This policy applies to the following:
- Richmond Gatehouse, which is a trading name of Richmond Gatehouse LLP. Richmond Gatehouse LLP is a Limited Liability Partnership registered in England and Wales, Company number OC370963.
We may hold your details which may include names, private addresses, date of birth, tax and NI references, company number (if applicable), employer’s reference and name (if applicable), business details (if applicable) and details of past and present taxable income and gains and data on other taxes.
We hold this data to allow us to provide accountancy and tax compliance and tax advisory services (if applicable).
We also hold data in order to make ID checks under the Money Laundering Regulations, this may include a copy of your passport or driving licence and evidence of your address.
We hold data electronically and on paper.
We normally destroy files after six years.
Our computer hard drives are destroyed before disposal.
We do not allow any unauthorised third party access to our data. Our IT support (outsourced) may work on software programmes that hold that data such as our databases.
We store data via third party servers and we use applications including Dropbox, Microsoft and Google products, Stripe, Xero and the IRIS Software Suite.
Data held on third party servers is highly protected by security features including firewalls, regular scans against malware and measures to prevent SQL injection.
We process and store data using our tax and accounting software, such software may be located 'in the Cloud' and if so we rely on the software provider's security features and all access if password protected.
When software is installed on our local machines all software is password protected. We may, on occasion use securely held data for the purposes of marketing.
We will only share data with HMRC and HM Courts and Tribunal’s service, during the
course of an enquiry or investigation or tax appeal or other reasons if:
a) We authorised to do so by the taxpayer, or
b) In the case of a Schedule 36 FA 2008 Information Notice, we have either been so authorised by a tribunal or we are compelled to provide data under the terms of a third party notice, or
c) We are obliged by other regulations to provide data.
We may use third party contractors in our business and they are required to sign a ‘Fit and proper’ declaration which includes a declaration that they will not remove data or pass on data to other parties.
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
We maintain a database that contains the details of users of our website. The details that we retain are as input by you when you registered with our website. We retain this information as required for billing and to contact you.
Our website allows us to track user data for our own analytical purposes. We track users by name (when logged in), by IP address, according to which device you are using (whether you are logged in or not) and by device location.
We do not sell our website data or allow any third party access to our data or our database of users.
Our website data is hosted on third party servers which are protected by firewalls, encryption and access to our servers is protected by password protection applications.
Our hosting offers technical support and support technicians and our web developers may require access to the full back-end of our website. We place reliance on their own security measures when they access our data.
We process personal data relating to those we employ to work as, or are otherwise engaged to work as, part of our workforce. We do this for employment purposes, to assist in the running of the business and/or to enable individuals to be paid.
The personal data we process may include, but may not be limited to, the following:
data relating to your identity (including name, data of birth, gender, photographs, passport, National Insurance Number, immigration status, marital status, dependants), contact details (business and home address, telephone numbers, email addresses, emergency contact details), employment details (position, office location, terms of employment, performance and disciplinary records, sickness and holidays), background information (CV, previous experience, qualifications and certifications, criminal records check (for vetting purposes, where permissible and in accordance with applicable law)), financial information (bank details, tax information, salary, benefits, expenses),IT information – information related to your access to our systems (login details, IP addresses, log files, access/times/duration of use, location).
The collection of this information will benefit us by:
- improving the management of workforce data across the business, enabling development of a comprehensive picture of the workforce and how it is deployed, informing the development of recruitment and retention policies, allowing better financial modelling and planning, ensuring compliance with our policies and procedures and our legal obligations, enabling monitoring of selected protected characteristics.
We will not share information about you with third parties without your consent unless the law allows or requires us to do so.
Under the data protection legislation, you have the right to:
object to processing of personal data that is likely to cause, or is causing, damage or distress, prevent processing for the purpose of direct marketing, object to decisions being taken by automated means, in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed, claim compensation for damages caused by a breach of the data protection legislation.
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaints. The supervisory authority in the UK is the Information Commisioner’s Office
- By email: firstname.lastname@example.org
Or write to us at Managing Partner, Richmond Gatehouse LLP, Thames House, 3 Wellington Street, London, SE18 6NY