Sproull & Co. Limited – General Data Protection Regulations

Privacy Statement – May 2018

Introduction To GDPR

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018. It is an overhaul of the existing EU legislation on Data Protection, and not a new approach. It replaces the UK’s Data Protection Act 1998.

Name of The Responsible GDPR Officer

Mr. Warren Gell, or alternatively another Director of Sproull & Co Ltd.

The Purposes of Processing Personal Data

Sproull & Co Ltd is a “processor” of personal information. We will use some, or all, of your personal data to:

  1. Enable us to supply professional services to you as our client;
  2. Fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”));
  3. Comply with professional obligations to which we are subject as a member of (e.g. ICAEW & CIOT);
  4. Use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;
  5. Enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen; and
  6. Contact you about other services we provide which may be of interest to you if you have consented to us doing so.

Lawful Basis for Processing

The processing of your personal data is necessary for the contract we have with you (Letter of Engagement) and legal obligations to which we are subject to (e.g. MLR 2017).

Categories of Personal Data Obtained

In addition to personal data obtained from yourself, and maybe your professional adviser(s), we sometimes obtain personal data from HM Revenue & Customs and Companies House to assist in the preparation of Accounts, Company Secretarial documents, Payroll, Reports and Tax Returns. When appropriate, we will request personal data from a previous Accountant/Tax Advisor to ensure a smooth handover of your affairs and to accurately prepare your Accounts, Tax Returns and other documents. Sproull & Co Ltd does not purchase information about clients or potential clients. We do not obtain any data from people who access our website.

Recipients of Your Personal Data

We may share your personal data with:

  1. HMRC & Companies House;
  2. Any third parties with whom you require or permit us to correspond;
  3. Subcontractors;
  4. An alternate appointed by us in the event of incapacity or death;
  5. Tax insurance providers;
  6. Professional indemnity insurers; and
  7. Our professional bodies (e.g. ICAEW & CIOT) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).

If the law allows or requires us to do so, we may share your personal data with:

  1. The police and law enforcement agencies;
  2. Courts and tribunals; and
  3. The Information Commissioner’s Office (“ICO”)

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.

Retention Periods of Personal Data

In accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:

  1. Where Accounts and Tax Returns etc. have been prepared it is our policy to retain information for 7 years from the end of the tax year to which the information relates;
  2. Where ad hoc advisory work has been undertaken it is our policy to retain information for 7 years from the date the business relationship ceased; and
  3. Where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but should be deleted 7 years after the end of the business relationship unless you as our client ask us to retain it for a longer period.

Our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.

You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as follows:

Individuals, trustees and partnerships

  1. With trading or rental income: five years and 10 months after the end of the tax year; and
  2. Otherwise: 22 months after the end of the tax year.

Companies, LLPs and other corporate entities

  1. Six years from the end of the accounting period.

The Rights Available to Individuals

The GDPR provides the following rights for individuals:

  1. The right to be informed about our processing of your personal data;
  2. The right to request access of your data;
  3. The right to rectification of inaccurate and/or incomplete data;
  4. The right to erasure of your personal data;
  5. The right to restrict processing of your data;
  6. The right to data portability of your data; and
  7. The right to object to processing of your data.

There are rights in relation to automated decision making and profiling. Sproull & Co Ltd is not involved in such activities.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law.

What Personal Data Do We Hold?

We hold personal data such as full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, national insurance number, tax reference number and financial details.

Where & How is Personal Data Secured?

We have computer servers to hold personal data in electronic format. We use professional software such as IRIS and CCH, plus Microsoft Excel spreadsheets and Word documents. The servers are password protected and have professional malware and anti-virus software installed, which is up-dated regularly. We have a separate professionally installed firewall. Data is backed up daily (Monday to Friday). Current paper-based data held in files and folders are held in lockable filing cabinets.

We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice. The latest privacy notice will be available on our website.