In accordance with the GDPR anyone processing Personal Data must comply with the six principles of good practice. These provide that Personal Data must:
be processed fairly, lawfully and transparently;
2. only be used for the purpose for which it was collected;
3. be adequate, relevant and not excessive for the purpose for which it is being processed;
4. be accurate and kept up-to-date;
5. not be kept longer than necessary to fulfil the purpose of its collection; and
6. be kept secure and protected from unauthorised processing, loss, damage or destruction [which includes the data not being transferred to a country or territory outside the European Economic Area unless the Personal Data is adequately protected and/or consent of the Data Subject has been provided].
1. Fair, Lawful and Transparent Processing
For Personal Data to be processed lawfully, the basis for the processing must be one of the legal grounds set out in the Enactments. These include, among other things, your written consent to the processing, or that the processing is necessary for the performance of our bookkeeping contract with you.
In the event we collect Personal Data directly from you, this Notice should assist in informing you about:
1.1 The purpose or purposes for which we intend to process your Personal Data.
1.2 The types of third parties, if any, with which we may share or disclose your Personal Data.
1.3 The means with which you can limit our processing and disclosure of your Personal Data.
If we receive Personal Data about you from other sources, we will provide you with this information as soon as possible thereafter.
When sensitive personal data is being processed, additional conditions and securities must be in place to ensure protection.
2. Processing for Limited Purposes
In the course of our business, we shall process the Personal Data we receive directly from you (for example, by you completing forms, sending us papers or from you corresponding with us by mail, phone, email or otherwise) and your Personal Data which we receive from any other source.
We shall only process your Personal Data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities in our role as your Accountant or bookkeeper or for any other specific purposes permitted by the Enactments. Should we deem it necessary to process your Personal Data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first, to inform you of those purposes and our intent and may also apply for your consent.
3. Adequate, Relevant Non-Excessive Processing
We will only collect and process your Personal Data as required to fulfil the specific purpose/s of our contract and agreements with you.
4. Accurate and up to date data
We shall ensure that all Personal Data held is accurate and up to date and will check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. If you become aware that any of your Personal Data is inaccurate, you are entitled to contact us and request that your Personal Data is amended. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
5. The Timely Processing of the Data
We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. Once Personal Data is no longer required, we will take all reasonable steps to destroy and erase it.
6. Keeping Your Personal Data Secure
Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction.
We maintain data security by protecting the confidentiality, integrity and availability of your Personal Data, and when we do so we abide by the following definitions:
6.1 Confidentiality: We ensure that the only people authorised to use your personal data can access it. Only selected employees will be allowed to access and view your personal data unless it is necessary to do so
6.2 Integrity: We will make certain that your Personal Data is accurate and suitable for the purpose for which it is processed.
6.3 Availability: We have established procedures which mean only our authorised Data Users should be able to access your Personal Data if they need it for authorised purposes.