Privacy policy.

Privacy Notice for Barnett & Co Accountants

We, Barnett & Co Accountants, are the data controllers. The firm's Data Protection Officer is Dwayne Barnett. We collect data you provide and data we receive from sources such as your employer, colleagues, customers, HMRC, and other advisers. We use your personal data to manage our professional relationship with you and to meet our legal obligations.

Your data is stored on our systems, including cloud-based systems. We may share data with our insurers, service providers, and various local and national authorities. We retain your data for the duration of our relationship with you, plus seven years, unless there are legal reasons to keep it for longer. You have specific rights regarding your data, including the right to access, rectify, and erase it. We do not use automated profiling.

Introduction

The Data Protection Act 2018 ("DPA 2018") and the General Data Protection Regulation ("GDPR") impose certain legal obligations regarding the processing of personal data.

Barnett & Co Accountants is a data controller within the meaning of the GDPR, and we process personal data. The firm's Data Protection Officer is Dwayne Barnett.

We may amend this privacy notice from time to time. If we do so, we will provide you with a copy of the amended notice.

The purposes for which we process personal data

We process personal data for the following purposes:

  • To provide you with professional services as our client.

  • To fulfil our obligations under relevant laws (e.g., the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017).

  • To comply with professional obligations as a member of a recognised professional body.

  • To use in the investigation and/or defence of potential complaints, disciplinary, and legal proceedings.

  • To invoice you for our services and manage any fee disputes.

  • To contact you about other services we provide, with your consent.

The legal bases for our processing of personal data

Our processing of personal data is based on the following legal grounds:

  • Your consent.

  • The processing is necessary to perform our contract with you.

  • The processing is necessary to comply with legal obligations (e.g., Anti-Money Laundering legislation).

  • The processing is necessary for our legitimate business interests.

If you do not provide the information we request, we may not be able to provide our professional services to you.

Persons and organisations we may share personal data with

We may share your personal data with:

  • HMRC

  • Third parties with whom we are required or permitted to correspond.

  • Subcontractors.

  • Our professional indemnity insurers, their lawyers, and other advisers.

  • Our professional body.

  • An alternate appointed by us in the event of incapacity or death.

If the law requires us to do so, we may also share your data with the police, law enforcement agencies, courts, and the Information Commissioner’s Office (ICO).

Transfers of personal data outside the EEA

We use servers in the UK and EEA to process your personal data. However, there may be occasions when we or our third-party suppliers use services that host information outside the UK or European Union. When this occurs, we will ensure that these suppliers meet all legally approved requirements to safeguard your data.

Retention of personal data

We will retain all records relating to you as follows:

  • Where tax returns have been prepared, we retain information for seven years from the end of the tax year to which it relates.

  • Where ad hoc advisory work has been undertaken, we retain information for seven years from the date the business relationship ceased.

  • Where there is an ongoing client relationship, data needed for more than one year's compliance is retained throughout the relationship and deleted seven years after it ends, unless you ask us to keep it for longer or there is a legal hold on the data.

You are responsible for retaining documents and records relevant to your tax affairs as required by law.

Requesting personal data we hold about you (Subject Access Requests)

You have a right to request access to the personal data we hold about you. All such requests should be made in writing. To help us process your request, please provide details to verify your identity and locate the relevant information, such as your full name, date of birth, previous addresses, and any personal reference numbers we have given you. We will respond within one month.

Your other rights

  • Right to rectification: You have the right to have any inaccurate or incomplete data corrected.

  • Right to erasure: In certain circumstances, you have the right to have your personal data erased.

  • Right to restrict processing and to object: You have the right to 'block' or object to the processing of your personal data.

  • Right to data portability: In certain circumstances, you have the right to obtain your personal data in a machine-readable format.

  • Right to withdraw consent: You have the right to withdraw your consent at any time where our processing is based on consent.

Contact Us

If you have concerns about how we have handled your personal data, you can contact us directly. If you are not satisfied with our response, you have the right to lodge a complaint with the ICO (www.ico.org.uk).