Privacy Policy

Introduction

Your personal data is very important to us, be assured that your data is stored safely using security measures as necessary.

This policy will explain how we collect, use and protect your personal data in conjunction with the new General Data Protection Regulation (“GDPR”)  which imposes certain legal obligations in connection with the processing of personal data.

We may amend this privacy notice from time to time and we will make a copy of the amended privacy notice available through our website.

Who we are

Hebblethwaites is a data controller within the meaning of the GDPR and we process personal data. The firm’s contact details are as follows:

Hebblethwaites
Chartered Accountants
2 Westbrook Court
Sharrow Vale Road
Sheffield
S11 8YZ

The purposes for which we intend to process personal data

We intend to process personal data for the following purposes:

  • To enable us to supply professional services (such as accountancy and taxation) to you as our client.
  • To satisfy any legal and regulatory obligations to which we are subject.
  • To contact you about other services we provide which may be of interest to you

The legal bases for our intended processing of personal data

Our intended processing of personal data has the following legal bases

  • The processing is necessary for the performance of our contract with you.
  • The processing is necessary for compliance with our legal obligations
  • The processing is necessary for the purposes of the following legitimate interests which we pursue:
    • Investigating/defending legal claims
    • Marketing additional services

Our contract with you requires that you provide us with personal data as requested. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.

Persons/organisations to whom we may give personal data

We may share your personal data with:

  • HMRC
  • any third parties with whom you require or permit us to correspond
  • an alternate appointed by us in the event of incapacity or death
  • tax insurance providers
  • professional indemnity insurers
  • our professional body ICAEW and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)
  • External file reviewers

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”)

We may need to share your personal data with the third parties identified to comply with our legal obligations, including our legal obligations to you.  If you ask us not to share your personal data with such third parties we may need to cease to act.

Security Precautions

We take steps to protect your personal data on our systems using compliant software together with additional security measures.

Non-sensitive details (your email address etc) are transmitted normally over the Internet, this can never be guaranteed to be 100% secure. Consequently, we cannot guarantee the security of any information you transmit to us and you do so at your own risk.

Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which allows you to access certain parts of our website you are responsible for the security of this password.

Transfers of personal data outside the EEA

Your personal data will be processed in the EEA only

Retention of personal data

When acting as a data controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you for 7 years.

Our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.

You are responsible for keeping information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us.

Where we act as a data processor, we will delete or return all personal data to the data controller at the termination of the contract subject to our legal requirements.

Requesting personal data we hold about you (subject access requests)

You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).

Putting things right (the right to rectification)

You have a right to update any personal data concerning you that we hold.

If any personal data that we hold about you is inaccurate and/or incomplete, please let us know immediately so we can correct and/or complete it.

Deleting your records (the right to erasure)

You have a right to have the personal data that we hold about you erased. If you would like your personal data to be erased, please inform us immediately and we will consider your request.  In certain circumstances, we have the right to refuse a request for erasure and we will let you know why.

The right to restrict processing and the right to object

You have the right to restrict the processing of personal data or to object to the processing of that information.  Please let us know immediately if you want us to stop processing your information or you object to processing so that we can consider what action, if any, is appropriate.

Obtaining and reusing personal data (the right to data portability)

You have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser.

The right to data portability only applies:

  • to personal data an individual has provided to us
  • where the processing is for the performance of a contract; and
  • when processing is carried out by automated means

We will respond to any requests made to us within one month. Occasionally it may take us longer if it is complex or a number of requests are received but we will keep you informed. 

Withdrawal of consent

Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.

Please note:

  • the withdrawal of consent does not affect the lawfulness of earlier processing
  • if you withdraw your consent, we may not be able to continue to provide services to you
  • even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data)

Automated decision-making

We do not intend to use automated decision-making in relation to your personal data.

Complaints

If you have requested details of the information we hold about you and you are not happy with our response you can complain to us. Please send any complaints to Roger Brennan at rfb@hebblethwaites.com.

If you are not happy with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).

Take the next step, Call us Today
0114 266 4518