our offices or apply for open roles. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
- Public sources — Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and Internet searches.
- Social and professional networking sites — If you follow us on social media sites such as Twitter or LinkedIn we will have access to your name and public profile.
- Business clients — Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement. For example, the processing of payroll. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms and policies.
- Recruitment. We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.
Why we need it
We need your personal data in order to provide you with the following services:
- Assistance in the management of your Taxes
- The provision of Payroll services
- Assistance in the administration of your Business
All accountants must comply with the duties imposed by the Proceeds of Crime Act 2002, the Terrorism Act 2000, and the Money Laundering Regulations 2007. To comply with this legislation we may need to process a copy of your passport or other documentation to verify your identity.
Our legal basis for processing for the personal data
We process personal data to meet our contractual obligation to provide services to our clients. Provision of certain non-essential services such as processing payments and uploading tax returns on your behalf may require us to have access to your online banking account and/or your Government Gateway account. These services will only be provided with your explicit consent. Consent can be withdrawn at any time by giving us written notice and changing your password for the accounts we have access to.
Data sharing with other organisations
We may share your data with third parties as required for the performance of our contract with you. For example, we may submit information to HMRC on your behalf.
If we have grounds to suspect that your instructions relate to ‘criminal property’ we are legally obliged to make a report to the Serious Organised Crime Agency (SOCA). In this event we are prohibited from telling you that a report has been made.
How long we keep it
We retain your documents for the time period according to the Data Retention Policy. Unless we are legally obliged to retain data or you have specifically requested its retention this period will typically not exceed 6 years. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Hansen Sweeney Accountants Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
- Right to withdraw consent — You may withdraw consent at any time by emailing email@example.com
Right to withdraw consent
In the event that you wish to complain about how we have handled your personal data, please contact Data Protection Officer at firstname.lastname@example.org or in writing to IT & Information Security Manager, Hansen Sweeney Accountants Limited, 45 Beaufort Court, Admirals Way, London E14 9XL. Our IT & Information Security Manager will then look into your complaint and work with you to resolve the matter. If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office (ICO) and file a complaint with them.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.