Last Updated: 22nd May 2018
For the purposes of the General Data Protection Regulation (“GDPR”) and UK data protection laws, the controller is Fields & Co. (Glasgow) Limited trading as Fields & Co. CA of 225 Fenwick Road, Giffnock, Glasgow, G46 6JG.
How we collect your information
We may collect your personal data in person or by telephone, email, fax, or post. We may collect this data in the following ways:
- Directly from you when you provide information
- When we, from time to time, contact you regarding taxation or related matters
The types of information we collect
We may collect the following types of personal information about you:
- Contact information including your name, address, telephone number, email address, Unique Tax Reference (UTR) number, National Insurance number
- Records of communications between both parties
- Financial information, including bank account details, debit card details, and credit card details and any other information required to administer your financial affairs
How is your information used?
We use your personal data in order to enable us to deliver our services relating to accounting, taxation and other matters we provide in accordance with our contractual obligation, and to meet our legal responsibilities. For the purposes of the General Data Protection Regulation (“GDPR”) and UK data protection laws, when processing your personal data we are relying on the legal basis of:
- Our contract with you
The information we collect and process is required for us to be able to perform our contractual obligations and receive payment from you for the services we provide. Should you fail to provide this information, we would not be able to deliver under the terms of our contract with you.
We may use your information to:
- contact you by post, email or telephone
- verify your identity where this is required
- understand your needs and how they may be met
- maintain our records in accordance with applicable legal and regulatory obligations
- process financial transactions
- prevent and detect crime, fraud or corruption
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically five or six years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a period of seven years from the end of the period concerned.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example to process payroll or basic bookkeeping. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.
How you can access and update your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email, write to us or call us.
You have the right to ask for a copy of the information Fields & Co. CA holds about you.
Security precautions in place to protect the loss, misuse or alteration of your information
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems.
Your data will usually be processed in our office in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but within the European Economic Area (EEA). We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
We may occasionally contact you by post, email or telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us by email, telephone or by letter.
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
- Request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below)
- Object to processing of your personal data in particular ways, including processing based on the lawful basis of legitimate interests and direct marketing.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal data to yourself or another party in a safe and secure way, without affecting its usability, for example in a format that is structured, commonly used, and machine-readable
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Further details regarding these rights can be found on the Information Commissioner’s Office website:
Contact and complaints
- by email: email@example.com
- by telephone: 0141 621 0111
- or by post: Fields & Co. (Glasgow) Limited of 225 Fenwick Road, Giffnock, Glasgow, G46 6JG
We seek to resolve directly all complaints about how we handle your personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office. You can find out more about your rights under applicable data protection laws from the Information Commissioner’s Office website: https://ico.org.uk/concerns