Privacy Notice for FUSE Accountants LLP
FUSE Accountants LLP takes the protection of your privacy very seriously. We will only use your personal information to deliver the services you have requested from us and to meet our legal responsibilities.
We need to gather and use certain information and personal data about individuals. These can include clients, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
This policy describes how personal data is collected, used and stored to meet data protection standards and to comply with the law in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 or any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Who we are?
FUSE Accountants LLP (‘we’, ‘us’, ‘our’ and ‘ours’) is an accountancy, tax and business advisory firm. We are registered in England and Wales under number: OC355012 and our registered address is Pound House, 62A Highgate High Street, London, N6 5HX.
We are the ‘data controller’ and responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
How do we collect information?
We obtain personal data about you when you engage us to deliver our services or make an enquiry into our services. This information can be obtained in a variety of ways, to include the following, but not limited to:
If you contact or meet with us in person to request a proposal from us or engage us in respect of our services
When you contact us via our website, by email, telephone, post or social media
From third parties and/or publicly available resources such as mortgage brokers, HMRC, Companies House or your previous accountant.
What information we may hold?
The personal information we collect from you will vary depending on the services we provide to you, and may include:
your personal details such as your name and address, title, marital status, date of birth, gender, national insurance number, unique taxpayer reference number, tax codes, financial details, nationality and ID information
contact details we have and have had for you such as company address, email address and telephone numbers
details of any services you have received from us
transaction data, which includes details about payments to and from you and bank account details
details of contact we have had with you such as correspondence and communications between us
information about any complaints and enquiries you make to us
Information we receive from other sources, such as publicly available information, information provided by your employer or other clients or third parties
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How do we use personal information?
We will only use your personal data for purposes necessary for the performance of our contract with you and where we need to comply with our legal obligations.
We may process your personal data for certain additional purposes with your consent. In such events you have the right to withdraw your consent to processing for such specific purposes.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
What legal basis do we have for processing your personal data?
As part of providing our agreed services and depending on which services you engage us to deliver, we may use your information to:
contact you by post, email or telephone
verify your identity where this is required
carry out our obligations arising from any agreements entered into between you, your employer and us (most usually in respect of the provision of services)
fulfill our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”))
comply with professional obligations to which we are subject as a member of the Association of Chartered Certified Accountants
understand your needs and how they may be met
provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes
notify you about any changes to our services
maintain our records in accordance with applicable legal and regulatory obligations
process financial transactions
prevent and detect crime, fraud or corruption
When do we share personal data?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
‘Third parties’ includes third-party service providers and other entities within our firm’s network such as IT and cloud services, payroll, professional advisory services and banking services.
Third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We may also need to share your personal data with a regulator or to otherwise comply with the law.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff or contract workers with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example to process payroll or bookkeeping. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a Court Order or for the purposes of prevention and detection of crime, fraud or corruption.
Transferring personal data outside the European Economic Area (EEA)
We may transfer the personal data we collect about you to countries outside of the EEA in order to perform our contract with you, which may happen if one of our service providers is located in a country outside the EEA. If we do transfer your personal information outside the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA by use of specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
How do we secure personal data?
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have a secure network where all servers, firewalls and security applications are routinely updated. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also operate a dual-factor authentication process for our network.
Any documentation received by us in paper form is scanned where necessary and held within our secure digital network, and additional paperwork is then either shred or returned to sender when no longer required.
Where we have given or where you have chosen a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long do we keep your personal data for?
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically six to seven years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a minimum period of seven years from the end of the period concerned.
Rights of access, correction, erasure and restriction
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be aware by contacting us, using the contact details below.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
Request correction of the personal data that we hold about you.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email us at firstname.lastname@example.org and state that you wish to withdraw your consent.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Changes to this Privacy Notice
Any changes we may make to our Privacy Notice in the future will be updated on our website.
This Privacy Notice was last updated on 24 May 2018.
How to contact us?
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email us at email@example.com or telephone on 0208 342 7390.
We seek to resolve directly all complaints about how we handle your personal information however, you also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns