Privacy notice for Clients

Claritas Accountancy Limited (the Company) is aware of its obligations under the General Data Protection Regulation (GDPR) to you, (the Client), and is committed to processing data securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold as a Contractor. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

 

Data controller details

You, as the Client, are the data controller, meaning that you determine the processes to be used in regard to personal data.

 

Data processor details

Claritas Accountancy Ltd is the data processor and will only act on the documented instructions of the data controller (unless required by law to act without such instructions).

 

Data protection principles

In relation to personal data, the Claritas Accountancy Ltd will:

•  process it fairly, lawfully and in a clear, transparent way
•  collect data only for reasons that we find proper for the course of our engagement
•  only use it in the way that we have been instructed
•  ensure as far as we can that it is correct and up to date
•  keep personal data for only as long as we need it
•  process it in a way that ensures it will not be used for anything that you are not aware of or have instructed.

 

Types of data we process

We may hold personal and special category data about you, your employees/workers or ex-employees that either you or they have supplied to us, including:

•  personal details including name, address, date of birth, email address, phone numbers
•  photograph
•  gender
•  marital status

 

How we collect data

We collect data in a variety of ways; you, as the Client, may provide data about yourself,  employees/workers or ex-employees and in addition, your employees and/or workers may supply information to us directly.

In some cases, we will collect data on your behalf from third parties, such as intermediaries, Companies House and HMRC.

 

Why we process your data

The law on data protection allows us to process your data for certain reasons only:

•  in order to perform the contract that we are party to
•  in order to carry out legally required duties
•  in order for us to carry out our legitimate interests
•  to protect your interests
•  where something is done in the public interest and
•  where we have obtained your consent.

 

All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data. We must process special categories of data in accordance with stringent guidelines. Most commonly, we will process special categories of data when the following applies:

•  you have given explicit consent to the processing
•  we must process the data in order to carry out legal obligations
•  we must process data for reasons of substantial public interest
•  the data has already been made public.

 

Sharing your data

We will share data with those that you instruct us to such as named personnel within your organisation or others as are required for us to perform the contract that we are engaged to complete; this includes, for example, your payroll department for administering payment under your contract or individuals involved in an investigation.

 

We may share your data with third parties, for example, in order to gain legal advice or for other reasons to comply with a legal obligation upon either Claritas Accountancy Ltd or you, the Client.

 

We do not share your data with bodies outside of the European Economic Area.

 

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

 

If you instruct us to share data with a third party, we expect you, as the data controller, to ensure that the data is held securely and in line with GDPR requirements.

 

How long we keep data for

In line with data protection principles, we only keep your data for as long as we need it.

 

Unless you instruct us otherwise:

1. we will keep your data for no more than twelve months after we last work with you.
2. should we hold any data for you about your employees/workers, the data will be held for twelve months after you inform us that they have left your company.
3. any data we hold for you as a potential new client will be held for six months or as per bullet 1. above, whichever is the sooner.

 

Retention periods can vary depending on why we are holding the data. Data will be deleted after the respective retention period unless you instruct us to return all personal data to the controller.

 

The Company’s additional responsibilities in relation to data

As the data processor, we will:

• ensure that people processing the data are subject to a duty of confidence
• take appropriate measures to ensure the security of processing
• only engage a sub-processor with the prior consent of the data controller and a written contract
• will assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR
• will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
• will submit to audits and inspections, provide the controller with whatever information it needs to ensure that both the controller and the processor are meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state
• co-operate with supervisory authorities (such as the ICO) in accordance with Article 31
• keep records of its processing activities
• notify any personal data breaches to the controller in accordance with Article 33

 

If you wish to exercise any of the rights explained above, please contact privacy@claritasaccountancy.com

 

Nothing within this privacy notice relieves the processor of its own direct responsibilities and liabilities under the GDPR.

 

Data protection

The Company has appointed Steven Perkins as the data protection lead within Claritas Accountancy Ltd. Questions about this notice, or requests for further information, should be directed to him at privacy@claritasaccountancy.com