At Ian Walker & Co Chartered Accountants, we’re committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who approach us and engage our services, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to Ian Walker & Co, Box Tree House, Northminster Business Park, Upper Poppleton, York, YO26 6QR. Alternatively, you can telephone 01904 310241.
WHO WE ARE
We’re IWC Professional Limited, (England & Wales 09671501) trading as Ian Walker & Co Chartered Accountants. We are bound by the professional ethics of the Institute of Chartered Accountants in England & Wales (ICAEW). The registered address is Box Tree House, Northminster Business Park, Upper Poppleton, York, YO26 6QR.
Ian Walker & Co is the controller and responsible for your personal data (collectively referred to as "company", "we", "us", or "our" in this privacy notice). We have an appointed senior member of staff as “Data Controller” who holds responsibility over our GDPR policy, this being the Company Director Ian Walker.
Your have the right to make a complaint at any time to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). we would however, always appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance; should such matters arise.
HOW INFORMATION IS COLLECTED FROM YOU
We obtain information about you when you contact us about our services, as a potential new client. Once engaged, the furtherance of our duties will result in more of your data being accessible to, and held by us.
THE TYPE OF INFORMATION WE COLLECT FROM YOU
The personal information we collect might include your name, address, email address, telephone number, National Insurance number and Unique Taxpayer Reference, date of birth and marital status.
Where we need to collect personal data by law, or under the terms of service (Engagement Letters) we have with you and you fail to provide that data when requested, we may not be able to perform the services instructed. In this case, we may have to stop providing the service you have with us but we will notify you if this is the case at the time.
HOW YOUR INFORMATION IS USED
In the execution of our duties for the professional services you have engaged us, we may use your information to:
Register you as a client on our database;
Send you communications which are pertinent to you as our client, to help you meet your filing obligations. These will include Self-Assessment books requests and reminders and company year-end reminders and books requests;
Register you for Self-Assessment with HM Revenue & Customs in accordance with your instructions;
Request authority to act on your behalf with HM Revenue & Customs;
Register your company for PAYE, VAT, CIS and Auto-Enrolment in accordance with your instruction;
Send you marketing communications. For more details on this see “Your choices” below.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations in line with the Data Protection Act 1998, (General Data Protection Regulations 2018 as of 25th May 2018) and under the Criminal Finances Act 2017. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHO HAS ACCESS TO YOUR INFORMATION?
We will not sell or rent your information to any third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: upon your written instruction we may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you (for example for Auto-Enrolment and Fee Protection services). This may include referring you on a shared commission basis to other professional firms (Independent Financial Advisors etc). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the specific service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the remit of your instruction.
When you are making payment to us by Paypal, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions.
You have a choice about whether or not you wish to receive information from us. The type of communications you will receive from us include, but are not limited to:
Annual Fee Protection offering
Invitations to seminars on subjects pertinent to our clients
Technical advisory releases
Marketing material of the practice including annual Tax Cards and Christmas cards
Communications to you if our office is your company’s Registered Office
If you do not want to receive any, or all, of these please email email@example.com stating your preference. Your decision will be recognised on our database and you will be excluded from such; per your instruction.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: firstname.lastname@example.org or telephone on 01904 310241.
HOW YOU CAN ACCESS AND UPDATE YOUR INFORMATION
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is varied, inaccurate or out of date, please email us at: email@example.com, or writing to Ian Walker & Co, Box Tree House, Northminster Business Park, Upper Poppleton, York, YO26 6QR. Alternatively, you can telephone 01904 310241.
You have the right to ask for a copy of the information IWC Professional Limited hold about you (we retain the right to levy a charge of £10 for information requests) to cover our costs in providing you with details of the information we hold about you.
SECURITY PRECAUTIONS IN PLACE TO PROTECT THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information is encrypted and protected with SSL encryption. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Our email system uses Office 365 Message Encryption to keep our transfer of data safe. If you are unable to access the encrypted email you may request your information be sent by unencrypted email, therefore opting out of this aspect of GDPR. However, we must receive your request in writing (by email). Such steps result in these exchanges falling outside of our GDPR protocols and obligations.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
USE OF 'COOKIES'
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
LINKS TO OTHER WEBSITES
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be unavoidably transferred outside of the EU in order for us to provide you with those services. Despite our servers being in the UK, we can’t guarantee the location of servers used by third parties utilised over said duties (ie SAGE, Xero, Dropbox etc).
YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Request access to your personal data
Request correction of your personal data
Request erasure of your personal data
Object to processing of your personal data
Request restriction of processing your personal data
Request transfer of your personal data
Right to withdraw consent
If you wish to exercise any of the rights set out above, please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
REVIEW OF THIS POLICY
We keep this Policy under regular review. This Policy was last reviewed and updated in April 2019.