Privacy Policy
Maynard Heady LLP is committed to ensuring the privacy and security of your personal information. Because of that, this policy sets out where and how we collect your personal information, as well as your rights over any personal information we hold about you, and how to make a complaint. This Privacy Policy was updated on 31th May 2022 in compliance with the General Data Protection Regulation.
At Maynard Heady LLP, we routinely collect and use personal data about individuals. We gather this information from our clients, website, and social media users. We know our responsibilities to handle your personal data with care, keep it secure, and comply with applicable privacy and data protection laws.
About this Policy
The purpose of this policy is to provide a clear explanation of when, why and how we collect and use information which may relate to you. Please read this policy with care. It provides important information about how we use personal data and explains your statutory rights. This policy is not intended to override the terms of any contract you have with us, nor rights you might have available under applicable data protection laws. Privacy Policy
- Who is responsible for taking care of your data?
- What personal data do we collect?
- When do we collect your personal data?
- What do we use your personal data for?
- Lawful bases for using your personal data
- Who do we share your personal data with?
- Cookies
- Marketing correspondence
- International transfers
- How long do we keep your personal data?
- Security of your personal data
- Your rights
- Contact and complaints
Who is responsible for taking care of your data?
Maynard Heady LLP is principally responsible for looking after your personal data, if you have a contract with us, visit our website and social media sites.
If our client, acting as a Data Controller, has enrolled you on services we provide (for example, payroll, co-trustee etc.). You should contact them, as they should provide you with details of Maynard Heady LLP and our role as a Data Processor.
What personal data do we collect?
If you are a private individual and have a contract with us. In that case, we will process your contact details (name, address, telephone and fax numbers, email address, a copy of an address ID), identity details (date of birth, National Insurance Number, Unique Tax Reference Number, a copy of a photo ID), information about your business (business type, name and company number, VAT type), your family information (spouse’s or partner’s name, information about children), information about our engagement, your financial data (income and sources, taxes and their share, investments, bank account number, tax residency details), information relevant to taxation (properties, their acquisition and living there, litigations, inheritance). We will also process your emails, letters, documents and other written information you provide to us.
If you are a representative of an entity that has a contract with us. In that case, we will process your contact details (name, address, telephone and fax numbers, email address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number, a copy of an ID), information about the entity (business name and company number, VAT number), your family information (spouse’s or partner’s name, information about children), information about our engagement, your financial data (income and sources, taxes and their share, bank account number). We will also process your emails, letters, documents and other written information you provide to us.
If we provide company secretarial services, we will process information relating to your registered office, along with names, addresses and dates of birth of shareholders, company officers and persons of significant control.
If you are an employee enrolled on our services by the employer, we will process your contact details (name, address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number), information about employment (your employer details, date when employment started, amount of working days/hours), financial data (salary, taxes share, investments to pension funds, bonuses).
If you are an employee or pensioner of one of our corporate clients where we prepare and audit accounts under statutory obligations, be that a company or Pension Scheme, we will process your contact details (name, address), identity details (date of birth, National Insurance Number, Unique Tax Reference Number), information about employment (your employer details, date when employment started, amount of working days/hours), financial data (salary, taxes share, investments to pension funds, bonuses).
If you visit our website, we will collect your IP address, cookie identifiers, device identifiers, browser type and version, time zone, browser plug-in types and versions, operating system and platform. For further details, please check Section 7.
If you are following us and interacting on our social media sites, we will process your name, photos, employment details, messages and comments directed to us.
If you provide us with personal data of someone else, you must ensure that you are authorised to disclose that information. We may collect, use and disclose such information for the purposes described in Section 4. You must take reasonable steps to ensure the individual concerned is aware of and consents to the various matters detailed in this policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that personal information, Who Maynard Heady LLP are and how to contact us.
When do we collect your personal data?
We will collect information from private individuals and representatives of entities directly when they apply for our services and correspond with us by email, phone or otherwise.
We may collect information about them from other sources where we believe this is necessary to manage effective underwriting of the risk associated with a contract and help fight financial crime. These other sources may include public registers and databases managed by credit reference agencies, government agencies such as Her Majesty Revenue and Customs (HMRC), and other reputable organisations.
What do we use your personal data for?
If you are a private individual or a representative of an entity that enters into a contract with us, we will use your personal data to register you for requested services, evaluate the risk of potential fraud or other illegal activities, provide requested financial services, respond to your enquiries and advise you, communicate with you, inform you about relevant news in the sector and keep your specific data in accordance with legal, regulator, tax or accounting requirements.
If you are an employee enrolled on our services by the employer, we will use your personal data to provide requested financial services to your employer.
If you are an employee or pensioner of one of our corporate clients where we prepare and/or audit accounts under statutory obligations, be that a company or Pension Scheme, we will use your personal data in connection with the statutory requirements set out in accordance with Accounting Standards and Audit Regulations, which we are required to comply with in providing requested audit and accountancy services to your employer.
If you are visiting our website, we will use your personal data to enable the functionality of our website, to analyse what you are interested in on our website and to improve it to ensure that content is presented in the most effective manner for you and for your device.
If you are following us and interacting on our social media sites, we will use your personal data to provide relevant information to you and the audience.
Lawful bases for using your personal data
We will make sure that we only use your personal data for the purposes set out in Section 4 where we are satisfied that:
- our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to provide our services to you);
- our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (e.g. to retain your documents in compliance with statutory tax, audit and accountancy obligations);
- you have provided your consent to us using the data in that way (e.g. to use our portal or the app);
- our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (e.g. to evaluate your risk for potential fraud or other illegal activities), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.
Who do we share your personal data with?
We work with third parties that help us to manage our business and deliver services. These third parties may from time to time need to have access to your personal data.
The third parties may include:
- Service Providers, who help manage our IT and back office systems and other support services and systems.
- Credit reference agencies and organisations working to prevent fraud in financial services,
- Our regulators, which may include, Professional Bodies, the Financial Conduct Authority (FCA), Her Majesty Revenue and Customs (HMRC) and Information Commissioner’s Office (ICO), as well as other regulators and law enforcement agencies in the EU and around the world, solicitors and other professional services firms,
- We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases other insurers. If we were to sell part of our business we would need to transfer your personal data to the purchaser of such business.
We will only transfer your personal data to companies which are recognised as providing an adequate level of protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Your personal data will never be passed on to any other companies or third parties (other than the third party service providers described above) and will never be added to any third party mailing lists or databases unless you opt in to do so.
Cookies
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Opting out of Cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Marketing correspondence
We may use your personal data to send you our newsletter and other marketing correspondence about our services, events and related news in the sector. This may be in the form of email or a letter sent by post.
In most cases, our processing of your personal data for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law) may be based on your consent. You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out links in electronic communications or contacting us using the details in Section 13.
International transfers
From time to time, we may need to share your personal data with members of Maynard Heady LLP who may be based outside Europe (outside of the European Economic Area).
We may allow our Service Providers, who may be located outside Europe, access to your personal data.
We may also make other disclosures of your personal data overseas, for example, if we receive a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests.
We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Transfers to Service Providers and other third parties will always be protected by contractual commitments and, where appropriate further assurances, such as certification schemes, such as the EU – U.S. Privacy Shield for the protection of personal data transferred from within the EU to the United States of America.
Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.
You have the right to ask us for more information about the safeguards we have put in place, as mentioned above. Contact us as set out in Section 13 if you would like further information.
How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4. In some circumstances, we may retain your personal data for longer periods, for instance, where we are required to do so in accordance with legal, regulator, tax or accounting requirements.
In specific circumstances, we may also retain your personal data for longer periods so that we have an accurate record of your dealings with us in case of any complaints or challenges or if we reasonably believe there is a prospect of litigation relating to your personal data or transactions.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required, we will ensure it is securely deleted.
Security of your personal data
We are committed to handling your personal data with high information security standards. We use computer safeguards such as firewalls and data encryption, enforce physical access controls to our buildings and files, and authorise access to personal data only for employees who require it to fulfil their job responsibilities.
Your rights
You have a number of rights in relation to your personal data.
You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability or the basis for international transfers. You may also exercise a right to complain to the ICO. More information about each of these rights can be found by referring to the table set out below.
To exercise your rights, you may contact us as set out in Section 13.
Contact and complaints
The primary point of contact for all issues arising from this policy, including requests to exercise data subject rights, is Stephanie Caten, who can be contacted in the following ways:
By email: sjc@maynard-heady.co.uk
By Post: Maynard Heady LLP Chartered Accountants, Matrix House, 12‑16 Lionel Road, Canvey Island, Essex, SS8 9DE,
If you have a complaint or concern about how we use your personal data, please contact us in the first instance. We will attempt to resolve the issue as soon as possible. You also have a right to complain to the Information Commissioner’s Office at anytime.