In the course of its business, the Firm needs to gather and use certain information about individuals. This will include clients, prospective clients, suppliers and other business contacts, and employees and prospective employees, as well as other people that we have a relationship with, may need to contact, or with whom we need to deal.
This policy describes how this personal data must be collected, processed, transferred, handled and stored in order to meet the requirements of data protection law, in particular the General Data Protection Regulation (GDPR).
The procedures and principles set out below must be followed at all times by the Firm, its employees and all those within its scope as set out below.
Morris Accountancy Services Limited are independent chartered accountants. We are registered in England and Wales as a company under number: 10982390 and our registered office is at 18 Worsley Crescent, Offerton, Stockport, SK2 6AE.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. In relation to the majority of our data, we are data controllers, although where we are responsible for, for example, looking after a client’s payroll, they are the data controller and we are ‘data processors’. A data processor means ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’. Our responsibilities as data processors are dealt with later in the policy.
Most of the personal information we process is provided to us directly by you via email, telephone, post (or social media) and website forms, for one of the following reasons:
We also collect your personal information from third parties and/or publicly available resources (for example, from your employer or from Companies House).
Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies can be read by the website on your subsequent visits. The information stored in a cookie may relate to your browsing habits on the web page, or a unique identification number so that the website can “remember” you on your return visit.
We don’t collect or store your personal information (for example, your name or address) so this information can’t be used to identify who you are. The cookies simply enable us to see behaviour on the website to help us improve your experience.
The information we hold about you may include the following:
We do not collect any Sensitive Data about you. Sensitive data concerns a person’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics used for identification purposes, health, sex life or sexual orientation.
We may process your personal data for purposes necessary for the performance of our contract with you OR your employer and to comply with our legal obligations.
This may include processing your personal data as data processors, where you are an employee, subcontractor, supplier or customer of our client. We do not expect to receive any data which is sensitive personal data and we will only process the personal data provided in accordance with the data controller’s instructions and our contract with them. We do not disclose the data or transfer it to any third party without the explicit permissions of the data controller, unless we are legally obliged to do so.
We may process your personal data for the purposes of legitimate interests, except where those interests are overridden by the fundamental rights and freedoms which require the protection of personal data. This includes management purposes and defending or investigating claims.
If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
You may receive marketing communication from us via email. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for.
For tax purposes records must be kept as follows:
Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. If you ask us not to share your personal data with such third parties we may need to cease to act.
“Third parties” includes third-party service providers and other members of our firm’s network:
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
Your personal data will be processed in the UK only.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Procedures are in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below. We will rectify the information within one month of the request. Occasionally it may take us longer than a month if your request is particularly complex, we will notify you and keep you updated.
Under certain circumstances, by law you have the right to:
If you want to exercise any of the above rights, please email our data protection point of contact on email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Any changes we may make to our privacy notice in the future will be provided to you via a notice on our website.
This privacy notice was last updated on 05 May 2021.
If you have any questions or would like to speak to us about the manner in which we process your personal data, please email Vanessa Morris on firstname.lastname@example.org.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. ICO registration number: ZA849919