Privacy Notice
Introduction
The Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR) impose certain legal obligations in connection with the processing of personal data.
CM Accountants is a data controller within the meaning of the GDPR, and we process personal data.
We may amend this privacy notice from time to time. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 18 August 2023.
Where we act as a data processor on behalf of a data controller (for example, when processing payroll), we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
Personal data collected
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
The purposes for which we intend to process personal data:
- to enable us to supply professional services to you as our client
- to fulfil our obligations under relevant laws in force from time to time (e.g., the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017))
- to comply with professional obligations to which we are subject as a member of ACCA
- to use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings
- to enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen
- to contact you about other services we provide which may be of interest to you if you have consented to us doing so
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
Persons/organisations to whom we may give personal data
We may share your personal data with:
- Companies House, Charity regulators and HMRC
- any third parties with whom you require or permit us to correspond
- subcontractors
- an alternate appointed by us in the event of incapacity or death
- professional indemnity insurers
- our professional body, ACCA and/or the Office for Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)
If the law allows or requires us to do so, we may share your personal data with:
- the police and law enforcement agencies
- courts and tribunals
- the Information Commissioner's Office (ICO)
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
GDPR
CM Accountants of 17 Maes Y Gwenyn, Rhoose, Vale of Glamorgan, CF62 3LA - process your personal data as per our purposes set out and retention periods specified in the contract with you, which also relies on certain service providers contracting with us. If you do not provide the required personal financial data to us, we may be unable to fulfil the terms of the contract, for example, in submitting your accounts to the authorities, which includes analysing your personal information to assess your tax obligations. When your personal information is transferred outside the European Economic Area, we shall seek your explicit consent. You have the right to access, rectify, erase and port your personal data, as well as restrict processing or object to processing. You also have the right to lodge a complaint with the Information Commissioner.