Privacy Policy
1. Purpose of this notice
This notice describes how we collect and use personal data, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices.
2. About us
Barker Wilkinson Limited is a Chartered Accountancy practice. We are registered in England and Wales as a limited company under number 10039028 and our registered office is at 108 High Street, Stevenage Hertfordshire, SG1 3DW.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data. We are required under the Data Protection Legislation to make available the information contained in this privacy notice.
Our Data Manager is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of personal data. Contact information for our Data Manager is detailed in paragraph 15 (Contact Us), below.
3. How we may collect personal data
We obtain personal data, for example, when:
• a proposal is requested from us in respect of the services we provide;
• we are engaged to provide our services and also during the provision of those services;
• we are contacted by email, telephone, post or via our website (for example when there is a query about our services); or
• from publicly available resources (for example, from Companies House).
4. The kind of information we hold
The information we hold may include the following:
• personal details (such as name and/or address/email address);
• details of contact we have had in relation to the provision, or the proposed provision, of our services;
• details of any services received from us;
• our correspondence and communications;
• information about any complaints and enquiries made to us;
• information we receive from other sources, such as publicly available information.
5. How we use personal data we hold
We may process personal data:
• for purposes necessary for the performance of agreed engagement terms with our clients and to comply with our legal obligations, this may include processing personal data, as appropriate, of employees, subcontractors, suppliers and customers of our clients.
• for the purposes of our own legitimate interests provided that those interests do not override any individual’s interests, rights and freedoms which require the protection of personal data.
• for marketing, business development and management purposes.
Please note that we may process personal data for more than one lawful basis depending on the specific purpose for which we are using such data.
In some circumstances we may anonymise the personal data so that it can no longer be associated with a particular individual, in which case we may use it without further notice to that individual.
If an individual refuses to provide us with certain information when requested, we may not be able to perform the contract we have entered into with that person. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process personal data without a person’s knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
6. Data retention
We will only retain personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for personal data, we take into consideration:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal data;
• the lawful grounds on which we based our processing;
• the types of personal data we have collected;
• the amount and categories of personal data; and
• whether the purpose of the processing could reasonably be fulfilled by other means.
7. Change of purpose
Where we need to use personal data for another reason, other than for the purpose for which we collected it, we will only use that personal data where that reason is compatible with the original purpose.
Should it be necessary to use personal data for a new purpose, we will notify the individual concerned and communicate the legal basis which allows us to do so before starting any new processing.
8. Data Sharing
We will share personal data with third parties where we are required by law, where it is necessary to administer the relationship between us and a client or where we have another legitimate interest in doing so.
“Third parties” include third-party service providers. The following activities are carried out by third-party service providers: IT and cloud, professional advisory, website development and maintenance, marketing services, banking and insurance services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect personal data emanating from our clients. We only permit our third-party service providers to process such personal data for specified purposes and in accordance with our instructions.
We may also need to share personal data with a regulator or to otherwise comply with the law.
9. Transferring Personal Data outside the European Economic Area (EEA)
Our website provider directs certain enquiries to their development and newsletter teams which are based in India, which is outside of the EEA. Accordingly, in the event that we commence issuing such newsletters to clients or others, some of the personal data we hold may be transferred to India.
There is an adequacy decision by the European Commission in relation to India and therefore it will be deemed to provide an adequate level of protection for personal information for the purpose of the Data Protection Legislation.
There are measures within our contract with our website provider to ensure that personal data is treated by them in a way that is consistent with and which respects the Data Protection Legislation.
Should further information be required about these measures, please contact us using the contact details noted at paragraph 15 (Contact Us), below.
10. Data Security
We have put in place commercially reasonable and appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify the individual concerned and any applicable regulator of a suspected breach where we are legally required to do so.
11. Rights of Access, Correction, Erasure and Restriction
It is important that the personal data we hold is accurate and current. Should personal information change, we should be notified of any changes of which we need to be made aware by contacting us, using the contact details noted at paragraph 15 (Contact Us), below.
Under certain circumstances, by law, an individual has the right to:
• Request access to personal data. This enables the individual to receive details of the personal data we hold and to check that we are processing it lawfully.
• Request correction of the personal data.
• Request erasure of personal data whereby we are asked to delete or remove personal data where there is no good reason for us continuing to process it or, where a right has been exercised to object to processing (see below).
• Object to processing of personal data where we are relying on a legitimate interest (or those of a third party) and there is something about a particular situation warrants an objection to processing on this basis.
• Request the restriction of processing of personal data. We can be asked to suspend the processing of personal data, for example if we are requested to establish its accuracy or the reason for processing it.
• Request the transfer of personal data to an individual or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If any of the above rights are to be exercised, please email our Data Manager noted at paragraph 15 (Contact Us), below. It will not be necessary to pay a fee to access personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request for access is clearly unfounded or excessive.
We may need to request specific information to help us confirm identity and ensure the right to access the information (or to exercise any rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Alternatively, we may refuse to comply with the request in such circumstances where we have a legal basis for doing so.
12. Right to withdraw consent
In the limited circumstances where consent may have been provided consent to the collection, processing and transfer of personal data for a specific purpose, that consent may be withdrawn for that specific processing at any time. To withdraw consent, please contact our Data Manager noted at paragraph 15 (Contact Us), below.
Once we have received notification consent has been withdrawn, we will no longer process individual information (personal data) for the purpose or purposes originally agreed to, unless we have another legitimate basis for doing so in law.
13. Use of our website
By using any of the forms on our website at www.barkerwilkinson.co.uk, an individual
• implicitly agrees to be bound by our privacy policy and legal disclaimer
• agrees to have their email address added to our mailing list
We may issue periodic mailing from us, such as a newsletter with information on services or news. If such mailings are not wanted, please let us know by contacting us using the contact details noted at paragraph 15 (Contact Us), below. All such mailing, if sent, will give an option to unsubscribe.
Personal data provided via the sign-up form is not profiled and automated decision making is not applied. We will not use personal data provided via the sign-up form for any other purposes than described above.
We take all reasonable precautions to protect any personal data that users may input via our website. We cannot, however, be responsible for loss or misuse of personal data which is intercepted or otherwise accessed by unauthorised persons. We therefore exclude all liability for this.
14. Changes to this notice
Any changes we may make to our privacy notice in the future will be updated on our website at:
www.barkerwilkinson.co.uk
This privacy notice was last updated on 13 August 2018.
15. Contact us
If there are any questions regarding this notice or the manner in which we process personal data, please email our Data Manager Mrs Pauline Barker, email: pauline@barkerwilkinson.co.uk or telephone our Stevenage Office, 01438 721877
Individuals also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for personal data protection issues, at any time. The ICO’s contact details are as follows: Information Commissioner's Office
Wycliffe House Water Lane Wilmslow Cheshire
SK9 5AF Telephone - 0303 123 1113 (local rate) or 01625 545 745 Website - https://ico.org.uk/concerns
16. Cookies and tracking
In order to improve the overall experience of visiting our website, we use a server-based log to collect anonymous information about our website visitors. This data is only used to generate statistical charts and will not be used in any other way.
17. Use of Cookies on our website
By using this site, you have given us consent to use cookies.
Cookies are small text files that are stored on your computer when you visit a website. They are mainly used as a way of improving the website functionalities or to provide more advanced statistical data.
18. Google Analytics
Our website uses Google Analytics which relies on cookies to generate more advanced visitor charts and data mining reports. Similarly to our server-based logs, Google Analytics collects anonymous information that will not be used to identify our website visitors.
19. Login system
Our website contains password protected area(s) that require a user to login. This login system offers to remember the user email address if the relevant box is ticked. Ticking the box will create a cookie that will automatically expire after 1 year or if the box is un-ticked on a subsequent visit.
20. Controlling Cookies
Your web browser (the software you use to access our website) should allow you to control the cookies that it stores on your computer. Please refer to the relevant supplier’s website to find out more.
If you feel that this site is not following its stated information policy, you may contact us by phone, email or post.
21. Changes to this policy
We will post any changes to this policy on our website. Those changes will then apply to any future use by you of our website.