Client Data Privacy Notice
Morgans CA Limited is committed to maintaining the privacy of all our Client and will only collect and use personal data in the ways that are described in this policy.
1. Data Controller & Contact Details
The data controller is Morgans CA Limited, registered in England & Wales no. 4549483 at 86 High Street, Carshalton, Surrey SM5 3AE.
Our appointed Data Protection Officer can be contacted at email@example.com.
2. This Privacy Notice
This privacy notice explains how we collect and use our Clients’ personal data. Please read this statement carefully.
3. Information We Collect
The following are examples of the type of personal data we may collect in the course of our services. The nature of the data will depend on your relationship with us and the work we carry out for you.
- Identity information, such as title, name, place and date of birth, gender, nationality, and information from photographic identity documents such as passports or driving licences
- Contact data such as home and email address, and personal and business telephone number
- Financial and employment information such as bank account details, business activities, Unique Taxpayer Number, National Insurance Number, and details of business income and outgoings. If you ask us to perform specific services such as payroll or the preparation of your personal tax return, we may request further details
4. How We Collect Information
We may obtain personal data from or about you when, for example:
- you request a proposal from us in respect of the services we provide
- you engage us to provide services and also during the provision of those services
- you contact us by email, telephone, post or website (for example when you have a query about our services) or
- from third parties for example, from Companies House or
- you are employed by us
5. How and Why We Use Information
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
- Undertaking instructions from clients
- Managing our relationships with clients
- Understanding clients’ needs
- Monitoring the quality of service provided
- Keeping our records up to date
6. How We Share Information
We take your privacy seriously, and we do not sell, share, or transfer this information, except as set out in this statement.
We share your information with our trusted third party service providers who support us in providing our professional services and those who help provide and manage some of our internal IT systems. These may include suppliers of identity checking services, IT support, cloud based software, website hosting and management, and data back-up security and storage services. When we share your information with our service providers, we will ensure that your data is kept secure and used only in accordance with this notice.
7. International transfers
For the purpose of providing our services to you, pursuant to our engagement letter, we may disclose the client personal data to our regulatory bodies or other third parties (for example, our professional advisors or service providers). The third parties to whom we disclose such personal data may be located outside of the European Economic Area (EEA). We will only disclose client personal data to a third party (including a third party outside of the EEA) provided that the transfer is undertaken in compliance with the data protection legislation.
8. Data Security
The security of your personal information is very important to us. We have a framework of policies and procedures in place covering data protection, confidentiality and security which are subject to regular review.
Your information is stored electronically in secure databases, which are password protected.
If we become aware of a data breach and think that it may pose a high risk to your rights, we will notify you without undue delay.
9. How Long We Keep Your Data
We will not keep your personal data for any longer than is necessary in light of the reasons for which it was first collected.
We will retain your personal data in line with our records retention schedule unless a valid business reason exists which means we need to retain personal data for longer.
10. Your Rights
The law gives you certain rights over your personal data. You may:
- request us to rectify the personal data we hold about you, where that data is incorrect
- request that we restrict the processing of your personal information in certain circumstances
- request access to the personal data that we hold about you
- require that, in certain circumstances, we delete the personal information we hold about you
- require that we provide you with the personal information that we hold about you in a structured, commonly used and machine-readable format
- withdraw your consent to our using your data for marketing purposes at any time; and/or
- lodge a complaint with the relevant supervisory authority
If you wish to exercise any of these rights, please contact us at firstname.lastname@example.org, or by writing to us at our address set out above.
11. Changes to This Policy Or Your Data
We have a legal obligation to keep this privacy notice under regular review and we may therefore amend or modify this privacy notice from time to time. We will notify you of any such changes.
This privacy notice was last updated on 24th August 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.