GDPR

Statement on GDPR compliance

  • We may hold your own or your client’s details which may include names, private addresses, date of birth, tax and national insurance references, company number (if applicable), employer’s reference and name (if applicable), business details (if applicable) and details of past and present taxable income and gains and data on other taxes.
  • We only hold this data to allow us to provide accountancy and tax compliance and tax advisory services (if applicable).
  • We retain data for as long as statute or regulations demand.
  • We hold data electronically and on paper.
  • We normally destroy files after six years.
  • Our computer hard drives are destroyed before disposal.
  • We do not allow any third party access to our data, however, our IT support (outsourced) may work on programmes that hold that data.
  • We may store data via third party applications including Dropbox products.
  • We process and store data on our tax and accounting software.
  • We will only share data with HMRC and HM Courts and Tribunal’s service, during the course of an enquiry or investigation or tax appeal if:
    a) We are authorised to do so by the taxpayer, or
    b) In the case of a Schedule 36 FA 2008 Information Notice, we have either been so authorised by a tribunal or we are compelled to provide data under the terms of a third party notice.

Your Rights

GDPR gives you the following rights:

  • The right to be informed: to know how your information will be held and used (this notice).
  • The right of access: to see your our records of your personal information, so that you know what is held about you and can verify it.
  • The right to rectification: to tell us to make changes to your personal information if it is incorrect or incomplete.
  • The right to erasure (also called “the right to be forgotten”): for you to request us to erase any information they hold about you.
  • The right to restrict processing of personal data: you have the right to request limits on how we use your personal information.
  • The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
  • The right to object: to be able to tell us that you don’t want us to use certain parts of your information, or only to use it for certain purposes.
  • Rights in relation to automated decision-making and profiling.
  • The right to lodge a complaint with the Information Commissioner’s Office: to be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you wish to exercise any of these rights, please address all correspondence to edwin@middlemarsh.com.

If you are dissatisfied with the response you can complain to the Information Commissioner’s Office; their contact details are detailed on their website http://www.ico.org.uk

Our Rights

Please note:

  • if you don’t agree to us keeping records of information about you and your affairs, or if you don’t allow us to use the information in the way we need to, we may not be able to act for you.
  • we have to keep your records of your affairs for a certain period in the data protection statement, which may mean that even if you ask them to erase any details about you, we might have to keep these details until after that period has passed.
  • we can move your records between computers and IT systems, as long as your details are protected from being seen by others without your permission.