May 2018 – Revision
When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
WHO WE ARE
We at BM2020, an associated business the Beavis Morgan group, a medium sized Tax and Business Advisory Group.
Beavis Morgan LLP, BM Advisory LLP, BM2020 Limited, Beavis Morgan Audit Limited, Beavis Morgan Consultants Limited, BM Structured Finance Limited, Cadence Advisory LLP, together Beavis Morgan.
We collect, use and are responsible for certain information we hold about you. The person responsible for how we handle personal information is our Data Compliance Manager can be contacted as follows:
By email to firstname.lastname@example.org
By telephone on +44 (0) 20 7417 0417
By post at 82 St John Street, London EC1M 4JN
THE PERSONAL INFORMATION WE COLLECT AND USE
Personal information provided by you
We collect personal information when you provide it to us, such as your name, postal address, email address, phone numbers, date of birth, payment/financial details and information to enable us to check your identity. If you become a client, we will collect additional information from you in relation to the service(s) you instruct us to provide and we will provide further details of this at the time when we enter into an agreement with you to provide specific service(s).
We also collect personal information from you if you apply for a job with us or work for us for any period of time. In this context, personal information we gather may include: contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, NI number, job title, and CV.
Personal information provided by third parties
We may receive information about you from other sources (such as credit reference agencies, HM Revenue & Customs, Companies House, regulatory bodies, other professional advisers or consultants engaged by you or us in relation to the services we provide). We will add this to the information we already hold about you in order to help us provide services to you and to improve and personalise our service to you. If you apply for a job with us, we may receive information from the people who provide references.
Personal information about other individuals
If you give us information on behalf of someone else as an alternate contact or agent, referee or next of kin, you confirm that the other person has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- if relevant, give consent to the transfer of his/her personal data abroad.
Sensitive personal information
We will not usually ask you to provide sensitive personal information. We will only ask you to provide sensitive personal information if we need to for a specific reason, for example, if it is necessary in connection with a matter we are handling for you or as part of our recruitment or staff administration processes. If we request such information, we will explain why we are requesting it and how we intend to use it.
Sensitive personal information includes information relating to your ethnic origin, political opinions, religious beliefs, whether you belong to a trade union, your physical or mental health or condition, sexual life, and whether you have committed a criminal offence. We will only collect your sensitive personal information with your explicit consent.
We do not collect personal data relating to children under the age of 16 unless it is relevant to a matter which we are handling for you, in which case we will only collect such information with the specific consent of the parent or guardian. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child which has not been collected with your consent, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
HOW AND WHEN DO WE COLLECT INFORMATION FROM YOU?
We may monitor and record communications with you (such as telephone conversations and emails). We may do this for a number of reasons, such as to check the quality of our customer service, for training purposes, to prevent fraud or to make sure we are complying with legal requirements.
If you visit our offices, some personal data may be collected from monitoring devices and systems such as closed circuit TV (CCTV) and door entry systems at the site.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
REASONS WE CAN COLLECT AND USE YOUR PERSONAL INFORMATION
We rely on a different lawful basis for collecting and using personal data in different situations.
Where you make enquiries about taking a service from us before you become a client, we need to collect personal information about you so that we can take steps to enter into a contract with you. Once you have become a client, we need to collect and use personal information to provide services to you and to claim our right to be paid in return for our services under our standard terms of business/contract with you. This includes collecting and using your personal information to:
- enable us to follow up on enquiries made by you in relation to our services
- to give you our quote for services;
- do a credit check—see ‘Credit checking’ section below;
- to prepare an engagement letter which, together with our terms of business, forms our agreement with you;
- provide services to you;
- contact you for reasons related to the services you have signed up for or to provide information you have requested;
- deal with payment for our services;
- notify you of any changes to our website or to our services that may affect you; and
- resolve disputes or collect overdue payments.
If you apply for a job with us, we will collect and use personal information to process your application and check references. If you take a job with us, we will collect and use your personal information to enter into an employment contract with you and to administer the employment relationship, including making payments to you, accounting for tax, ensuring safe working practices, monitoring and managing staff access to systems and facilities, monitoring absences and performance and conducting assessments.
We collect and use personal information from our clients and staff to comply with our legal obligations. For example, we will take copies of documents that identify you so that we can comply with anti-money laundering and counter-terrorist financing requirements.
Legitimate business interests
Our priority is to make sure we give a high quality and secure service to customers and to follow up effectively on enquiries even though we accept that not all enquiries will lead to a business relationship or contract. We collect personal information to:
- conduct research and analyse website visitor behaviour patterns;
- customise our website and its content to your particular preferences;
- improve our services;
- detect and prevent fraud;
- prevent offensive, inappropriate or objectionable content being sent to or posted on our website or to stop any other form of disruptive behaviour.
We will also communicate with you to, follow up on enquiries and provide updates on matters that may be of interest to you as an existing or former client, or as a person who has expressed an interest in our services or with whom we have exchanged contact details for business reasons. If you would like to stop receiving these communications, you can tell us that you wish to “unsubscribe” at any time by contacting us. See ‘What rights do you have?’ and ‘How to contact us’ below for further information. It may take a few days for us to process your request. If you ask us to stop contacting you in this way, you can also ask us to start again at any time.
If we propose to use your information for any other uses we will ensure that we notify you first. If we need your consent to use your information for these other purposes, we will give you the opportunity to opt in or to refuse. If you opt in, you will be able to opt out at any time.
We may do a credit check on you so that we can make credit decisions about you and people or businesses associated with you. These checks may also be used to help prevent and detect fraud and money laundering.
Our search will be recorded on the files of the credit reference agency.
We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address or who are financially linked to you.
Other credit businesses may use your information to make credit decisions about you and the people with whom you are financially associated, trace debtors, and prevent and detect fraud and money laundering.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
When will we contact any other person about you?
If you provide us with details of any other person we can contact to discuss any service we are handling for you, we may contact that person and discuss and share the details of your matter with that person. If you change your mind, you can email or write to us and tell us to stop at any time (see ‘How can you contact us?’ below).
If you provide us with the details of a person who we can contact for a job reference, we may contact that person in connection with your job application.
Who your information might be shared with
We may disclose your personal data to:
- any professional adviser or expert who we instruct on your behalf or refer you to in connection with your matters where you have given your consent or where you have requested us to do so e.g. barristers, solicitors, other tax advisers, mortgage providers;
- other accountants and business advisers and their clients and professional advisers in the course of acting for you on a service we provide;
- service providers under contract with us to support our business operations, such as fraud prevention, debt collection, payroll, technology services and accounting/audit;
- credit reference agents—see ‘Credit checking’ above;
- our insurers and insurance brokers;
- regulatory bodies to comply with our legal and regulatory obligations;
- any person or law enforcement agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person;
- any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will;
- any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business;
- credit card associations if specifically required.
We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also require them to comply with our instructions in connection with the services they provide for us and not for their own business purposes.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.
While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and, for this reason, we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
Our website may contain links to websites and applications owned and operated by other people and businesses. These third party sites have their own privacy policies and use their own cookies and we recommend that you review them before you provide them with personal information. They will tell you how your personal information is collected and used whilst you are visiting these other websites. We do not accept any responsibility or liability for the content of these sites or the use of your information collected by any of these other sites and you use these other sites at your own risk.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
TRANSFERS OF YOUR PERSONAL INFORMATION OUT OF THE EEA
The information you provide to us will be transferred to and stored on secure servers in the European Economic Area (EEA). However, from time to time, your personal data may be transferred to, stored in, or accessed from a destination outside the EAA. It may also be processed by staff operating outside of the EEA who work for a company in the Beavis Morgan group or for one of our suppliers.
These transfers are subject to special rules under European and UK data protection law. These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. Our practice is to use industry standard data protection contract clauses in the style recommended by the European Commission.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will usually hold your personal information as a client, employee or job applicant on our system for the period we are required to retain this information by applicable UK law. Currently this is a minimum of six years from the end of our contract with you. If you are an unsuccessful job applicant, we will hold your information for six months, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).
WHAT RIGHTS DO YOU HAVE?
Under the General Data Protection Regulation you have a number of important rights to be informed. These include the following:
- request a copy of your information which we hold (subject access request);
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations
- require us to stop contacting you for direct marketing purposes;
- object in certain other situations to our continued processing of your personal information;
- restrict our processing of your personal information in certain circumstances;
- object to decisions being taken by automated means which produce effects concerning you or which effect you significantly; and
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
Further information on each of these rights is available from the Information Commissioner’s Office.
If you would like to exercise any of these rights, please:
- email, call or write to us (see ‘How to contact us’ below)
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any matter or reference numbers, if you have them
We will not charge any fee for any of these services in most cases.
Cross-border Data Transfers
Information that BM2020 Ltd collects may be stored and processed in and transferred between any of the countries in which we operate to enable the use of the information in accordance with this privacy statement.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world.
The website contains links to other websites that are not under the control of and are not maintained by BM2020 Ltd. We are not responsible for the content or reliability of the linked websites. BM2020 Ltd provides these links for your convenience only but does not endorse the material on these sites.
HOW TO CONTACT US
If you wish to contact us, please do so:
If you have any questions about this privacy statement or our treatment of your personal information, please write to us by email to email@example.com or by post to 82 St John Street, Farringdon, London, EC1M 4JN.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.
CHANGES TO THE PRIVACY NOTICE
DO YOU NEED EXTRA HELP?
If you would like this policy in another format (for example: audio, large print, braille) please contact us (see ‘How can you contact us?’ above).