Safeguarding Your Information
Data Protection
Secure business by securing values.
What is GDPR?
Your information is safe with us.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Swiftacc data protection policy is all about letting you know as a Swiftacc client that we take the protection and management of your personal information very seriously. As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018. We therefore take great care to protect your personal information or anything which might identify you personally such as: name, email address, organisation information (name, address, contact number).
Who is affected by GDPR?
The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer any goods and services to people in the European Union, or that collect and analyze data tied to European data subjects.
At Swiftacc we are committed to maintaining an effective security and privacy program. We recently updated our privacy policy and terms of use to meet the standard of GDPR and to reflect further transparency around our uses of user data. We are committed to ensuring our Clients and Partners have the highest confidence in our data protection practices and see GDPR as an opportunity to strengthen this commitment.
Our Commitment
At Swiftacc we are committed to maintaining an effective security and privacy program. We recently updated our privacy policy and terms of use to meet the standard of GDPR and to reflect further transparency around our uses of user data. We are committed to ensuring our Clients and Partners have the highest confidence in our data protection practices and see GDPR as an opportunity to strengthen this commitment.
Your Rights
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to be informed about how your data is being used and also:
- Access to personal data
- Have incorrect data updated
- Have data erased
- Data Portability
- Restrict the processing of your data
What We Protect?
As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018. We therefore take great care to protect your personal information or anything which might identify you personally such as:
- Name
- Email Address
- Contact Details
- Gender and Race
- Other Sensitive Information
Information we collect about you?
When you do business with us, become a client of our firm, register for or attend any events or subscribe to our newsletters, or register an interest in any job vacancies with us, we collect some or all of the personal information from you.
- Date of Birth.
- Postal address, email address and telephone number.
- Any information relevant to the matter upon which we may be instructed.
- If you choose to submit a job or work experience placement application we will collect and hold the information that you provide in that application.
- Occasionally we may receive information about you from other sources which we will add to the information which we already hold about you in order to help us provide the required services or comply with our legal and regulatory obligations, in particular regarding anti-money laundering.
- We do not collect sensitive information except where legally required as part of the recruitment process. Sensitive information includes data relating to race or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life or criminal records.
The purposes for which we intend to process personal data?
We intend to process personal data for the following purposes:
- To enable us to supply contracted professional services to you as our client.
- To comply with statutory and/or regulatory obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”).
- To comply with professional obligations to which we are subject as a member of the Association of Chartered Certified Accountants.
- To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
- To contact you about other services we provide which may be of interest to you if you have consented to us doing so.
- To monitor and improve the quality of services that we provide to you.
- To maintain our records for administrative purposes.
Persons/organisations to whom we may give personal data
We may share your personal data with:
- HMRC.
- Any third parties with whom you require or permit us to correspond.
- Subcontractors.
- An alternate appointed by us in the event of incapacity or death.
- Tax insurance providers.
- Professional indemnity insurers.
- Our professional body (the Association of Chartered Certified Accountants) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).
If the law allows or requires us to do so, we may share your personal data with:
- The police and law enforcement agencies.
- Courts and tribunals.
- The Information Commissioner’s Office (“ICO”).
- An alternate appointed by us in the event of incapacity or death.
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.
Email Privacy
We follow email marketing best practices at all time. A key aspect of these best practices is the operation of permission based emailing. If you receive emails from Swiftacc or a partner it will be because you have elected to receive such emails or they are communications related specifically to services requested.
Outbound links
Swiftacc website and application contain links to other websites. While links are reviewed at the time of publishing we are not responsible for the content of external links as they can be changed without our knowledge.
Retention of personal data
When acting as a data controller and in accordance with recognized good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:
- Where tax returns have been prepared it is our policy to retain information for six years from the end of the tax year to which the information relates.
- Where ad hoc advisory work has been undertaken it is our policy to retain information for six years from the date the business relationship ceased.
- Where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but will be deleted six years after the end of the business relationship unless you as our client ask us to retain it for a longer period.
Our contractual terms provide for the destruction of documents after six years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.
You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as follows:
Individuals, trustees and partnerships:
- With trading or rental income: five years and 10 months after the end of the tax year.
- Otherwise: 22 months after the end of the tax year.
Companies, LLPs and other corporate entities:
- Six years from the end of the accounting period.
Where we act as a data processor as defined in DPA 2018, we will delete or return all personal data to the data controller as agreed with the controller at the termination of the contract.
Your Rights
You have various rights in respect of the personal information Swiftacc holds about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting Swiftacc. Please note that you will need to provide Swiftacc with evidence of your identity.
- Request access to your personal information: You can ask Swiftacc to give you a copy of the personal information that Swiftacc holds about you.
- Request correction: You can ask Swiftacc to change or complete any inaccurate or incomplete personal information held about you.
- Request erasure: You can ask Swiftacc to delete your personal information where it is no longer necessary for Swiftacc to use it, you have withdrawn consent, or where Swiftacc has no lawful basis for keeping it.
- Right to object: You can object to Swiftacc processing of your personal information where Swiftacc is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where Swiftacc is processing your personal information for direct marketing purposes.
- Request restriction: You can ask Swiftacc to restrict our use of your personal information in the following circumstances: a) if you want us to establish the data’s accuracy; (b) where Swiftacc’s use of the data is unlawful but you do not want Swiftacc to erase it; (c) where you need Swiftacc to hold the data even if Swiftacc no longer require it as you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but Swiftacc needs to verify whether Swiftacc has overriding legitimate grounds to use it.
- Request transfer: You can ask us to provide you or a third party with some of the personal information that Swiftacc holds about you in a structured, commonly used, electronic form, so it can be easily transferred.
- Withdraw consent: If you have given Swiftacc your consent to use personal information (for example, for marketing), you can withdraw your consent at any time. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, Swiftacc may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Swiftacc tries to respond to all legitimate requests within one month. Occasionally it may take Swiftacc longer than a month if your request is particularly complex or you have made a number of requests. In this case, Swiftacc will notify you and keep you updated.
Protection of personal data we hold about you
We have put in place various security measures, both technical and organisational, to protect your personal data from loss, misuse, alternation or destruction. Our security and privacy policies are regularly reviewed.
All Swiftacc, employees have signed a confidentiality agreement and only authorised persons will have access to your personal data on the need only basis.
Policy changes
Swiftacc reserves the right to change its privacy policies at any time. Up to date policies are always available on our website. This Privacy Policy forms part of a legal agreement between you and Swiftacc.
By using our website, you hereby consent to our Privacy Policy and agree to its terms.
Complaints
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to:
- Swiftacc Limited
- Unit 211, 2nd Floor, Radial House, 3-5 Ripple Road Barking, IG11 7NF, United Kingdom.
- +44 7395 901 851
- info@swiftacc.org.uk
Looking for More?
Our goal is to support our clients’ success at affordable price. We will not only take care of your accounting needs but also offer valuable insight and guidance to advance your Business.
