Accounts Direct takes its responsibilities under data protection legislation extremely seriously. Breach of our data protection responsibilities can result in significant financial and reputational damage. We therefore endeavour to implement practices which ensure that we are constantly upholding our responsibilities under data protection legislation and allow us to meet our clients’ expectations in terms of privacy.
General Data Protection Regulations (GDPR) and Data Protection Act 2018
The primary legislation in the United Kingdom governing data protection is the GDPR and the Data Protection Act 2018. The legislation covers personal data. Personal data means any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.
The five principles established under this legislation, require personal data to be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest shall not be considered to be incompatible with the initial purposes
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of individuals; and
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Data Protection Officer
We do not process special category data on a large scale and as such have no requirement for a data protection officer
Privacy Notices (Right to be Informed)
We maintain a privacy notice which all clients have been provided a copy of. This notice details important information relating to why and how data is processed. In particular our privacy notice contains details of; the identity and contact details of the controller and the data protection officer; what data is being collected; why the data is being processed and the lawful bases for the processing; who has access to the data; where the data will be stored; who the data will be transferred to, including details of any third country and applicable safeguards; where the data has been obtained, if the Association has not collected the data directly; how any automated decision has been made; the individual’s rights.
We produce different privacy notices for different categories of data subject, copies of relevant privacy notices can be provided on request.
Access Requests (Right of Access)
All individuals have a right to obtain; confirmation that their data is being processed; access to their personal data; and, other supplementary information (which can largely be found in the applicable privacy notice(s)). Any individual wishing to obtain any of these should contact us using details provided in the ‘Contacting Accounts Direct Regarding this Policy’ section of this document.
All access requests will be completed free of charge, unless the request is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and details of costs associated with fulfilling the request. The fee charged will be based upon; administration time costs; postage costs; printing costs; and, any other delivery cost.
In exceptional circumstances we may refuse an access request. An access request will only be refused if it is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and a statement that the request cannot be processed.
Inaccurate or Incorrect Data (Right to Rectification)
Accounts Direct aims to ensure that all data it holds is accurate and correct. However, from time to time, this aim may not be met. All individuals have a right for inaccurate or incorrect data to be corrected or rectified. Any individual wishing to have their data corrected should contact us using details provided in the ‘Contacting Accounts Direct Regarding this Policy’ section of this policy.
Where data has been transferred to a third party and subsequently it has been rectified, we will notify the third party without delay of the rectification.
In some instances, we may not take action to a right to rectification request (for example, if it is believed that the request has malicious intent or is inaccurate). If no action is to be taken, a written explanation will be provided to the individual who made the request.
Request to Delete Data (Right to Erasure)
Accounts Direct aims to retain data for only as long as it is needed. However, from time to time, this aim may not be met, or a valid reason as to why the data no longer needs to be retained maybe presented which had not been considered by us. All individuals have a right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Any individual wishing to have their data erased should contact the Association using details provided in the ‘Contacting the Accounts Direct Regarding this Policy’ section of this policy.
In limited circumstances we will not be able to comply with a request to delete or remove data. This will normally be because the data is being used to; comply with a legal obligation for the performance of a public interest task or in exercising official authority; or, to exercise or defend legal claims. If no action is to be taken, a written explanation will be provided to the individual who made the request.
Request to Suppress Processing of Data (Right to Restrict Processing)
Restricting processing means Accounts Direct will continue to store the personal data but will not ‘use’ the data or transfer it to third parties.
We will restrict processing; if you contest the accuracy of the personal data we hold, the restriction will apply until such a time as we have verified the accuracy of the data; if you have objected to the processing and we are considering if we have legitimate grounds not to act on your objection; if the processing we are conducting is found to be unlawful, but you oppose erasure; if we no longer require the data, but you require the data to establish, exercise or defend a legal claim. Any individual wishing to restrict processing of personal data should contact the Association using details provided in the ‘Contacting Accounts Direct Regarding this Policy’ section of this policy.
If data has been passed to third parties, we will inform them of any restriction to processing as soon as possible.
We may have to retain certain personal data, either for a defined period of time or indefinitely, to ensure that a restriction on processing is enforced. This will always be explained in writing to the relevant individual.
Reusing Personal Data (Right to Data Portability)
Personal data can, on the request of the individual, be transmitted to other organisations, or, provided to the individual in a format which they can reuse. All individuals have a right to obtain and reuse their personal data across different services. Any individual wishing to reuse their personal data should contact Accounts Direct using details provided in the ‘Contacting Accounts Direct Regarding this Policy’ section of this policy.
Before providing data, we will take reasonable steps to ensure that the individual making the request has a right to the data they are asking for. This may include providing a copy of government issued ID.
Data provided as part of the right to data portability will always be provided in a structured, commonly used and machine-readable format, normally a CSV file.
Accounts Direct welcomes information which clients have transferred from other organisations. All reasonable measures will be taken to facilitate the right to data portability.
In some cases, where the request is complex, or we have received a number of requests, we may require an additional two months to comply with a request to be processed. If this is the case a written explanation will always be provided to the individual concerned within one month of receiving a request.
Objections to Data Processing (Right to Object)
If Accounts Direct is processing data based on legitimate interests, for direct marketing or for statistical purposes individuals have the right to object. To object the individual must have grounds relating to your situation.
If the objection relates to Accounts Direct using an individual’s personal data for direct marketing purposes, then we will cease to process the data immediately.
Any objections should be made using the details provided in the ‘Contacting the Association Regarding this Policy’ section of this document.
Training and Communication
A copy of this policy is given to all employees, contractors, apprentices, trainees and other official agents of Accounts Direct. In some cases, as an additional control, some employees, contractors, apprentices, trainees and other official agents may be required to sign a copy of this policy.
All employees, contractors, apprentices, trainees and other official agents will be given training on this policy before being given access to personal data or being involved in a role related to the processing of personal data. All contractors, apprentices, trainees and other official agents will receive regular training on this policy. This will be documented in a CPD log.
Significant breaches of this policy can result in disciplinary action.
Ultimate responsibility for this policy rests with the principles of Accounts Direct. Day to day responsibility for this policy is held by Steven Englander.
Monitoring and Review
This policy is kept under constant review to ensure its suitability, adequacy and effectiveness. Any improvements identified will be made as soon as possible.
Comments from employees, contactors, officials, clients and regulators are welcome and will be taken into consideration.
Contacting Accounts Direct Regarding this Policy
If you need to contact Accounts Direct regarding this policy please email: [email protected]
Alternative you can write to Accounts Directs registered office.
GDPR Policy Part 2
Accounts Direct and its associated companies (“Accounts Direct”) is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website then you can be assured that it will only be used in accordance with this privacy statement.
The guidance and/or advice contained in this website is subject to UK regulatory regime and is therefore restricted to consumers based in the UK.
Consent to use your personal information
For the purposes of the Data Protection Act 1998, you (the client) acknowledge that by registering with us and using our services, certain information or data about you will be captured electronically or otherwise. You agree that we may use, store, or process such information or data so that we can provide our products and services to you or update you about our other product and services in writing, by email or by telephone.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
To provide the services of bookkeeper and accountant
Internal record keeping
We may use the information to improve our products and services.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We do not use any cookies on this website that track or store any of your personal information. We do however use performance related cookies (Google Analytics) to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to:
43-45 North Street
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.