We understand that the personal information you entrust us with is important, and we are committed to respecting and protecting your privacy, and that our policies adhere to GDPR and the UK The Data Protection Act 2018.
WHO WE ARE
WILLIAMS HARRIS LTD is a Limited Company registered in England & Wales No. 04364192.
Our registered office is at The Tannery, Westway Farm, Bishop Sutton, BS39 5XP. Telephone 01275 333623.
We also have another office at Frome Business Park,. Manor Road, Frome BA12 4FN. Telephone 01373 453871.
Our Data Protection Officer is Amy Harris, and she can be contacted at firstname.lastname@example.org.
You can find us on our Website – www.williamsharris.co.uk. We also maintain the residual websites for Financial Health (www.fhaccountants.co.uk) and AHB Accountants (www.ahbaccountant.co.uk) which are owned by Williams Harris Ltd.
WHAT INFORMATION WE COLLECT & HOW WE USE IT
We only collect personal information you have consented to provide and that assists us in acting as your Tax Advisors and Accountants. This will include your name, address, date of birth, ID to satisfy the Anti Money Laundering regulations, various tax reference numbers related to your affairs, and of course detailed information in relation to your personal and business affairs needed to complete your returns.
We intend to process personal data for the following purposes:
To enable us to supply professional services to you as our client.
To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
To comply with professional obligations to which we are subject as a member of Chartered Institute of Taxation.
To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
To contact you about other services we provide which may be of interest to you if you have consented to us doing so.
We will store email, notes of meetings and telephone conversations, letters, historic accounts and tax returns, and other relevant correspondence in relation to your affairs.
The main purpose of the information we collect is to enable us to deliver and communicate with you regarding our services. For this purpose the information might be shared internally, and authorised employees will have access to it. We may share your personal data with the following if it is required as part of providing our services to you:
any third parties with whom you require or permit us to correspond
an alternate appointed by us in the event of incapacity or death
tax insurance providers
professional indemnity insurers
our professional body and the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and the requirements of MLR 2017 (or any similar legislation).
If the law allows or requires us to do so, we may also share your personal data with:
the police and law enforcement agencies
courts and tribunal
the Information Commissioner’s Office (“ICO”)
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.
When acting as a data controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:
where tax returns have been prepared it is our policy to retain information for 7 years from the end of the tax year to which the information relates.
where ad hoc advisory work has been undertaken it is our policy to retain information for 2 years from the date the business relationship ceased.
where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but will be deleted 2 years after the end of the business relationship unless you as our client ask us to retain it for a longer period.
You have the right to access, change or have the data about you removed from out systems in accordance with the General Data Protection Regulation (GDPR). You may request a copy of the data we’re holding about you and information about the way we process it. You have the right to withdraw consent at any time.
You may request to have all your data stored with us deleted. However, to assist with the HMRC requirements information can be kept on record for a period of up to 10 years. At your request, this data can be anonymized, unless we are legally obliged to retain it in full.
You are entitled to be informed on how we process the data about you, and for how long we’re storing information about you in a plain and simple language. Under GDPR, you also have the right to access the personal data held and confirm that your data is being processed, for free. Inaccurate or incomplete data must be rectified – if this data has been disclosed to third parties, they too must be notified for the rectification.
We are committed to acting promptly and respectfully to any request you have to view, amend or delete any personal information we hold about you, and equally any request to join or withdraw from any mailing lists we manage. We will aim to meet this request within five days.
DPA 2018 requires that we comply with your requests promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent. Please note:
the withdrawal of consent does not affect the lawfulness of earlier processing
if you withdraw your consent, we may not be able to continue to provide services to you
even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).
We have a policy against ‘spam’ in any of its forms (print, electronic or voice) and we will not sell your personal information to a third party, and will only share your personal information without your consent in response to requests by law enforcement agencies.
We will not send you marketing information material unless you have given us permission to do so. Any marketing and service information material will contain an opt out ‘unsubscribe’ option that you can select at any time you elect to be removed from our mailing list.
All the digital information that we store is on secure servers, and we now work in an increasingly paperless environment. These secure servers are monitored to check that they are GDPR compliant.
Correspondence that is received in the post is either scanned and then shredded, or stored in locked drawers as we encourage a clear desk policy. We are using docSAFE as a secure web portal for communications with clients where possible, and encourage you to use this as the most secure means of storing and collaborating on your data. Accounting records that you provide to us are stored in a locked room when we are not working on them.
Any devices through which personal information storage is accessed, are password protected and effective security software enabled. Electronic devices are shut and all devices locked when left unattended.
In the unlikely event of a data breach that affects your personal information we will advise you within 72 hours.
WHEN YOU VISIT OUR WEBSITE
Like most website operators, we may collect non personally identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, IP address, and the date and time of each visitor request. The purpose in collecting this information is to better understand how you use our website. We may use software tools to measure and collect session information, and use this information to understand your needs and provide you with a better service.
Our company website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to manage our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
We will protect your personal information. In order to prevent unauthorised access or disclosure, and we have put in place robust physical, electronic and managerial procedures to safeguard and secure the information we collect both online and offline.
For any questions, concerns or complaints about how we process your information please contact us. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO) www.ico.org.uk
Amy Harris, Data Protection Officer for Williams Harris Ltd
Phone: 01275 333623
Post: The Tannery, Westway Farm, Bishop Sutton, BS39 5XP