What is GDPR?
GDPR is the new legislation which updates and enhances the Data Protection Act 1998 and comes into force on the 25th May 2018. Its purpose is to strengthen current data protection rights for individuals and ensure more transparency by companies to provide individuals to their personal information and give them the right to have it removed.
- Personal Data: This is any information which makes you identifiable. This may include, but is not limited to: names, addresses, emails and telephone numbers, NI numbers, date of birth, UTR’s payroll and accountancy data.
- Sensitive Data: refers to genetic and biometric data. It also includes, medical conditions, religion, race, convictions.
- Data Controller: This is the person designated by the company to determine the purposes and means of processing the data.
- Data Processor: This is the person responsible for processing the data on behalf of the controller.
- Business to Business Data: This is the data for Limited Companies, LLP’s, Unincorporated Partnerships, Trusts, Charities, and Non Profit Organisations.
- Business to Consumer: This is data for Private Individual Clients, Sole Traders, Unincorporated Partnerships, Non Profit Organisations Committee Members.
- Contract: This is the legally binding agreement set out between you and Organise My Books, set out in our Letter of Engagement.
What Information do we collect about you and how?
Organise My Books, as the Data Controller, is bound by the GDPR. When you asked us to provide you with Book keeping and Accountancy Services, you agreed that we are entitled to obtain, use and process the information you provide to us to enable us to undertake the services (as defined in our Letter of Engagement and Supporting Schedules) and for other related purposes.
- Maintaining client records.
- Statutory returns.
- Legal and regulatory compliance.
- Crime prevention.
We collect this information when you fill in the client form, create an inquiry on our website, by email or verbally by telephone or face to face. It may also be collected if you transfer your services from another Accountant to Organise My Books. We also use Facebook, LinkedIn, Twitter, Messenger and WhatsApp and information passed between these portals to us may be collected and used for the purposes set out by our Letter of Engagement.
How will we use this information, why and what is our lawful purpose for doing so?
Organise My Books will only use your information to provide the services you have requested from us, detailed in your Letter of Engagement. This information is used subject to your instructions, Data Protection and Anti Money Laundering laws and our duty of confidentiality.
For Business to Consumer Clients and contacts, our lawful reason for processing your data will be a contract with the individual to supply the services requested or to fulfil our employer obligations with an employment contract. This also includes requesting information at your request before entering into the contract defined by the Letter of Engagement.
For Business to Business Clients and contacts, our lawful reason for processing your data will be legitimate interest. This means we can use your personal data if we have a genuine and legitimate reason, without harming any of your rights. This usually applies to, but is not limited to, personal information to supply the services to your business organisation.
AS part of or own legal obligations to fulfil Anti Money Laundering and Terrorist Financing requirements undertaken by law, we may receive extra sensitive data or copies of personal identification. This data will only be processed for the purposes of the law.
Organise My Books uses third party service providers, agents, sub contractors and software providers to complete the tasks undertaken in the contract on your behalf. When using third part providers, we only disclose personal information that is required in order to fulfil these tasks. We ensure that contracts or GDPR policies are in place that requires them to keep your information secure and not used for any other purposes.
For Business to Business or Consumer Services that use Organise My Books as a Data Processor (ie book keeping or payroll services), we ensure that the service provider has GDPR policies in place to protect your client data, however, you as the Data Controller needs to ensure that your own business policies adhere to GDPR guidelines and your clients are aware that you are using a third party provider. We will inform you if we believe there to be a breach in your client data as soon as we become aware and in accordance with GDPR.
Data held inside and outside Europe
In relation to the services we provide we may use third party providers (usually software) that may be located or using servers outside of Europe (EU) where this is the case, we have endeavoured to procure their policies are compatible with an agreed Privacy Shield that sign up to providing protection for your personal information in line with EU GDPR.
Organise My Books takes your privacy seriously and has put in place systems to protect your personal data. We hold your data in paper and electronic form, kept securely in our office and electronic copies are held on by third party providers.
Non sensitive data is normally transferred by email and while we strive to protect it in transport, as the internet is not 100% guaranteed any transfer, any transfer is done at your own risk. Equally postal/paper transfer of data is also not 100% guaranteed. We will ask you of your preferred method at time of transfer. If passwords are used, you are responsible for keeping this password confidential.
Laptops and mobile devices are all password protected and not lent or shared.
From time to time we would like to send you updates and relevant information regarding the services we offer. If you have consented to this, you may opt out at any time.
How long do we hold your data for?
We will hold you details for no longer than 7 years in line with current requirements set out in law. If you are no longer a client we still need to hold your data, but will ‘opt you out’ of any communications.
For disengagement of services and transfer of data we will require your written permission to pass on your data to another service provider (Accountant or Book keeper). We will send out a disengagement letter and will not pass on information, even if contacted by your new service provider, without your permission. It is your responsibility to ensure they have appropriate GDPR policies in place.
Your rights to obtain and access your information
You may request a copy of the information we hold about you. Please write or email us with this request and we will respond within one month of receipt of the request. You may ask us to correct or remove any inaccurate information by emailing email@example.com or writing to us.
Your right to be forgotten
Personal data will only be stored for as long as legally required. Should you wish us to delete all information we hold about you, please email or write as above and we will fulfil our requirements in line with legal requirements.
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
The right to data portability only applies when:
- your lawful basis for processing this information is consent or for the performance of a contract; and
- you are carrying out the processing by automated means (ie excluding paper files).
How to contact us
You can contact Organise My Books at firstname.lastname@example.org
Or in writing at Kinneston, Zeals Green Drive, Zeals, Wiltshire, BA12 6NH