This addendum is issued in addition to our normal terms & conditions, previously signed by yourself
How we manage your personal data
- We may hold your own or your client’s details which may include names, private addresses, date of birth, tax and NI references, company number (if applicable), employer’s reference and name (if applicable), business details (if applicable) and details of past and present taxable income and gains and data on other taxes.
- We hold this data to allow us to provide accountancy and tax compliance and tax advisory services.
- We also hold data in order to make ID checks under the Money Laundering Regulations, this may include a copy of your passport or driving licence and evidence of your address.
- We retain data for as long as statute or regulations demand.
- We hold data electronically and on paper.
- We normally destroy files after six years.
- Our computer hard drives are destroyed before disposal.
- We do not allow any third party access to our data, however, our IT support (outsourced) may work on software programmes that hold that data such as our databases.
- We store data via third party servers and we use applications including Dropbox, Microsoft and Google products.
- Data held on third party servers is highly protected by security features including firewalls, regular scans against malware and measures to prevent SQL injection.
- We process and store data using our tax and accounting software, such software may be located ‘in the Cloud’ and if so we rely on the software provider’s security features and all access if password protected (For example, Xero)
- When software is installed on our local machines all software is password protected.
- We prohibit the use of memory sticks to hold client data. If you provide us with a memory stick we will not transport it out of our office.
- We will only share data with HMRC and HM Courts and Tribunal’s service, during the course of an enquiry or investigation or tax appeal or other reasons if:
- a) We authorised to do so by the taxpayer, or
- b) In the case of a Schedule 36 FA 2008 Information Notice, we have either been so authorised by a tribunal or we are compelled to provide data under the terms of a third party notice, or
- c) We are obliged by other regulations to provide data.
- We may use third party contractors in our business and they are required to sign a ‘Fit and proper’ declaration which includes a declaration that they will not remove data or pass on data to other parties.