We are RD Accounting Limited. Our company details and officers can be found here: https://beta.companieshouse.gov.uk/company/10350704
We are a Controller for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679). Known as 'GDPR'.
Our representative for the purpose of data protection compliance is Richard Dunkley (firstname.lastname@example.org).
We respect your privacy and your rights to control your personal data (data). We will always protect your data, be clear about the data we collect from you and the reasons why. We do not and will not sell your data to third parties.
We will only use your data when the law allows us to. Most commonly, we will use your data in the following circumstances:
Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests
Where we need to perform the contract for services we are about to enter into or have entered into with you
Where we need to comply with a legal or regulatory obligation.
The Policy describes:
Types of information we collect, why and how
How we use your data
When we may share or disclose your data
How to access and control your data
Communication, marketing and advertising preferences
Where we store and process data
How we secure your data
Our retention of your data
Changes to our Policy
How to contact us
Please read this Policy carefully.
Types of information We collect, Why and How
We will only collect personal data from you that we consider to be necessary in the context and purpose in which it's given.
Through your use of our services we may also collect personal data from you about someone else. If you provide us with personal data about someone else, you must ensure that you are authorised to disclose that data to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such personal data for the purposes described in this Policy. You must, therefore, take reasonable steps to ensure that the third party concerned is aware of and consents to the various matters detailed in this Policy, including: the fact that their personal data is being collected; the purposes for which that data is being collected; the intended recipients of that data; and the third party's right to obtain access to the data (including details of how to request access). Where requested to do so, you must assist us with any requests by the third party to access or update the personal data you have collected from them and provided in connection with our Services.
You will usually be required to provide information when:
Making an enquiry (and for us to provide a quote)
Forming a company
Using any of our services (such as accounts preparation, tax returns, payroll etc.)
Using our services accountancy, tax & payroll services
To enable us to undertake accountancy, tax or payroll services we will usually require certain personal data.
1) What we collect
The type of personal information collected will usually include:
Date of birth
National Insurance Number
Unique Taxpayer Reference
Copies of proof of identification/address (e.g. driving licence/passport/utility bills etc.)
The services we perform require us to hold this personal information for several reasons:
To make submissions to HMRC or Companies House.
To contact you to provide our services (e.g. to send you documents or ask queries).
As accountants we are required to comply with Money Laundering Regulations, this requires us by law to hold evidence that we have verified your identity.
To provide the best possible advice and service it is usually essential we know your full circumstances (e.g. marital status) as these can often affect your tax position.
Data is collected through online forms; email; telephone; SMS text message; or by post.
Providing and enhancing our products and services
We use data to provide and improve our services and perform essential business operations. This includes operating our services, maintaining and improving the performance of our services, including developing new features, research, testing and providing client support.
We use data to ensure we comply with relevant regulation and law. This includes needing to verify your identity if you subscribe to our accounting services. This verification may involve:
(a) a full electoral roll search (your consent is not required for this); and
(b) credit reference agencies placing a search footprint on your electronic file and your data being accessed by third parties for the specific purpose of anti-money laundering, credit assessment, ID verification, debt collection, asset reunification, tracing and fraud prevention.
Security, Safety, and Dispute Resolution
We use data to protect the security and safety of our services and our clients, to detect and prevent fraud, to resolve disputes and enforce our agreements.
We use the data we collect to deliver and personalise our communications with you. For example, we may contact you by email or other means of electronic communication to inform you about our services, invite you to take part in a survey, notify you about promotions, business activities, events and changes to our services.
If you become a customer you may also receive service-related communications. These will include system and service support communications, policy, security or software updates.
When we may share or disclose your data
We do not sell data about our clients and we only share or disclose your data as authorised in this Policy.
We may share or disclose information with the following types of third parties.
Suppliers: We work with a variety of third party suppliers to perform our services effectively, these include:
Tax and Accounts software – to submit electronic communication to HMRC & Companies House.
Cloud based practice management software – to monitor deadlines and tasks.
Cloud based client portal – so we can securely exchange documents.
Cloud based file management and backup – to store files and working papers securely.
We share your personal data as necessary to complete any transaction or provide a product or service you have requested. We have reviewed the privacy policies of all our suppliers for which we share your data and have satisfied ourselves these comply with GDPR and that your data is as safe as possible.
Where possible we always enable 2 factor authentications to sign into these applications. Together with strong passwords we believe this ensures your data is as safe as possible.
Legal/Regulatory Bodies: To the extent that we are duty bound by any applicable legal or regulatory requirement to cooperate with any competent legal or governmental authority or agency, we shall do so in accordance with applicable law. This may involve disclosure of your personal data and we will have no legal liability for such disclosures. Please note that, depending on circumstances, we may be forbidden from advising you of the fact that your personal data has been disclosed to or requested by such third parties.
Under Section 330 of the Proceeds of Crime Act 2002 we have a duty to report to the Serious Organised Crime Agency (SOCA) if we know, or have reasonable cause to suspect, that you or anyone connected with your business are or have been involved in money laundering. Failure on our part to make a report where we have knowledge, or reasonable grounds for suspicion, would constitute a criminal offence. We are obliged by law to undertake this reporting to SOCA but are under no obligation to make you aware of this reporting. In fact, we may commit the criminal offence of "tipping off" under Section 333 of the Proceeds of Crime Act 2002 if we were to inform you that a report had been made. In consequence, we may not enter into any correspondence or discussions with you regarding such matters.
Other Parties: with whom it might be necessary to complete a financial or corporate transaction such as a merger or sale of asset.
How to access and control your data
You can review, edit or delete your personal data by contacting us by email to email@example.com. We will respond to any request to access or delete your personal data as soon as possible, but certainly within 14 days.
By visiting our website or using our services you agree that you are happy for us to set cookies and similar technologies for the purposes described in this Policy.
A 'cookie' is a small data file that is sent to your computer's cookie file when you visit a website. When you visit the website again the cookie allows that site to recognise your browser.
We use two types of cookie, 'persistent' and 'session'. Session cookies are temporary and will only stay on your device until you close your browser at which point they are deleted. Persistent cookies stay on your computer or mobile device permanently until they expire or are deleted.
We use the following types of cookies on our website:
Strictly necessary cookies. These cookies are essential for you to browse our websites and use the features.
Performance upped. These cookies collect information about how you use our websites. This data may be used to help optimise our website and make it easier for you to navigate.
Functional cookies. These cookies allow our websites to remember choices you make and personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area.
Third Party cookies. Third party cookies are those placed by websites and/or parties other than RD Accounting Limited. These cookies may be used on our website to improve our products or services or to help us provide more relevant advertising. These cookies are subject to the respective privacy policies for these external services, for example, the Facebook Data Use Policy.
Analytics cookies. We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful, and how they arrived.
How to control cookie settings
Most web browsers allow you to control cookies through their settings preferences, however if you limit the ability of websites to set cookies, you may impact your overall user experience.
Marketing and Advertising
We do not currently use your details to perform direct marketing in any format (post, email or telephone). Our website is for information and contact purposes only and is not used to obtain any personal data.
Where we store and process data
By submitting your personal data, you agree to its transfer, storing and processing.
Your personal data is stored in several locations for access (and backup purposes). These include third party serves and data centres provided by our suppliers. We have ensured that these meet GDPR guidelines and are securely encrypted.
Other personal data may be kept in paper form within our office, if needed, although in the main copies are destroyed after they have been scanned into computer systems.
We will not transfer personal data outside of the European Economic Area (EEA) without complying with the provisions of the Data Protection Legislation in respect of such transfer. Where you access our services outside the EEA, it shall be your responsibility to ensure that any access outside of the EEA which results in a transfer of personal data complies with the provisions of the Data Protection Legislation.
However, if you choose to access your personal data outside the EEA, you should only do so in a secure environment which means that your browser must support the encryption security used in connection with our services.
How we secure your information
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure.
For example, any personal data transferred to us over the internet is protected with Secure Sockets Layer / Transport Layer Security (SSL/TLS) Encryption Certificate technology. This ensures that all personal data transferred is encrypted to prevent eavesdropping and tampering.
While no Service is completely secure, we take precautionary measures and has strict security standards to help prevent data loss, theft, misuse and unauthorised access, disclosure, alteration and destruction or other like incidents that might affect the security of your personal data.
These measures include encryption, password protection, anti-malware, firewalls, server authentication, user profiles, backup/disaster recovery systems, restriction of access to premises and computer systems, as well as use of relevant third party service providers to provide security.
However, we cannot guarantee the security of your personal data while it is being transmitted to us if you don’t enter or import it from a secure environment or secure mobile device.
We operate a client portal which requires the use of an individual user login and password. To protect the confidentiality of data, you must keep your password confidential and not disclose it to any other person. Please alert us immediately if you believe your password has been misused. Additionally, always logout and close your browser when you finish your session, especially if you’re on a public computer. You are ultimately responsible for administering and safeguarding any passwords or memorable words created to control access. Please note, we will never ask you to disclose your password in an unsolicited phone call or email.
If you have any questions about the security of your data, you can contact us at firstname.lastname@example.org.
Our retention of your information
We retain personal data for as long as necessary to provide our services or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly.
For example, the default standard retention period for accounting records is six years plus current, otherwise known as six years + one. This is defined as six years after the last entry in a record followed by first review and/or destruction to be carried out in the additional current (+ one) accounting year.
If we need to alter, restrict processing of your data, or remove your data we will inform you.
You can find detailed information about your rights under Data Protection legislation on the UK Information Commissioner's website at ico.org.uk.
You have the right to withdraw consent, at any time and you may always opt not to disclose certain data, but that may mean we will be hindered in our ability to provide our services, or it may mean you will not be able to access certain services.
The right to be informed - You have the right to obtain confirmation whether your personal data is being processed by us or a third party processor. Through this Policy we explain the data we may gather, how it is used and why.
The right of access - You have the right to access personal data we hold about you. You can make a request for access to the data we hold about you by emailing email@example.com.
There is no charge for this service. However, we can charge a 'reasonable fee' when a request is manifestly unfounded or excessive, particularly if it is repetitive and we may also charge a reasonable fee to comply with requests for further copies of the same information.
We will provide copies of the personal data we hold about you without delay and at the latest within one month of receipt. The period of time for response may be extended by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why.
The right to rectification - You have the right to your personal data being corrected if it is inaccurate or incomplete. If you think your personal data needs to be corrected email firstname.lastname@example.org.
The right to erasure (also known as the right to be forgotten). You can withdraw your consent and request the deletion or removal of your personal data where there is no compelling reason for its continued processing. We have in place processes to regularly review the data we hold and ensure that it is removed when it is no longer appropriate to hold it. However, if you wish to make a request for Your personal data to be removed, you can do this by emailing email@example.com.
The right to restrict processing. Under certain specific circumstances, such as when you contest the accuracy of your personal data, you have a right to 'block' or suppress processing of personal data. If this is requested we are permitted to store your personal data, but not further process it. In the unlikely event that you wish to restrict processing you can do this by emailing firstname.lastname@example.org.
The right to data portability. You have the right to data portability allowing you to obtain and reuse your personal data for your own purposes across different services. To allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without hindrance to usability we can provide you with a CSV file. Please email email@example.com. Please note this right only applies to data subject to automated processing.
The right to object. You have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing; and
processing for purposes of scientific/historical research and statistics.
This is currently not applicable as we do not perform any direct marketing.
Rights in relation to profiling and automated decision making.
If you exercise any of your rights and your personal data has been shared with third parties, we will notify the third parties that you are exercising your rights as relevant to them.
If you wish to complain about our handling of your personal data, please contact our Data Protection Officer, providing full details of your complaint and including any relevant documentation, by:
email firstname.lastname@example.org; or
letter to the Data Protection Officer, RD Accounting Limited, 23 Mount Road, Fairfield, Bromsgrove, B61 9LN
You have the right to lodge a complaint with the Information Commissioner Officer, details of how to do this are given at their website: ico.org.uk.
Changes to our Policy
We may modify or update this Policy when necessary to reflect feedback and changes in our services. Visiting our website and/or using our services after any modification to this Policy will constitute your acceptance of such modification and updates. When we update this Policy we will revise the 'Last Update' date at the top of the Policy.
If there are material changes to the Policy or in how we use your personal data, we will notify you either by posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to regularly review this Policy to learn more how we are using and protecting your information.