Lang Bennetts is a Controller of personal data and we take the protection of your privacy very seriously. We will only use your personal information to deliver the accounting, taxation and business advisory services (our services) that you have requested from us, and to meet our legal responsibilities.
How do we collect information from you?
We obtain information about you when you engage us to deliver our services and when you use our website or our app, for example, when you contact us to enquire about our services.
Where we collect and process personal information, we do so on the basis that:
- you have specifically consented
- you have entered into a contract with us
- we are fulfilling another legal requirement
- we believe you share a common interest with us
If we do seek to collect personal information, we will be up-front, clear and open about this. We will make it evident when we are collecting personal information and will explain what we intend to do with it.
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include:
- your name, date of birth, address, telephone number and email address,
- your Unique Tax Reference (UTR) number and National Insurance number, details of your tax affairs, investments, payroll information, employments, accounting records and information included in other statutory returns,
- your bank account details,
- your IP address and which pages you may have visited on our website, via our app and in other electronic communications and when you accessed them.
We may require documentary details from you such as a driving licence, passport, utility bill or birth certificate in order to comply with our obligation to identify our clients.
How is your information used?
In general terms, and depending on which of our services you engage us to deliver, as part of providing our agreed services we may use your information to:
- contact you by post, email or telephone (you can choose),
- verify your identity where this is required,
- understand your needs and how they may be met,
- maintain our records in accordance with applicable legal and regulatory obligations,
- process financial transactions,
- prevent and detect crime, fraud or corruption,
- investigate and/or defend potential complaints, disciplinary proceedings and legal proceedings,
- invoice you for our services and related matters,
- meet legal obligations,
- process personal data of others in order to process the payroll (where we provide this service).
How long will we keep your information?
When you provide personal information, we will enter and store it in our databases and paper filing systems and use it to deliver the purposes listed above. We have regular processes to delete and destroy information that is no longer relevant or needed. To ensure compliance with all necessary requirements including legislation, regulation, and our insurers, it is the policy of the firm to retain all data for a period of 7 years from the end of the period concerned unless a longer retention period is required by these measures.
We are required to retain your data where we have ceased to act for you. The period of retention required varies in different circumstances. If you are no longer a client of the firm and there is no overriding requirement to retain your records for a longer period, or you tell us otherwise, it is our policy to destroy your records after a period of 3 years.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
We limit access to your personal data to only those employees, agents, contractors and third parties who have a business requirement to do so. They will only process your personal data in accordance with our instructions and they are subject to a duty of client confidentiality.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations where we are required to do so by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so such as for the purposes of completing tasks and providing services to you, such as cloud accounting and payroll services, email and secure document exchange systems, Croner Taxwise Limited, Mailchimp and FibreCRM. We also may use offsite storage facilities and secure document shredding services.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data for specified purposes and in accordance with our instructions.
How you can access and update your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email or write to us, or call us using the ‘Contact information’ noted below.
You have the right to ask for a copy of the information Lang Bennetts holds about you (see 'Your Rights' below).
Security precautions in place to protect the loss, misuse or alteration of your information
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, especially using email. However, we do provide a secure method for transferring personal and confidential information called IRIS OpenSpace.
Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Once we receive your information, we make our best effort to ensure its security on our systems. We make use of appropriate network security platforms, intrusion prevention, threat detection and prevention and other security measures.
We have procedures in place to respond to any suspected data breach and we will notify you and the applicable authorities where we are legally requried to do so.
Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but within the European Economic Area (EEA). We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
We may occasionally contact you by post, email or telephone with details of any changes in accounting, taxation, legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you no longer wish to receive such information from us, please let us know by contacting us as indicated under ‘Contact information’ below.
- Access to your information:You have the right to request a copy of the personal information about you that we hold.
- Correcting your information:We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information: You have the right to ask us to delete personal information about you within certain conditions
- Restricting how we may use your information:In some cases, you may ask us to restrict how we use your personal information.
- Objecting to how we may use your information:Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
- Withdrawing consent to use your information:Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
- Complain to the supervisory authority:You can contact the Information Commissioner and raise a concern.
Please contact us in any of the ways set out in ‘Contact information’ below if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on our website at https://www.lang-bennetts.co.uk/privacy. Paper copies of the privacy notice may also be obtained by contacting us using the 'Contact information' below
Additional information about our privacy arrangements specifcally for our website can be found at https://www.lang-bennetts.co.uk/disclaimer.
This privacy notice was last updated on 24 May 2018.
Privacy Officer: Jonathan Mashen
Telephone: 01872 272047
The Old Carriage Works