About this Policy
1.1 This policy is effective from 25 May 2018 and explains when and why we collect personal information about our clients, suppliers and other partners, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, our role will vary from being “Data Processor” in most cases, to being “Data Controller” in some cases, in relation to personal data we hold.
Who are we?
We are a limited liability company providing English law professional accountancy and taxation services in the UK, to UK and overseas clients.
Whose personal information we collect, hold and process.
3.1 Employees of clients, individual clients, corporate clients’ officers and shareholders and Limited Liability Partnerships’ members, identified as data subjects.
What information we collect and why
4.1 Type of information
Personal information such as identity, contact, tax and financial, necessary in relation to processing of services that you engage us to undertake on your behalf. We do not collect any other information on you that will have no bearing in the service you have engaged with us.
4.2 How we collect your information
We may collect your personal information as:
(a) provided by you in person in meetings with us;
(b) provided by your organisations, agents and advisors with your consent;
(c) provided to us by our clients;
(d) you communicate to us by telephone, post, email or other forms of electronic communications. In this respect, we may monitor, record and store any such communication;
(e) collected otherwise in the normal course of providing professional services.
For use in services that you have engaged us on, that may be in relation to processing payroll, processing personal tax information and anti-money laundering compliance.
4.4 Legal basis for processing
For the sake of performing contractual obligations between Fabaci Limited and its:-
(a) clients (companies and individuals) and
(b) suppliers and
(c) other partners
And for the taking of steps at the request of the data subject with a view to entering into a contract.
How we protect your personal Data
5.1 Where we have to transfer or share your personal data with our partners for further processing, we ensure full security and privacy of the data by having a “Processor’s Agreement” in place with our partners, as per the Information Commissioners Office (“ICO”)’s guidance.
5.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
5.3 Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
5.4 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Who else has access to the information you provide us and how we ensure data privacy.
6.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out above.
6.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services in order to fulfil our contractual obligation with you. We do this for the purpose of our legitimate interests in operating our practice for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to hold and process in order to deliver the service and we have a contract or data processor agreement in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (sub-processors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.
6.3 We also take necessary steps to ensure that all out partners are GDPR compliant where necessary, by acquiring and documenting their GDPR Policies and Privacy statements.
How long do we keep your information?
7.1 We will hold your personal data on our systems for as long as you are in contract with Fabaci Limited and for as long afterwards, as it is required by applicable laws or by legitimate business reason, in which case we will archive the data and implement reasonable measures to secure the personal data, and will only use if required for legitimate business purpose.
8.1 You have rights under the GDPR to:
(a) access your personal data
(b) be provided with information about how your personal data is processed
(c) have your personal data corrected
(d) have your personal data erased in certain circumstances
(e) object to or restrict how your personal data is processed
(f) have your personal data transferred to yourself or to another business in certain circumstances.
8.2 You also have the right to take any complaints about how we process your personal data to the Information Commissioner whose details are as follows:
Information Commissioner’s Office
Cheshire SK9 5AF
0303 123 1113
9 How to contact us
For more details, please address any questions, comments and requests regarding our data processing practices to:
The Data Protection Officer, Fabaci Limited, Kemp House, 152-160 City Road, London, EC1V 2NX.