This policy is intended to provide you with important information about how we process your personal data. This includes details of what personal data we hold, how we store it, what we do with it, why we hold it and how long we hold it for.
The contents policy apply to both clients and prospective clients of Lewis Ball and Co. In order to provide you with the services detailed in our letter of engagement Lewis Ball and Co, must hold and process personal data. We use this information to; conduct Customer Due Diligence checks that we are obliged to conduct under law; meet our obligations detailed under our letter of engagement; and, provide you with any additional services we may agree with you to provide.
We hold your personal data on cloud-based accountancy software provided by Taxfiler, our outlook emails systems, as spreadsheets stored locally on our computers and, in some instances, as physical printouts stored in locked filing cabinets.
What is personal data?
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
What is sensitive personal data?
Sensitive personal data refers to the above but includes genetic data and biometric data. For example:
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is Lewis Ball & Co, William House, 32 Bargates, Christchurch, Dorset BH23 1QL.
The data protection officer is Dawn Wilson, who can be contacted at the above address or on firstname.lastname@example.org or by calling 01202 475252.
What is a Data Processor?
A “data processor” is a person or organisation which processes personal data for the controller.
What is Data Processing?
Data processing is any operations or set of operations performed upon personal data, be it by automated systems or not.
What information do we collect about you and how?
Lewis Ball & Co, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge the Services (as detailed in our Letter of Engagement and supporting Schedules) and for other related purposes including:
Cookies are small files saved to the user's computer's hard drive that track, save and store information about the user's interactions and usage of the website, through its server to provide the users with a tailored experience within this website.
Should users wish to deny the use and saving of cookies from this website onto their computer's hard drive, they should take necessary steps within their web browser's security settings to block all cookies from this website and it's external serving vendors.
How will we use the information about you and why?
At Lewis Ball & Co we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement and supporting schedules. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.
Our lawful reasons for processing your personal information will be “legitimate interests” (we can process your personal data if we have genuine and legitimate reason and we are not harming any of your rights and interests) or “A contract with the individual” (to supply goods and services you have requested).
We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purpose of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
Our work for you may require us to pass your information to other third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on your behalf.
How long will we hold your data?
During the course of our relationship with you we will retain personal data which is necessary to provide services to you.
We will take all reasonable steps to keep your personal data up to date throughout our relationship.
We reserve the right to retain data for as long as is required thereafter where we believe it is in our legitimate interests to do so.
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
How can I access the information you hold about me?
Your rights under the Data Protection Act are as follows:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
Please note that you have the right to request the above, however, when we receive your request we may object to your request if we do not agree with it. In such a case we will notify you by email and ask for your comments about our decision.
We will however inform you if the request has been granted or not.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email our Data Protection Officer on email@example.com or write to us using the contact details noted below. You will be required to complete a Subject Access Request form and provide us with proof of your identity in order for us to comply with your request and depending on the work involved a charge might be made.
We have an obligation to ensure that your personal information is accurate and up to date. Please ask us to correct or remove any information that you think is incorrect.
What can you do if you are unhappy with how your personal data is processed?
You also have a right to lodge a complaint with the supervisory authority for data protection. In the UK this is:
How to contact us
by email at firstname.lastname@example.org
Or write to us at:
Lewis Ball & Co