This notice describes how we collect and use personal data about you, in accordance with the General Data protection regulation (GDPR).
Warneford Gibbs is a firm of Chartered Certified Accountants. We are registered as auditors and regulated for a range of investment business activities in the United Kingdom by the Association of Chartered Certified Accountants.
Our office is at: College House, 17 King Edwards Road, Ruislip, Middlesex HA4 7AE.
For the purposes of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data protection Legislation to notify you of the information contained in this privacy notice.
You may at any time request details of any personal information which we hold about you. If you have any questions or concerns about the use of your personal information, or, if you wish to amend what we hold then please contact us as soon as possible and we will amend our record accordingly.
HOW WE MAY COLLECT YOUR PERSONAL DATA
We obtain personal data about you when you engage us to provide our services and also during the provision of those services.
We collect your data in order comply with our legal and regulatory requirements and to provide you with services you have requested.
INFORMATION WE HOLD ABOUT YOU
The information we hold about you may include the following:
Your personal and financial details (such as your contact details, name, date of birth, phone numbers, address details, email addresses, title, marital status, National Insurance number, UTR number, VAT registration number, bank account details and income).
HOW WE USE YOUR PERSONAL DATA
We may process your personal data for purposes necessary for the performance of our contract with you, and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier or client.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances you have the right to withdraw your consent at any time.
We may use your personal data in order to carry out our obligations arising from agreements entered into between and us which will be for the provision of our services.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable comply with our legal or regulatory obligations.
We will only retain your personal data for as long as necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
● The requirements of our business and the services provided
● Any statutory legal obligations
● The purposes for which we originally collected the personal data
● The lawful grounds on which we based our processing
● The types of personal data we have collected
● The amount and categories of your personal data
It is a legal requisite that we keep your file for 6 years after we no longer act for you.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. WE only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Our website does not store any personal information about you and we do not use the website for data collection.
We do not store credit or debit card details. If you are not present and wish to make a payment to us over the phone, we ask for these details in order to enable you to make card payments to us. We do not store these details once a transaction has processed.
RIGHTS OF ACCESS
You may at any time request details of any personal information which we hold about you.
If you have any questions or concerns about the use of your personal information, or, if you wish to amend what we hold then please contact us as soon as possible and we will amend our record accordingly.