1. PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
2. ABOUT US
RMT Accountants & Business Advisors Ltd is an accountancy, tax and business advisory firm also offering insolvency services and an IT specialism. We are registered in England and Wales as a limited liability company under number 06036364 and our registered office is at Gosforth Park Avenue, Newcastle upon Tyne NE12 8EG.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Where we act as a data processor on behalf of a data controller (for example, when processing payroll), we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
We have appointed a Data Compliance Officer who will be our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact you can do so using the contact details noted at paragraph 14 (Contact Us), below.
3. THE KIND OF INFORMATION WE HOLD ABOUT YOU
We may collect personal information from you in the course of our business, including through your use of our Website, when you contact or request information from us, when you engage our accounting, tax or other services, or where you provide services to us or as a result of your relationship with one or more of our staff and clients.
The personal information that we process includes:
Basic information, such as your name (including name prefix or title), the company you work for, your title or position and possibly your relationship to other persons;
Contact information, such as your postal address, email address and phone number(s);
Financial, accounting and tax related information, as well as payment-related information;
Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically;
Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
Identification and background information provided by you or collected by us as part of our business acceptance and know your client processes;
Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data; and
Any other information relating to you which you may provide to us.
Where you are a potential employee, worker or other member of our staff, we may collect additional categories of your personal data from you for the purposes of our recruitment process.
4. HOW WE MAY COLLECT YOUR PERSONAL DATA
The categories of data listed in section 3 are collected in the following ways:
We collect information from you as part of our business acceptance and know your client (KYC) processes and about you and others as necessary in the course of providing accounting, taxation and other services;
We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms or applications;
We may collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date, using publicly available sources; and
Any personal data you give to us in meetings may also be retained by us.
When you use our website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
Where you provide services to us, we will take administrative personal data (personal contact details of your personnel or representatives) to enable us to administer our relationship with you and receive the necessary goods and services from you.
5. HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU
Your personal data is primarily to enable us to administer our relationship with you, and/or to supply you with the appropriate accountancy, taxation and other services and advice that you have instructed us to provide. We also may use your personal information:
• To provide and improve our website, including auditing and monitoring its use;
• To provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients;
• To provide information requested by you;
• To promote our services, including sending Professional Accounting Body updates, publications and details of events. You can opt-out at any time and when you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so;
• To manage and administer our relationship with you and our clients;
• To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims; and
• For the purposes of recruitment.
Technical information we collect about your visit to our Website is used to enable us to:
• Personalise and improve its functionality and security (to keep it safe and secure);
• Administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
• Ensure that we can offer you the most effective and efficient browsing experience and make improvements where necessary.
Where we change our services, or any applicable terms and conditions, we will contact you.
Meetings, events and seminars:
• We will collect and process personal information about you in relation to your attendance at our offices or at an event or seminar organised by us or our business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have.
In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
6. DATA RETENTION
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal data;
• the lawful grounds on which we based our processing;
• the types of personal data we have collected;
• the amount and categories of your personal data; and
• whether the purpose of the processing could reasonably be fulfilled by other means.
7. CHANGE OF PURPOSE
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
8. DATA SHARING
We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
Our professional advisers;
Suppliers to whom we outsource certain support services such as;
IT and Cloud Services/Marketing service providers to RMT;
Third parties engaged in the course of the services we provide to clients and with their prior consent, such as solicitors, barristers, other relevant professional providers and technology service providers such as data room services;
Third parties involved in hosting or organising events or seminars;
Third party search facilities for anti-money laundering checks including Smartsearch.com. You should review their privacy policies for more information on how they deal with your personal information.
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, HM Revenue and Customs, other, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new RMT entities or to third parties through which the business of RMT will be carried out.
We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
9. TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures.
10. DATA SECURITY
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our data protection point of contact using the details noted at paragraph 14 (Contact Us) below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
12. RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email our data protection point of contact email@example.com
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
13. CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be updated on our website at www.r-m-t.co.uk
This privacy notice was last updated on 22 May 2018
14. CONTACT US
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our Data Protection Point of Contact at firstname.lastname@example.org or telephone our Data Protection Point of Contact on 0191 256 9500 or in writing to us at this address:
Data Compliance Officer
RMT Accountants & Business Advisors Ltd
Gosforth Park Avenue
Newcastle upon Tyne
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns