more legal stuff
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Dennis & Turnbull Ltd (d&t) is a data Controller and a data Processor that processes your personal data who can be reached at Swatton Barn, Badbury, SN4 0EU and at email@example.com. The Data Protection Officer is priviness who can be reached at 32 Blyburgate, Beccles, NR34 9TB, and at firstname.lastname@example.org. Internally we have appointed a Head of Privacy who is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact, please email email@example.com.
d&t process your personal data to carry out contracted accountancy-related and other services (commercial or otherwise), to obtain and retain for future investigations as an agent, and to manage potential, current or expired contractual relationships and payments, for which the legal bases are both client contract and d&t’s legitimate interest as well as a legal requirement in the submission of returns.
As part of d&t’s contractual services, the personal data that they process is to fulfil statutory obligations such as the filing of returns, for example, to HMRC or Companies House. To comply with anti-money laundering legislation, d&t may profile your personal data.
Please see the full set of services available here.
During the course of fulfilling d&t’s contractual obligations, your personal data may be collected, provided by you or passed to us by another accountancy service provider at your request, which may be processed and retained.
This includes, but is not limited to: name, address, email address, IP address, telephone numbers, date of birth, National Insurance number, Unique Tax Reference, videos, image stills and voice recordings, details of contact we have had with you in relation to the provision or the proposed provision of our services, details of any services you have received from us, our correspondence and communications with you, information about any complaints and enquiries you make to us, information from research, surveys, and marketing activities, information we receive from other sources, such as publicly available information or information provided by your employer and / or financial matters that may, for example, directly, indirectly or potentially identify your identity.
During the course of fulfilling d&t’s contractual obligations, special categories of your personal data may be collected, processed and retained, including, but not limited to, personal data such as names, email addresses, pseudonyms, stage names and addresses as well as email addresses that may, for example, directly, indirectly or potentially identify your race, religion and / or sexual orientation.
In order to fulfil d&t’s contractual obligations, some services are provided by third parties, some of whom are outside the EEA, who may receive your personal data, the legitimate interest of both d&t and the third party being to provide d&t’s data subjects with ongoing accountancy and related services, where appropriate documented safeguards are in place, details of which are available from d&t on request.
In this case “third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers: IT (and cloud) services, professional advisory services, administration services, marketing services and banking services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of our business. We may also need to share your personal data with a regulator or similar in order to comply with the law.
d&t need to retain your personal data for up to 15 years in order to comply with their legal obligations, specifically anti-money laundering legislation, and as required by police, HMRC and the policies of other authorities (who may choose to retain for a lesser period). d&t may retain some older personal data for their contractual obligations.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis for their specific business function. They will only process your personal data on our instructions and they are subject to a duty of confidentiality under their contract.
We have put in place procedures to deal with any suspected or actual data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If d&t process your personal data, you have all or some of these rights as follows: if we have it and from what source we collected it (if not you); to access, rectify or erase personal data, or restrict processing, or object to processing, as well as the right to data portability.
If you want to exercise any of these rights, please email our Data Protection Point of Contact at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. You have the right to lodge a complaint with a supervisory authority (the ICO is an example).
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive communications from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email our Data Protection Point of Contact at email@example.com.
Once we have received notification that you have withdrawn your consent, we may no longer be able to process your personal information (personal data) for that purpose or purposes you originally agreed to, unless we have another legal legitimate basis for doing so.
If you have any questions, we'd be happy to help. Please contact firstname.lastname@example.org.
Stay in complete control with no surprise big bills at the end of the year. Pay fixed monthly fees via direct debit for the package of services you choose.
Choose a multi-award winning accountancy firm, one of the few in the UK accredited by the bfa (British Franchise Association).
Moving to d&t is ZERO risk with our 100% satisfaction money back guarantee. This is not special offer; it has been part of our service since 2012.
Enjoy a professional, consistent and friendly service with ongoing support and advice included.