PRIVACY NOTICE FOR ADRIAN MOOY & CO LIMITED
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data. We are committed to protecting your privacy and complying with data protection legislation.
Adrian Mooy & Co Limited is a data controller within the meaning of the GDPR and we process personal data. The firm’s address is: Adrian Mooy & Co Limited, 61 Friar Gate, Derby, DE1 1DJ - tel 01332 202660
This notice sets out how we collect, use and disclose any personal data that you provide to us to enable us to provide you with our services.
Your personal information is an important part of our service. It lets us provide our services to you including managing your account with us and any other financial information.
Where we act as a data processor on behalf of a data controller (for example, when processing payroll) we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
What type of personal data do we collect?
We may collect the following information:
How do we collect your information?
We collect information about you from different places including directly from you by signing up to our services / submitting an enquiry to us, from a third party acting on your behalf e.g. an intermediary or broker, from publicly available sources and when we generate it ourselves.
How is your information used?
The legal basis for processing your information is contractual and will enable us to supply professional services to you as our client. Depending on the services required, we may use your information to:
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement agencies.
We’ll only use your information where we’re allowed to by law e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.
Persons/organisations to whom we may give personal data
We may share your personal data with:
If the law allows or requires us to do so, we may share your personal data with:
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.
Retention of personal data
Whilst you are a client at Adrian Mooy & Co Limited we’ll keep your information for as long as we deem necessary. After ceasing to be a client we’ll keep it where we may need it for our legal and legitimate purposes e.g. to help us respond to queries or complaints, or for other reasons e.g. fighting fraud and financial crime and responding to requests from professional bodies and regulators.
You have a number of rights relating to your information e.g. to see what we hold, to ask us to share it with another party, ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint etc.
You can request a copy of the information that we hold about you at any time by contacting us. We will not normally charge for this and will in most cases aim to provide this within one month.
Please let us know if the personal data that we hold about you needs to be updated or amended, and we will commit to doing this promptly.
You may also request that we erase your personal data where (a) we were not entitled under the law to process it, or (b) it is no longer necessary to process it for the purpose it was collected, or (c) it was processed in breach of the GDPR. To request erasure of any data you should contact us. If you request that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
You have the right to receive personal data we hold about you in a structured, commonly used, machine readable format.
The security of your personal data is very important to us. We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.
All of the personal data we process is processed within the UK, however for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.
In some cases we may transfer your personal data to countries outside the European Economic Area. Where we do so we will ensure that such transfers are compliant with data protection legislation and that appropriate measures are put in place to keep your personal data secure.
We will notify you if a data security breach occurs which may affect you if the breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us.
If you are not happy with our response, you have a right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Telephone - 0303 123 1113 (local rate) or 01625 545 745
61 Friar Gate Derby DE1 1DJ
Registered to carry out audit work Association of Chartered Certified Accountants.
www.auditregister.org.uk under number 8011438