The General Data Protection Regulation
On 25th May 2018 the General Data Protection Regulation came into effect. This new Europe-wide regulation has been developed to allow us all to retain control of our (individuals to retain control of their) personal data. SMCO Chartered Tax Advisors has always taken the protection of data seriously and complied with the Data Protection Act (1998), but this regulation has a number of new requirements including your right to be informed about the (details of) processing of your data.
Everyone in our team is committed to taking care of your personal data. We are custodians of this important resource and will only process it in lawful ways. We hope you find the following privacy statement interesting an informative.
Introduction
SMCO Chartered Tax Advisors (“SMCO Chartered Tax Advisors”, “we”, “us” or “our”) is firmly committed to protecting personal data. This privacy notice explains why and how we collect personal data, how we keep it confidential and how we keep it safe. It also provides information about the choices and rights of individuals in relation to their data.
Personal data is any information that allows identification of a living person. The team at SMCO Chartered Tax Advisors process personal data for many purposes, and the means of collection, the lawful basis for processing, the use, disclosure, and the retention periods may vary according to the purpose.
Please refer to the table below for detailed information about the processing activities for each business group.
Business Groups:
- Individual or personal clients
- Corporate clients
- Business Contacts
- Individuals whose personal data we process under contract with our clients (eg payroll)
- Suppliers, subcontractors and their staff
- Visitors to our website
- Subscribers to our social channels
- Others who contact us
- Third Parties
Individual or Personal Clients
Personal Data Collected
We collect and process only the personal data that is necessary to provide agreed services and products for our clients. In the majority of instances we act as data controller as much of our work is determined by professional bodies. We provide numerous services for personal clients and therefore process many categories of personal data which may include:
- Direct personal identifiers such as name, date of birth, contact details
- Family information such as the names and dates of birth of dependents if they are the beneficiaries on a policy taken out by parents or guardians on their behalf
- Information necessary to provide a product or service such as bank account details, income, taxation and other financial details
- Information about clients’ contacts with us such as emails, meetings, phone calls and letters
- Information about business activities
- Information that is classified as sensitive, for example relating to marital status, civil or partnership status and health. This information will only be collected if it is essential to the provision of the product or service requested or is necessary to allow us to comply with the law
- Images of individuals who visit our offices
How Personal Data is Collected
We may collect personal data directly when:
- An application form is completed for a product or service
- We have a telephone conversation with an individual
- We receive emails or letters
- We meet with clients or prospective clients
- Individuals register to receive information about our events or our podcasts
- Individuals participate in our research surveys to help us better understand our clients’ needs
- Individuals use our online platforms such as our website, social media and mobile device applications (Apps)
- Individuals visit our offices and their image is captured on CC
Use of personal Data
Providing Products and Services – we collect and process personal data to allow us to provide clients with the products or services requested. For example, if SMCO Chartered Tax Advisors is engaged to prepare accounts, the client will be asked to provide information such as name, address, date of birth and national insurance number.
Managing and Administering our Business and Services – we collect and process personal data to manage our relationship with clients, ensure the accuracy of our IT systems and develop our business and services (such as determining client’s needs.)
Security and Data Risk Management Activities – we have a suite of security measures to protect our clients, our staff and our business information. Personal data may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails. In addition, images are captured via CCTV of staff and visitors to our office.
Compliance with Regulatory Obligations – Much of our work is directed by professional, regulatory and legal requirements. Personal data will be processed if necessary to comply with these obligations. During our client engagement process, we carry out searches using endorsement lists and the internet to identify issues that may prevent us working with a particular individual or firm (such as conduct or reputational concerns.)
Providing Clients with Information about our Services – with client consent, or otherwise in accordance with the law, we use client contact data to provide information we think may be of interest such as industry updates, reviews and invitations to events.
Corporate Clients
Personal Data Collected
We collect and process only that personal information necessary to carry out agreed processes with our corporate clients. Where we require personal data to carry out services on behalf of our corporate clients, we ask those clients to provide necessary information (Privacy Statements) to the data subjects directly.
Corporate clients may refer to relevant sections of this Privacy Statement if appropriate.
Use of Personal Data
Providing Products and Services – we collect and process personal information to allow us to provide clients with the products or services requested. For example, providing a valuation report, a valuation model or advisory services.
Managing and Administering our Business and Services – we collect and process personal data to manage our relationship with clients, ensure the accuracy of our IT systems and develop our business and services (such as determining client needs)
Security and Data Risk Management Activities – we have a suite of security measures to protect our clients, our staff and our business information. Personal data may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails.
Compliance with Regulatory Obligations – Much of our work is directed by professional, regulatory and legal requirements. Personal data will be processed if necessary to comply with these obligations. During our client engagement process, we carry out searches using endorsement lists and the internet to identify issues that may prevent us working with a particular individual or firm (such as conduct or reputational concerns).
Providing Clients with Information about our Services – with client consent, or otherwise in accordance with the law, we use client contact data to provide information we think may be of interest such as industry updates, reviews and invitations to events.
Business Contacts
The SMCO Chartered Tax Advisors team process personal information about business contacts using a Practice Management System (PMS). The collection of personal information including name, title, employer name, email address and other business contact details is initiated by a team member and is added to the PMS.
Use of personal Data
The personal data of business contacts is processed by the SMCO Chartered Tax Advisors team for the following purposes:
- The provision of information about our products and services
- The provision of commentaries on subjects of interest and information about events
- The provision of business offers that may be of interest
- The management and development of our businesses
- The identification of clients’ needs
SMCO Chartered Tax Advisors do not sell or release data held on the PMS system to third parties for any purpose other than as required to do so to fulfil legal, regulatory and professional requirements. The majority of information held on the PMS is processed within the UK/EEA. Where information is processed outside of the EEA, we put agreements in place with our third party suppliers to ensure it is protected to at an equivalent standard as would be provided in the UK/EEA.
Individuals whose personal data we process under contract with our clients (eg payroll)
Personal Data Collected
We collect and process only that personal data necessary to carry out agreed processes on behalf of our clients.
We ask those clients to provide information (Privacy Statements) about the processing of personal information to the data subjects directly.
As SMCO Chartered Tax Advisors provides a great variety of services for clients, many categories of personal data are collected and processed including:
- Contact details such as name, address, email address
- Details of business activities
- Financial information including investments and other interests
- Payroll information including names, National Insurance numbers, bank details,
- Other employee information (such as pension details)
Personal Data processed under contract is collected by our clients or by a third party acting on the instruction of a client.
Use of personal Data
Providing Products and Services – we collect and process personal information to allow us to provide clients with the products or services requested. For example, if SMCO Chartered Tax Advisors is engaged to provide payroll services, the client will be asked to provide information such as the name, address, date of birth and national insurance number of all staff.
Managing and Administering our Business and Services – we collect and process personal data to manage our relationship with clients, ensure the accuracy of our IT systems and develop our business and services (such as determining client needs).
Security and Data Risk Management Activities – we have a suite of security measures to protect our clients, our staff and our business information. Personal data may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails.
Compliance with Regulatory Obligations – Much of our work is directed by professional, regulatory and legal requirements. Personal data will be processed if necessary to comply with these obligations. During our client engagement process, we carry out searches using endorsement lists and the internet to identify issues that may prevent us working with a particular individual or firm (such as conduct or reputational concerns)
Providing Clients with Information about our Services – with client consent, or otherwise in accordance with the law, we use client contact data to provide information we think may be of interest such as industry updates, reviews and invitations to events
Individuals Who Contact SMCO Chartered Tax Advisors
When an individual contacts SMCO Chartered Tax Advisors for advice, to make a comment, to feedback or complain, we collect personal data such as name and contact details so we may respond. Such data is only used for the purpose of response.
Suppliers, Subcontractors and their Staff
Personal Data Collected
We collect and process personal data including names, address and contact details about our suppliers, subcontractors and their staff to manage the contracts between our organisations and the services provided to us.
Use of Personal Data
Services supplied directly to SMCO Chartered Tax Advisors– we process the personal data of our suppliers and their staff as necessary to ensure efficient delivery of services. For example we process personal data about the individuals who provide services through our outsourced facilities management
Managing and Administering our Business and Services – we process personal data to ensure the efficient running of our business. Examples include the maintenance of our IT systems, the hosting of events and the management of our website
Security and Data Risk Management Activities – we have a suite of security measures to protect our clients, our staff and our business information. Personal data of suppliers, subcontractors and their staff may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails
Compliance with Regulatory Obligations – Much of our work is directed by professional, regulatory and legal requirements. Personal data of suppliers, contractors and their staff will be processed if necessary to meet these requirements
Providing Information about our Services – In accordance with data protection regulations and following legitimate interest assessments, our team uses business contact details to provide information that may be of interest such as industry updates, reviews and invitations to events.
Visitors to our Website
Personal Data Collected
SMCO Chartered Tax Advisors will not collect any personal data such as name, address, telephone number or email address through our website unless provided voluntarily by the visitor.
If we are emailed through the website, the messages we receive will contain the visitor’s email address plus any information included in the message.
Cookies
In some cases we may automatically collect technical information of a visitor connected to our site through the use of cookies. This information does not contain any data through which you can be identified by the SMCO Chartered Tax Advisors team, but it does include IP addresses. Other examples of the type of information collected include the type of internet browser used, the type of operating system used and the domain name of the website which linked through to our site.
A cookie is a small file of letters and numbers which allows us to distinguish each user of our website. The cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors who visit our site and how they navigate around it. This allows us to improve the way our website works, for example by making sure users are finding what they need easily.
If you would rather we did not collect cookies from you, you will need to disable them in your web browser. Instructions for disabling them in Internet Explorer 9 can be viewed below, for other web browsers please consult your help pages or IT support:
- Go to ‘Tools’ in the menu bar which should drop down then click on ‘Internet Options’
- Click on ‘Privacy’ Tab on top
- Move the slider up to the ‘Block all Cookies’ button
Use of Personal Data
When a visitor provides personal information via an email through our website, it will only be used as stated within the content of the email.
For example, such personal information may be used to:
- Respond to an enquiry for further information
- Register an individual for our regular blog updates
- Respond to feedback, suggestions or a complaint
Visitors to our Social Media sites
Personal Data Collected
When you connect or follow SMCO Chartered Tax Advisors on social medial, we may collect and process personal data including names, company names and email addresses.
Use of Personal Data
Personal information made available through social media sites would only be used for the purposes of backup, would be stored securely and would only be held as long as is necessary.
GENERAL INFORMATION
The Disclosure of personal information to us relating to third parties
On occasion, a client may disclose the personal information of a third party so that we may provide our services. Examples of such third parties include a spouse, partner or cohabitee, a family member or others who may be a financial dependants, joint account holders and beneficiaries or trustees of a trust.
Before providing us with such personal information, clients must ensure they have obtained any necessary permissions from these persons to use their personal information in the way set out in this Privacy Statement, or that they are otherwise permitted to give us this personal information. A copy of this Privacy Statement should be shared with such third parties before disclosing any personal information about them to us.
When and How Personal Data is Shared
Within the SMCO Chartered Tax Advisors team, personal data is only shared between colleagues who legitimately require the information to carry out their duties.
Personal data is only shared with third party organisations when legally required or under contractual arrangements that specify the level of protection necessary to meet our data protection obligations.
Third party organisations with whom we may share your data include:
- Government and Regulatory Bodies to meet our legal, regulatory and professional obligations
- Auditors and professional advisers to confirm our practices comply with industry regulations
- Third party organisations that assist in the maintenance of our IT systems
The Lawful Basis for Processing Personal Data
The lawful basis for processing personal data will depend on the nature of the service, the product, or the business function that our team member or third-party supplier is undertaking. In the majority of cases, the lawful basis for processing personal data will be one of the following:
- Contract – When you enter into a contract with SMCO Chartered Tax Advisors, the personal data you provide will be used for the purposes of fulfilling the obligations of that contract
- Legal Obligation – Personal data will be processed if necessary to enable SMCO Chartered Tax Advisors to comply with a professional, legal or regulatory obligation such as the retention of personal data to comply with HMRC regulations
- Legitimate Interests – SMCO Chartered Tax Advisors may process personal data lawfully where it is in our legitimate interest to do so and where it would not override the rights of individual data subjects
- Consent – individuals may occasionally be asked for permission to process their personal data for specific purposes. Such purposes are described in detail and individual subjects are provided with information about how to withdraw their consent
Where Personal Data is Processed
The majority of the personal data we collect is processed in the UK and European Economic Area and is, therefore, protected by the UK an EEA data privacy laws. However, some data may be processed by third parties we work with outside of the EEA such as the United States. Where this information is processed outside of the EEA, we put agreements in place with our third party suppliers to ensure it is protected to at an equivalent standard as would be provided in the UK and EEA.
Security and the Protection of Personal Data
We take the security of our information and systems extremely seriously. All personal information that is collected, whether electronically, on paper, or by other means, is protected appropriately in line with data protection obligations.
Controls and measures are in place to minimise loss or damage of personal data through accident, negligence or deliberate actions. SMCO Chartered Tax Advisors staff also protect sensitive and confidential data when storing or transmitting data electronically.
Our security controls are under frequent evaluation to manage risks to the confidentiality, integrity and availability of your personal information.
Data Retention
In the absence of overriding legal or statutory obligations, personal data is kept only as long as is necessary for the purpose for which it was collected.
The length of time personal data is kept to comply with legal or statutory obligations depends on the precise obligations we are required to meet.
Data Controller and Head of Privacy
If you have any queries or comments about this privacy notice or how and why personal data is processed please contact us
Individual Rights and How to Exercise Them
Individuals have specific rights over their personal data gathered and processed by SMCO Chartered Tax Advisors as described below:
Right of Access – Individuals have a right to access to their personal data held by SMCO Chartered Tax Advisors LLP as a data controller – a Subject Access Request). Please write to the Head of Privacy at the above address to make such a request. Individuals may be asked to provide for documentation to verify identity and may be charged in accordance with the law governing data protection. SMCO Chartered Tax Advisors will respond to Subject Access Requests within one calendar month.
Right to request that your personal information is amended – to update your personal information, please write to the Head of Privacy at the above address. We will update personal details as soon as practicable possible following receipt of a request
Right to be ‘forgotten’ or to request erasure – an individual may ask that their personal data is removed or deleted if there is not a compelling reason for SMCO Chartered Tax Advisors to retain it. Please contact the Head of Privacy at the above address if you wish to request that your data is removed
Right to withdraw consent – Where personal data is processed under the lawful basis of consent, an individual has the right to withdraw consent to that processing at any time. To withdraw consent, please email us, if you wish to withdraw consent to marketing emails, please click on the unsubscribe link in the relevant email.
Right to data portability – an individual may request a copy of their personal information in a format that would allow it to be transferred to another company in a safe and secure way. For further information, please contact the Head of Privacy at the above address
Right to restrict data processing – an individual may request that the processing of their personal information is restricted. SMCO Chartered Tax Advisors may retain the personal information in such circumstances, but will ensure it is not used for the purposes that have been restricted.
Right to object – an individual may object to the processing of their personal information for direct marketing (including profiling) and where it is being processed for our legitimate interests. For more information, please contact the Head of Privacy at the above address.
Automated decision making – SMCO Chartered Tax Advisors does not make automated decisions. However, your personal data may be profiled for marketing and communication processes when you have given consent to receive information from our firm about events, budget updates and insurances. Your personal data may also be profiled if you have consented to receive podcasts and videos. Please contact the Head of Privacy at the above address if you would like to withdraw your consent to profiling of your information.
Changing Privacy Laws
SMCO Chartered Tax Advisors recognises that the transparency of data processing is extremely important. This privacy statement will be kept under regular review to ensure it complies with current data protection laws.
This Privacy Statement was last updated on 27th January 2020.
Complaints
We take great care to comply with the laws governing the protection of personal data. If, however, you do want to complain about our use of personal data, please send an email and we will look into your concerns.
You have the right to bring your concerns to the attention of the Information Commissioner’s Office. For more information about how to complain to the ICO, please refer to the ICO website
Third Parties
Service providers who provide IT and/or administrative services, or provide assistance by way of a managed live chat service for website enquiries on our website.
