Kempton Accountancy Services Ltd is a limited company registered in England, Registration No.08776943 (“we”, “us”, “our”) and is committed to the privacy of your personal data.
- what personal data we collect about you in the course of your engagement with our services, why we collect it, who it goes to and how long we keep it
- how we use your personal data
- how we protect your personal data
- your legal rights in respect of your personal data, including how to access and update the information we hold about you.
By continuing to use our services, you agree to our use of your personal data on the terms outlined in this policy.
ABOUT THE POLICY
This policy provides you with information on how we’re using your information and the actions we take to protect your privacy.
On specific occasions, we may provide you with additional information when we collect your personal data. This policy is designed to supplement any specific notices and they should always be read in conjunction with each other, so you’re fully aware of how and why we’re using your data.
WHAT DATA ARE YOU COLLECTING?
We collect personal data, meaning data that can be used to identify you. This can include, among other things, any personal data you provide to us through our website, and via your communications with us through email.
Some of the services you receive from us may require the collection, storage and transfer of different kinds of personal data.
WHY ARE YOU COLLECTING MY DATA?
We can only process your personal data if we have a legal basis to do so. In addition to the specific instances where you’ve provided your consent, we may also process your personal data when it’s necessary for one or more of the following:
- meeting our legal obligations
- our legitimate interests
- performing our contract with you.
On occasions, it may be necessary to process your data for reasons unrelated to those outlined in this policy. On these occasions, we’ll notify you and explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WILL MY PERSONAL DATA BE SHARED WITH ANYONE?
In general, we don’t sell or share your personal data with third parties. However, it might be necessary for us to do so on occasion, to deliver the required service to you or to comply with our legal obligations. If so, we’ll always tell you first.
We take your email and communication privacy seriously and will not pass your contact details to third parties for marketing purposes without your prior consent.
HOW LONG WILL YOU KEEP MY DATA?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected the data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
And in all cases, data may be retained for longer for research and archiving purposes or if it cannot be deleted for legal, regulatory, verification of achievements, statistical or technical reasons. In these cases, steps will be taken to ensure that data is held securely and processing is restricted.
WHERE DO YOU GET MY DATA FROM?
In general, you provide your personal data to us directly, when you communicate with us through various channels, such as our website, social media channels, email or face to face meetings.
SPECIFIC INFORMATION ABOUT MY DATA
The reasons and methods for collecting, using and transferring your personal data varies depending on why and how you’re using our services.
HOW DO YOU PROTECT MY DATA?
We’re committed to protecting the security of your personal data, and as such we’ve put in place appropriate measures to:
- prevent your data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed
- deal with, and notify you and any applicable regulators, of any suspected personal data breaches where we’re legally required to do so
- limit access to your personal details to only those employees, agents, contractors and other third parties who have a business need. They will only be able to process your personal data on our instructions and will be subject to a duty of confidentiality.
WHAT ARE MY RIGHTS?
You may have the right to:
- request access to your personal data. You’ll be able to request a copy of the personal data we hold about you and check that we’re processing it legally.
- request correction of your data. You’ll be able to correct and update any incomplete or inaccurate data we hold about you, however, we may need to verify the accuracy of the new data you provide.
- request erasure of your personal data. You’ll be able to ask that we delete or remove your personal data where there is no good reason for continued processing. You’ll also have the right to ask that we delete or remove your personal data where an objection to processing has been successful, where we may have processed your data unlawfully or where we’re required to delete data to comply with local law. When requested we will delete your personal data within 30 days.
- object to processing of your data. You’ll be able to request that we stop using your personal data:
- for direct marketing purposes
- if you want us to establish the data’s accuracy
- where our use of the data is unlawful but you don’t want us to delete it
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend a legal claim
- you’ve objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- right to withdraw consent, where we’re relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out prior to your request. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll advise you if this is the case when you request to withdraw your consent.
What are the requirements and consequences of making a request?
Requests relating to changes to our handling of your personal data will generally be free of charge, and we’ll aim to respond to all requests within one month. However, please note:
- we may need you to supply additional information to confirm your identity and ensure your right to access your personal data (or exercise your rights). This is to ensure that personal data is not disclosed unlawfully
- we may need to contact you to help speed up the resolution of your request
- occasionally, it may take longer than one month to resolve your request, but in these cases we’ll notify you and keep you updated on timing
- any requests to restrict or delete your data will limit your ability to access our services and products, and/or result in ending your relationship with us.
Please note that these rights apply by law, only to certain types of personal data and processing, and may not be applicable to your circumstances.
If you have any concerns about how we handle your data, please contact Jody Colbert. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further details, www.ico.org.uk
If you wish to exercise any of the above rights, you’ll need to contact us in writing.