Security

We take the security of all the data we hold seriously. Our staff have been trained on data protection, confidentiality and security, and we maintain a culture of confidentiality.

We have a framework of policies and procedures, which ensure that we keep the data we hold secure.

All information you provide to us is stored on our locally hosted secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.

Professional Services to Clients

We provide services to individuals as well as businesses, non-profits, and other organisations. The exact data held will depend on the services to be provided.

Where we engage with clients for professional services, we may collect and process personal data in order to satisfy a contractual obligation. We request that clients only provide the personal data that is required for us to fulfil our contractual obligation.

Where we are legally permitted to do so, we shall notify our clients if we receive a request for a data subject to exercise their rights under GDPR, or if we are served with information from a supervisory authority.

Why do we process data?

Where data is collected for professional services, it is used for a number of purposes, such as;

• Providing services to clients. Data is processed in order to provide the service detailed in our letter of engagement between our clients and us, and may sometimes be further clarified in written documentation supplied before any data processing may occur;
• Client management. When communicating with and assessing the needs of clients, personal data may be processed in order to ensure that their needs are appropriately satisfied. This may include assessing whether the right collection of services is being provided to our clients.
• Administration. In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, administering client facing applications, and maintaining internal operating processes.
• Regulatory. In order to undertake professional services, we may from time to time be required to collect and process personal data in order to fulfil regulatory, legal or ethical requirements. This may include the verification of identity of individuals.

What data is processed?

The data that is processed is dependent on the service that is being provided and on the recipient of this service.

• Services to businesses, non-profits, and other organisations. We process the personal data of individuals associated with our clients. Personal data may include any relevant financial or non-financial information necessary for us to provide our services. As an example, this may include contact details, payroll data, employee information (including details about dismissal), lists of shareholders, customers and suppliers and any other specifically relevant data.
• Services to individuals. Personal data may include contact details and tax identifiers, information about business activities, investments, and other financial interests, payroll and other income, and any other specifically relevant data.

How long do we hold data for?

We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our clients.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

Business Contacts

Personal data from our contacts, which covers both potential and prior customers, as well as potential and prior employees, are held in our customer relationship management tool (CRM tool).

This information is entered into the CRM tool after contact is made between a partner or staff member of Kingston Smith and a business contact.

We use technology to profile our business contacts, so that we can assess the health of our relationship with them. Where we process the data of business contacts, we rely on legitimate interests or consent, depending on the situation.

Why do we process data?

Where personal data on business contacts is held, it is used for a number of purposes, such as;

• Communication of technical updates.
• Hosting and facilitating of events.
• Managing of our relationships.
• Administration and management.

What data do we hold?

Personal data that may be held by us includes, but is not limited to, name, email address, physical address, job title, and details of the initial meeting.

In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

How long do we hold data for?

We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. The personal data of business contacts shall not be retained where there is no evidence that a business contact is engaged with us or our communications.

Suppliers

We collect and process personal data about our suppliers, subcontractors, and the individuals associated with them. The data is held to manage our relationship, to contract and receive services from them, and in some cases to provide professional services to our clients.

Individual’s Rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:

• Individuals may request access to their personal data held by us as a data controller.
• Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us.
• Individuals may request that we erase their personal data
• Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
• Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to info@tlleadsaccountancy.com We will look into and respond to any complaints we receive.

You can also write to us with the address below

Kemp House, 152 - 160 City Road, London, England, EC1V 2NX

You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

Changes to our privacy statement

Updates to this privacy statement will appear on this website. This privacy statement was last updated on 20th May 2018.