Brosnans is committed to ensuring the privacy of its clients and take appropriate security measures to safeguard the transfer and storage of personal data.
During the course of our activities, Brosnans Limited, will process personal data (held on paper, electronically or otherwise) about our clients. We recognise the need to treat this information in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR).
The purpose of this policy is to make you aware of how we will handle your personal data and how the law protects you.
WHAT IS PERSONAL DATA PROCESSING?
Personal data refers to any recorded information we hold about you, clients and contacts from which a person can be identified. It may include contact details, photographs (from passports, driving licences, employment ID cards), personal reference numbers (national insurance number, date of birth, bank account number etc), expressions of opinion about you or indications as to our intentions about you. “Processing” equates to doing anything with the data, such as accessing, disclosing, destroying, storing or using the data in any way.
WHAT REGULATIONS COVER THE PROCESSING OF YOUR PERSONAL DATA?
We are obliged, under law, to comply with the GDPR when processing any personal data. When using IT applications, personal data may be stored outside the UK. Further information about this can be found in our Standard Terms of Business.
WHO IS OUR DATA PROTECTION OFFICER?
or 01484 722125
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
HOW DO WE OBTAIN PERSONAL DATA?
In the majority of situations, you will supply us with your personal data when you first engage Brosnans as your service provider for accounting, tax, and payroll. The information given will include your name, address and contact details, date of birth, national insurance number. You will be required to supply photographic ID and confirm your bank account details or other proof of residence. Where we process your payroll we will also obtain the personal data of your employees.
INFORMATION WE OBTAIN FROM OTHER SOURCES:
We only obtain information from other sources if we are permitted by law or from public sources of information, for example, Companies House.
HOW WE WILL USE YOUR PERSONAL DATA?
We use your personal data in order to manage and administer your accounting, tax and business services requirements. We take all reasonable security measures in order to protect your personal data complying with the requirements of GDPR and the Institute of Chartered Accountants England & Wales (ICAEW), our governing body.
We may use your email address for periodic newsletters to update you on news and regulatory changes and also to promote some of our services. We will never pass your data to any third party marketing companies and every newsletter will have the option to unsubscribe at the foot.
We will keep information about you secure and confidential however there may be times when we are required to share your data with third parties. Your information will be disclosed to some, if not all, of the following third parties as part of our requirements to meet statutory regulations:
– PENSION PROVIDERS
– THE PENSION REGULATOR
– COMPANIES HOUSE
– LEGAL OR CRIME PREVENTION AGENCIES AS REQUIRED BY LAW
– ANYONE TO WHOM WE MAY TRANSFER OUR RIGHTS AND DUTIES UNDER ANY AGREEMENT WE HAVE WITH YOU (ALL OF WHOM WILL BE GOVERNED BY GDPR IN THE UK/EUROPE OR THE EQUIVALENT & APPROVED REGULATIONS OVERSEAS)
GDPR allows the data subject (the person to whom the data refers) certain rights in order to ensure that the data held on you is accurate and being processed in accordance with legislation. In some instances it allows for you to request the deletion of such data from our systems.
- Request access to any personal data we hold about you making a Subject Access Request (SAR) to the Data Protection Officer
- Restrict the processing of your data where you contest the accuracy of the data, believe the processing of data is unlawful or object to the process of the data until you are satisfied with the legitimate grounds for us doing so
- Ask to have inaccurate data held about you amended without undue delay
- Object to processing that is likely to cause unwarranted substantial damage or distress to you or anyone else
- Object to any decision that significantly affects you being taken solely by a computer or other automated process
- Request for data held about you to be forgotten (deleted) where it is not required too be held for legal or regulatory purposes. Please refer to our Statement of Terms
- Move, copy or transfer your personal data easily from one IT environment to another under the right to data portability
If you would like to instigate your rights please contact our Data Protection Officer.
HOW LONG DO WE KEEP THIS INFORMATION ABOUT YOU?
We will not keep your data for longer than is necessary, ie data will be destroyed securely or erased from our systems when it is no longer legally required.
For more information on specific retention periods, please refer to our Standard Terms of Business.
BREACHES OF THIS POLICY:
If you consider that there has been a breach of your rights or of the rights of any client/contact under GDPR then you should contact our Data Protection Officer.
Any breach of the GDPR which is likely to result in a high risk to the rights and freedoms of you as an individual or any of our clients/contacts will be reported to the Information Commissioners Office (ICO) without undue delay and where feasible within 72 hours of us being made aware of the suspected breach. For example, if a breach may result in discrimination against an individual or a loss of confidentiality this should be reported to the Data Protection Officer who will then notify the ICO as appropriate.
COOKIES & TRACKING
In order to improve the overall experience of visiting our website, we use a server-based log to collect anonymous information about our website visitors. This data is only used to generate statistical charts and will not be used in any other way.
Cookies are small text files that are stored on your computer when you visit a website. They are mainly used as a way of improving the website functionalities or to provide more advanced statistical data.
Our website uses Google Analytics which relies on cookies to generate more advanced visitor charts and data mining reports. Similarly to our server-based logs, Google Analytics collects anonymous information that will not be used to identify our website visitors.
Our website contains password protected area(s) that require a user to login. This login system offers to remember the user email address if the relevant box is ticked. Ticking the box will create a cookie that will automatically expire after 1 year or if the box is un-ticked on a subsequent visit.
Your web browser (the software you use to access our website) should allow you to control the cookies that it stores on your computer. Please refer to the relevant supplier’s website to find out more.
If you feel that this site is not following its stated information policy, you may contact us by phone, email or post.
This policy is subject to ongoing reviews in order to ensure we remain compliant with GDPR and maintain the security of your personal data. We reserve the right to update or amend this policy. Any substantial changes to the policy will be notified too you in writing.
This version was last updated on 29 May 2018. It is important that the personal data we hold about you is accurate and current. It is your duty to keep us informed if your personal data changes during your relationship with us.