We respect the privacy, and ensure the safeguarding, of the personal information of every person who engages with us to use the products or services that Ross Bennet-Smith provides or whose personal information we may process as a result of providing the services to others, or for those who apply for an employment position.
PURPOSE OF THIS POLICY
WHO WE ARE AND WHAT WE DO
Ross Bennet-Smith is a partnership, registered with the Information Commissioner’s Office and the Institute of Chartered Accountants in England and Wales. Each partner is a data controller. A list of the partners is available on application.
The data controller(s) responsible for your personal information processed in relation to the services are the Partners. In this document the data controllers responsible for operation of our Services are referred to as “we”, “us” or “our”.
Ross Bennet-Smith’s registered address is at Charles House, 5-11 Regent Street St James’s, London SW1Y 4LR.
HOW TO CONTACT US
Our main reasons for collecting personal information are for:
(i) identity verification purposes;
(ii) enabling the provision of services;
(iii) compliance with any applicable law, court order, other judicial process, or the requirements of a regulator;
(iv) contact in the normal course of business (where you, or someone known to you, have provided the information);
(v) recruitment purposes; and
(vi) use as otherwise required or permitted by law.
The information we collect may depend upon the purpose for which we hold such. For employment candidates, it may include:-
• Contact information including email address
• Other information relevant to the position
If you are an individual client in receipt of our services or prospective individual client:
• Name and position.
• Contact information including email address.
• Other information relevant to provision of services.
• Relevant information as required by anti-money laundering regulations and regulatory rules which require us to conduct due diligence on our clients. This may possibly include evidence of source of funds and may comprise documentation which we request from a prospective client and through the use of online sources.
Where engaged by corporate entities, personal information about other persons may be provided to us on, for example, shareholders’, directors and employees.
If you are an individual whose personal information may be processed by us as a result of providing services to others (including individual and corporate clients), we may process a variety of different personal information depending on the services provided.
We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the services to our client (for instance, foreign accountancy practices, tax advisers, law firms, experts, HMRC).
Please note also that we do not have to provide information to you about how we process your personal information when doing so as a result of providing the services to others, and may indeed be subject to professional obligations of confidentiality in respect of the services.
Who do we share your personal information with for this purpose
We may share personal information with a variety of the following categories of third parties as necessary when providing the services:
• Experts (for example foreign lawyers, tax or medical advisors, accountants, valuers)
• Insurers (including but not limited professional indemnity insurers)
• Regulators/tax authorities/corporate registries
• Courts and Tribunals
• Crime enforcement agencies
• IT and telephony service providers for hosting and support services
• Document storage providers
• Cloud based providers of accountancy systems
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the services as effectively as we can.
What is our legal basis
It is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest or a third party’s legitimate interest to use the personal information to provide our services in line with engagement terms.
We use your personal information for the following recruitment purposes:
• To assess your suitability for any position for which you may apply.
Who do we share your personal information with for these purposes
We will share your personal information with third parties who assist us in carrying out our recruitment activity.
What is our legal basis
Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.
HOW DO WE OBTAIN YOUR CONSENT
Where our use of your personal information requires your consent, you can provide such consent:
• at the time we collect your personal information following the instructions provided; or
THIRD PARTY CONTRACTORS AND OTHER CONTROLLERS
As mentioned above, we may appoint sub-contractor data processors as required to help us to deliver the services, such as but not limited to, ixbrl tagging providers where we do so, they will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place necessary contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers in common with us where necessary to deliver the services, such as but not limited to, legal advisers, valuers or foreign accountants. Where we do so, we will comply with our legal and regulatory obligations in relation to the personal information including but without limitation (where necessary) putting appropriate safeguards in place to ensure any personal information is processed according to our legal and regulatory obligations.
If you are based within the EEA, please note that where necessary to deliver the Services we will transfer personal information to countries outside the EEA. Not all countries provide the same level of protection in relation to personal information as within the EEA. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. This will includes having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR
For personal information we have processed as part of providing the services to any client, we will retain relevant personal information for at least seven years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world) or for longer where we are required to do so according to our regulatory obligations or professional indemnity obligations. See our Terms of Business for further details.
CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL INFORMATION
We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with, the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services and employee candidates.
HOW TO ACCESS YOUR INFORMATION AND YOUR OTHER RIGHTS
You have the following rights in relation to the personal information we hold about you. Please note that these rights are subject to certain exemptions which may be applicable to any request you make:
Your right of access
If you ask us, we will confirm whether we are processing your personal information and, if necessary subject to any applicable exemptions, provide you with a copy of that personal information (along with certain other details) within the timescales or extended timescales provided for by the GDPR for complex requests, or as applicable provide you with an explanation of why we will not be complying with your request. If you require additional copies, we may need to charge a reasonable fee.
Where we are providing services solely as data processor, you will need to make any such request to the data controller, which may be the directors or representatives of clients.
Your right to rectification
If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If you are entitled to rectification and if we have shared your personal information with others, we will let them know about the rectification where possible and where this would not involve disproportionate effort. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable because that was the legal basis on which we were processing your personal data). If you are entitled to erasure and if we have shared your personal information with others, we will take reasonable steps to inform those others where possible and where this does not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
Your right to restrict processing
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so and does not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
Your right to data portability
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal information, and we will do so, if we are:
• relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for processing.
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the Information Commissioner’s Office (ICO) in the UK where your concern relates to Ross Bennet-Smith. You can find details about how to do this on the ICO website or by calling their office on 0303 123 1113.