Privacy Policy

Haleys Business Advisers is committed to protecting the privacy and security of the personal data we process.

This privacy notice tells you how we collect and use personal data, our legal bases for doing so and how we protect it. It also informs you about your rights in relation to your personal data and tells you how to contact us or make a complaint. We comply with the UK GDPR (General Data Protection Regulation) and the UK Data Protection Act 2018.

This privacy notice does not apply to candidates for employment or our employees.

We may review this privacy notice from time to time. When we do so we will post an update on our website and update the date of this document.

1. Who are we?

We are Haleys Business Adviser an independent provider of accounting, audit, business advisory and  taxation services. Our registered offices are at Thomas House, Meadowcroft Business Park, Pope Lane, Whitestake, Preston, PR4 4AZ.

This privacy notice applies to Haleys Business Advisers Limited.

We are regulated by the Institute of Chartered Accountants in England and Wales.

‍

2. What personal data do we collect?

The personal data we collect depends on our relationship with you. We collect personal data about our clients, people associated with them and their businesses such as their employees and our suppliers. Common examples of the information we collect are:

⎯ Identity data such as name, any previous names, username, address, contact information, government identifiers including National Insurance number, Unique Taxpayer ID, employee number, date of birth, marriage or death and gender.

⎯ Family details, marital status and relationship to other people.

⎯ Financial data including bank or payment card details, details of income and expenditure, records of loans and other liabilities.

⎯ Records of ownership of assets, shares, and future beneficiaries of income from pensions and trusts.

⎯ Transaction data, including payment history, wages data and credit status.

⎯ Record of consent, for example if you sign up to our newsletter.

⎯ Grants and benefits applied for.

⎯ Job title, trustee status and your relationship to businesses/ organisations.

⎯ Images collected by CCTV at our sites.

Sometimes we collect more sensitive information about individuals. This is usually indirectly during a professional engagement with a client.

We do not routinely collect personal data about children however there are circumstances where this can occur, in particular:

• When a child is set up by an adult client as a beneficiary of a trust.

• When a child is named when their parent or legal guardian is a client receiving our consultancy, financial planning and/or taxation services.

• When we carry out taxation services for a child requested by their parent or legal guardian.

‍

3. For what purposes do we process personal data?

We need personal data to perform our services and carry out our business activities. We process personal data for the following purposes:

⎯ To provide and promote our services, which include but are not limited to preparing accounts, providing audit services and responding to queries relating to them from existing and prospective clients.

⎯ To comply with our legal obligations relating to money laundering.

⎯ To comply with lawful enquiries and scrutiny from our regulators.

⎯ To allow users to log on to electronic portals we provide to share files or messages.

⎯ To send you information and/ or invitations to you that we think may of be of interest to you where doing so is in accordance with the law.

⎯ To engage, pay and deal with our suppliers or prospective suppliers.

⎯ To administer the security of our information systems and websites and troubleshoot errors, monitor the effectiveness of changes and generally make sure our website and electronic portals work well for you.

Where we are obliged to collect your personal data by law or it is a requirement for us to enter into a contract with you or your organisation and you fail to provide that data when requested, we may not be able to enter into or continue our contract with you at all. If this is the case, we will make this clear to you at the time.

Where it is lawful for us to do so, for the purposes set out above and in accordance with this privacy notice, we may process the personal data of individuals without their knowledge.

‍

4. How do we collect personal data?

Information we collect directly:

We collect personal data from you directly either at the outset of our relationship or during the course of it as we provide you with our services, when you send us data, share data with us, allow us to connect to your data systems, fill in forms, subscribe to our newsletter or give us information in person or over the telephone and via other communication systems such as Zoom and Teams.

Information we collect indirectly:

We collect personal data from:

⎯ Our business clients and prospective clients about entities and individuals connected with them to enable us to deliver our services or enter into an engagement to provide services.

⎯ Our individual clients and prospective client about family members and other individuals connected with them to enable us to deliver our services or enter into an engagement to provide services.

⎯ Public sources such as Companies House and SmartSearch, which we use to verify identification details and obtain company information during the on-boarding process. ⎯ From other professional firms, such as previously engaged firms of accountants.

⎯ Providers of financial services and products.

⎯ HMRC.

Information we collect automatically:

Like many other websites, this website uses servers that collect information from you (or the device you use to access it) automatically. This includes IP address, browser type and versions, how you use our website, the page that directed you to our site, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology on the device you use to access it.

We collect some of your personal data through the use of cookies and similar technologies. For further information about cookies and how we use them please read our cookie policy.

‍

5. What is our legal basis for processing personal data?

We only process personal data when we have a lawful basis for doing so. The legal basis we rely on depends on why we are processing the personal data:

To perform a contract

We need to process personal data when we are engaged to provide a service and to administer and fulfil our contractual obligations.

To enable us to comply with a legal obligation

We sometimes need to process personal data so that we can comply with a legal obligation to which we are subject. This includes our obligations to our regulators the Institute of Chartered Accountants in England and Wales. For example, we may need to review your identification documentation for anti-money laundering purposes or we may need to present data to support an enquiry by our regulators.

Legitimate Interests

We rely on legitimate interests (of ours, our clients and/ or relevant third parties) to process personal data in some circumstances, provided that doing so is proportionate and does not unduly prejudice the rights of data subjects. If you are a business client, we rely on this legal basis to provide you with updates about our services and in our field of expertise that we believe, based on our relationship, will be of interest and/or benefit to you.

Public Interest

Processing is sometimes necessary for a task we carry out in the public interest or in the exercise of official authority vested in us as controller.

Consent

We rely on your freely given and informed consent to send you marketing information from by email.

‍

6. What rights do you have in relation to your personal data?

You have a number of rights in relation to your personal data. You have the right to make requests to:

⎯ access and ask for copies of the personal data we keep about you.

⎯ have us correct any personal data you think is inaccurate.

⎯ ask us to place restrictions on the use of your personal data.

⎯ object to our use of your personal data.

⎯ ask us to delete the personal data we keep about you.

⎯ ask that we transfer the information you gave us from one organisation to another or give it to you.

You always have a right to access the personal data we hold about you and to withdraw your consent (if we are relying on your consent to process your personal data) but some of the rights set out above are not absolute and only apply in certain circumstances.

We do not carry out wholly automated decision making using personal data.

If you wish to exercise any of these rights, please contact us using the addresses provided in below in section 11.

‍

7. How long do we keep your personal data?

The time period for which we retain your personal data depends on how long we need to keep it to fulfil the purposes for which we collected it. We also need to retain your personal data to comply with laws, regulations, professional and reporting obligations that we are subject to. Our standard data retention policy is that we retain most personal data for a period of 7 years from the financial year in which the service was first provided, although there are some exceptions to this as follows:

• 24 Hour CCTV Recording is in operation, images are being recorded for the purpose of crime prevention and public safety. Records are kept for 30 days,

• Data related to Trusts which are maintained in perpetuity,

Please contact us using the contact details set out in section 11 if you would like further information.

‍

8. Will we share your personal data with anyone?

When we process personal data for the purposes set out in section 3 we may share personal data with various parties, where it is necessary for those purposes. Third parties we share personal data with include:

⎯ Our clients

⎯ Governmental or similar bodies including Companies House, the Charity Commission  and HMRC

⎯ Providers of financial services and products

⎯ Police and security services

⎯ Auditors and other professional advisors

⎯ Third parties who carry out services on our behalf which involve the processing of personal data, such as IT service providers

⎯ Third parties to whom we sell, transfer or merge parts of our business or our assets Where appropriate, we have agreements in place to require third parties to respect the security of the personal data entrusted to them and to treat it in accordance with the law. We do not authorise third party service providers to process personal data provided to them for their own purposes and only permit them to process personal data for specified purposes and in accordance with our instructions.

‍

9. Will we transfer your personal data outside of the UK or European Economic Area?

Some third parties with whom we share your personal data are based outside of the UK or European Economic Area (EEA). Whenever we transfer your personal data out of the UK or EEA, we do so in accordance with the law ensuring that a similar degree of protection is afforded to your personal data as it would have within the UK or EEA.

Please contact us using the details given in section 11 below if you would like more information on the specific mechanism used to protect transfers of personal data out of the EEA.

‍

10. How do we protect your personal data?

The security of the personal data we process is important to us. We take appropriate technical and organisational measures to protect personal data and have procedures in place that aim to ensure that access to personal data is limited by role. In the event of a breach of personal data, we have processes in place for reporting and incident management and will notify the data subject and/ or the Information Commissioner if required to do so by law. If you have log on credentials to our website or other cloud sharing platforms we provide, you should keep the details confidential. You should also note that whilst we have implemented security measures in relation to protect the security of personal data you transmit by logging onto our site, we cannot ensure or guarantee the security of your personal data transmitted in this way and that such transfers are at your own risk.

‍

11. How to contact us about your personal data?

If you have a query or concern over our use of your personal data please contact Michael Lucas on 01772 741200 or michael.lucas@haleysba.co.uk.

You should also use these contact details to exercise any of your rights as a data subject as set out in Section 6.

‍

12. How to make a complaint ?

If you have any concerns or complaints regarding our processing of your personal data, please contact us as described in Section 11 above and we will do our best to resolve any issues you may have raised. You are also entitled to make a complaint to the Information Commissioner who can be contacted at  https://ico.org.uk.

Date: 28 March 2024

‍