At TWP Accounting LLP we routinely collect and use personal data about individuals, including our clients and our portal, website, app and social media users (“you”). We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.
About this Policy
The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information which may relate to you (“personal data”).
We have designed this Policy to be as user friendly as possible. Click on a topic in the list below to find out more or explore individual topics in more detail by following the various links.
Please read this Policy with care. It provides important information about how we use personal data and explains your statutory rights. This Policy is not intended to override the terms of any contract you have with us, nor rights you might have available under applicable data protection laws.
- Who is responsible for taking care of your data?
- What personal data do we collect?
- When do we collect your personal data?
- What do we use your personal data for?
- Lawful bases for using your personal data
- Who do we share your personal data with?
- Marketing correspondence
- International transfers
- How long do we keep your personal data?
- Security of your personal data
- Your rights
- Contact and complaints
1. Who is responsible for taking care of your data?
TWP Accounting LLP is principally responsible for looking after your personal data (your Data Controller) if you have a contract with us, visit our website, and use our app, portal and social media sites.
If our client, acting as a Data Controller, has enrolled you to the services provided by us, (for example payroll, business partner, co-trustee etc.) you should contact them, as they should provide you with details of TWP Accounting LLP, and our role as a Data Processor).
2. What personal data do we collect?
If you are a private individual and have a contract with us, we will process your contact details (name, address, telephone and fax numbers, email address, a copy of an address ID), identity details (date of birth, National Insurance Number, Unique Tax Reference Number, a copy of a photo ID), information about your business (business type, name and company number, VAT type), your family information (spouse’s or partner’s name, information about children), information about our engagement, your financial data (income and sources, taxes and their share, investments, bank account number, tax residency details), information relevant to taxation (properties, their acquisition and living there, litigations, inheritance), login credentials for the portal. We will also process your emails, letters, documents and other written information you provide to us. If you are using our app and the portal, we will collect information that helps to identify you (your login credentials, IP address, device identification number), contact details (name, email address, phone number), information that you upload and make accessible to us (documents and images with your receipts, incomes and expenses), your tracked location information, [your contacts on the mobile phone], and messages that you send to us.
If you are a representative of an entity that has a contract with us, we will process your contact details (name, address, telephone and fax numbers, email address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number, a copy of an ID), information about the entity (business name and company number, VAT number), your family information (spouse’s or partner’s name, information about children), information about our engagement, your financial data (income and sources, taxes and their share, bank account number), login credentials for the portal. We will also process your emails, letters, documents and other written information you provide to us. If you are using our app and the portal, we will collect information that helps to identify you (your login credentials, IP address, device identification number), contact details (name, email address, phone number), information that you upload and make accessible to us (documents and images with your receipts, incomes and expenses), your tracked location information, [your contacts on the mobile phone], and messages that you send to us.
If we are providing company secretarial services, we will process information relating to your registered office, along with names, addresses and dates of birth of share holders, company officers and persons of significant control.
If you are an employee enrolled to our services by the employer, we will process your contact details (name, address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number), information about employment (your employer details, date when employment started, amount of working days/hours), financial data (salary, taxes share, investments to pension funds, bonuses).
If you are an employee or pensioner of one of our corporate clients where we prepare and/or audit accounts in accordance with statutory obligations, be that a company or Pension Scheme, we will process your contact details (name, address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number), information about employment (your employer details, date when employment started, amount of working days/hours), financial data (salary, taxes share, investments to pension funds, bonuses).
If you are visiting our website, we will collect your IP address, cookie identifiers, device identifiers, browser type and version, time zone, browser plug-in types and versions, operating system and platform. For further details please check Section 7.
If you are following us and interacting on our social media sites, we will process your name, photos, employment details, messages and comments directed to us.
If you provide us with personal data of someone else, you must ensure that you are authorised to disclose that information. We may collect, use and disclose such information for the purposes described in Section 4. You must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that personal information, TWP Accounting LLP identity and how to contact us.
3. When do we collect your personal data?
We will collect information from private individuals and representatives of entities directly when they apply for, use our services and correspond with us by email, phone or otherwise.
We may collect information about them from other sources where we believe this is necessary to manage effective underwriting of the risk associated with a contract and/or helping fight financial crime. These other sources may include public registers and databases managed by credit reference agencies, government agencies such as Her Majesty Revenue and Customs (HMRC), and other reputable organisations.
We will collect and/or retrieve information from our website, app and social media sites users when they visit our website, download, enable and use the app and interact of our social media sites.
4. What do we use your personal data for?
If you are a private individual or a representative of an entity that enters into a contract with us, we will use your personal data to register you for requested services and our portal, evaluate the risk of potential fraud or other illegal activities, provide requested financial services, respond to your enquiries and advise you, communicate with you, inform you about relevant news in the sector and keep your certain data in accordance with legal, regulator, tax or accounting requirements.
If you are an employee enrolled to our services by the employer, we will use your personal data to provide requested financial services to your employer.
If you are an employee or pensioner of one of our corporate clients where we prepare and/or audit accounts in accordance with statutory obligations, be that a company or Pension Scheme, we will use your personal data in connection with the statutory requirements set out in accordance with Accounting Standards and Audit Regulations, which we are required to comply with in providing requested audit and accountancy services to your employer.
If you are visiting our website, we will use your personal data to enable the functionality of our website, to analyse what you are interested in on our website and to improve it to ensure that content is presented in the most effective manner for you and for your device.
If you are using our app, we will use your personal data to enable the usage of the app and provide requested services
If you are following us and interacting on our social media sites, we will use your personal data to provide relevant information to you and the audience.
5. Lawful bases for using your personal data
We will make sure that we only use your personal data for the purposes set out in Section 4 where we are satisfied that:
– our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to provide our services to you);
– our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (e.g. to retain your documents in compliance with statutory tax, audit and accountancy obligations);
– you have provided your consent to us using the data in that way (e.g. to use our portal or the app);
– our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (e.g. to evaluate your risk for potential fraud or other illegal activities), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.
6. Who do we share your personal data with?
We work with third parties that help us to manage our business and deliver services. These third parties may from time to time need to have access to your personal data.
The third parties may include:
– Service Providers, who help manage our IT and back office systems and other support services and systems.
– Credit reference agencies and organisations working to prevent fraud in financial services,
– Our regulators, which may include, Professional Bodies, the Financial Conduct Authority (FCA), Her Majesty Revenue and Customs (HMRC) and Information Commissioner’s Office (ICO), as well as other regulators and law enforcement agencies in the EU and around the world, solicitors and other professional services firms,
– We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases other insurers. If we were to sell part of our businesses we would need to transfer your personal data to the purchaser of such businesses.
We will only transfer your personal data to companies which are recognised as providing an adequate level of protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Your personal data will never be passed on to any other companies or third parties (other than the third party service providers described above) and will never be added to any third party mailing lists or databases unless you opt in to do so.
Cookies are small text files that are placed on your computer by our website when you visit it. We use them in order to make our website work, or work more efficiently, as well as to provide certain information to us. The table below explains the cookies we use and why.
|__utmb and __utmc||Google Analytics – The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another page view to happen, and if it doesn’t, it expires.|
|__utmt||Google Analytics – It is used to throttle the request rate for the service – limiting the collection of data on high traffic sites. It expires after 10 minutes. The main purpose of this cookie is performance
|__utmz||Google Analytics – Keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 15,768,000 seconds – or, in 6 months. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. __utmz also lets you edit its length with a simple customization to the Google Analytics Tracking code.|
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
8. Marketing correspondence
We may use your personal data to send you our newsletter and other marketing correspondence about our services, events and related news in the sector. This may be in the form of email or a letter sent by post.
In most cases our processing of your personal data for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law) may be based on your consent. You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out links in electronic communications or by contacting us using the details set out in Section 13.
9. International transfers
From time to time we may need to share your personal data with members of TWP Accounting LLP who may be based outside Europe (outside of the European Economic Area).
We may allow our Service Providers, who may be located outside Europe, access to your personal data.
We may also make other disclosures of your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests.
We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Transfers within TWP Accounting LLP will be covered by an intra-group agreement which gives specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within TWP Accounting LLP.
Transfers to Service Providers and other third parties will always be protected by contractual commitments and where appropriate further assurances, such as certification schemes, such as the EU – U.S. Privacy Shield for the protection of personal data transferred from within the EU to the United States of America.
Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in Section 13 if you would like further information.
10. How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4. In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulator, tax or accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is securely deleted.
11. Security of your personal data
We are committed to handling your personal data with high standards of information security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to personal data only for those employees who require it to fulfil their job responsibilities.
The security of your portal account relies on your protection of your password. You may not share your password with anyone. Our employees will never ask you for your password, so any email or other communication requesting your password should be treated as unauthorised and suspicious and forwarded to us. If you believe someone else has obtained access to your password, please change it immediately by logging in to your account and changing your Profile settings, and also contact us straight away.
12. Your rights
You have a number of rights in relation to your personal data.
You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability or the basis for international transfers. You may also exercise a right to complain to the ICO. More information about each of these rights can be found by referring to the table set out below.
To exercise your rights you may contact us as set out in Section 13. Please note the following if you wish to exercise these rights:
|Right||What this means|
|Access||You can ask us to:|
|– confirm whether we are processing your personal data; – give you a copy of that data;|
|– provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any Automated Decision Making or Profiling, to the extent that information has not already been provided to you in this Policy.|
|Rectification||You can ask us to rectify inaccurate personal data.|
|We may seek to verify the accuracy of the data before rectifying it.|
|Erasure||You can ask us to erase your personal data, but only where:|
|– Your data is no longer needed for the purposes for which it was collected;|
|– You have withdrawn your consent (where the data processing was based on consent);|
|– Your objection to the processing of data is deemed to be successful;|
|-Your data has been processed unlawfully;|
|– Your data has to be erased for compliance with a legal obligation we are subject to.|
|We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:|
|– For compliance with a legal obligation;|
|– For the establishment, exercise or defence of legal claims.|
|There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.|
|Restriction||You can ask us to restrict (i.e. keep but not use) your personal data, but only where:|
|– Its accuracy is contested and we need to verify it;|
|– You think that the processing is unlawful, but you do not want to erase data;|
|– Your personal data is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims;|
|– You have exercised the right to object, and verification of overriding grounds is pending.|
|We can continue to use your personal data following a request for restriction, where:|
|– we have your consent;|
|– we need to establish, exercise or defend legal claims;|
|– we have to protect the rights of another natural or legal person.|
|Portability||You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where:|
|– The processing is based on your consent or on the performance of a contract with you;|
|– The processing is carried out by automated means.|
|– The processing is based on your consent or on the performance of a contract with you;|
|– The processing is carried out by automated means.|
|Objection||You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.|
|Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.|
|International Transfers||You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area.|
|We may redact data transfer agreements or related documents for reasons of commercial sensitivity.|
|Your Identity||We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request in respect of such records.|
|Fees||We will not ask for a fee to exercise any of your rights in relation to your personal data unless your request for access to information is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.|
|Timescales||We will aim to respond to your request within one month unless it is particularly complicated or you have made several requests in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.|
|Third Party Rights||We may refuse to fulfil your request where it would adversely affect the rights and freedoms of other data subjects.|
13. Contact and complaints
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is [ ] who can be contacted in the following ways:
By Email: A.Goddon@twpaccounting.co.uk
Andrew Goddon, The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with the Information Commissioner’s Office at any time.