Green And Purple, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).
As our client, you agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge the services (as defined in our Letter of Engagement or other agreements) and for other related purposes including;
- Updating and enhancing client records
- Analysis for management purposes
- Carrying out credit checks in relation to you
- Statutory returns
- Legal and regulatory compliance
- Crime prevention.
This statement outlines what information we may collect from you and how we use that information, as well as how you can check what information we have about you and how you can instruct us to erase that information.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What information we collect
We may collect and store information you send to us that is considered sensitive by the General Data Protection Regulation 2018 (GDPR). This information is required to maintain your accounting records and produce accounts, tax returns and other regulatory returns and analysis.
The information which we collect and retain may include, but is not limited to, the following:
- Copy of passport and / or driver's license
- Copy of household utility bill
- Other evidence of business or personal address
- Contact names, email addresses and phone numbers
- Individual's tax references (UTR, National Insurance number, etc)
- Company / business registration numbers, including UTR and VAT registration number
- Bank details, for example where needed to obtain refunds from HMRC
- Accounting records which we use for processing and producing accounts and tax returns
- Details of third parties with whom you trade, or who also advise you
We will usually hold this information for seven years after the end of our assignment with you in relation to our contracted services, in line with regulatory requirement regarding retention of records.
How we use your information
We use the information we collect from you to provide the best possible service, and to provide evidence of your identity and address for the purposes of anti-money-laundering legislation. The information you provide may also be used to help combat fraud and to identify you before disclosing any confidential information.
We will, from time to time, use your contact information to make contact individually or within a group email about legislation changes or services which may be relevant to you. Where we do this as a group email, your email address will not be disclosed / visible to the recipients. You may opt out of this at any time before or after the GDPR legislation comes into force on 25th May 2018 by emailing email@example.com.
We may disclose your information to any of our employees, subcontractors or associated companies as reasonably necessary to provide you with our services. We will never sell your information to third parties for marketing purposes. Other than as required by law, or as set out in this privacy notice, we will not disclose information about you to any third party without your permission.
Your computer's IP or Internet Protocol Address (a unique numerical address assigned to a computer as it logs on to the internet) may be logged when e-authorising documents via our secure portal, but we do not use this for any other purpose nor share it outside of Green And Purple Ltd.
Green And Purple Ltd will take reasonable technical and organisational precautions to prevent loss, misuse or alteration of the personal information you provide. The transmission of data over the internet is inherently insecure and we cannot guarantee the security of data sent over the internet.
Information you can hold about us
As a client of Green And Purple Ltd we give you permission to hold relevant information about us to allow you to conduct business with us, including:
- Our bank details to allow payment of our invoices
- Our business email addresses
- Our business phone numbers
- Our business address
- Staff contact names
Green And Purple Ltd fully complies with all aspects of the General Data Protection Regulation 2018. You may request copies of the personal information we hold about you (via a ¡§Subject Access Request¡¨) or request that we amend any factual inaccuracies or delete any personal information we have on record. Any such requests must be addressed to our Privacy Compliance Officer Lee Maughan at Ebenezer House, Rooks St, Cottenham, Cambs CB24 8QZ.
Any request may be subject to an administration fee if the request is manifestly unfounded or excessive. We may withhold such personal information to the extent permitted or required by law. Where we are requested to amend our records, or receive a Subject Access Request, we will respond within one month.
Furthermore you may request erasure of your information where:
- the personal data is no longer necessary for the purpose for which we originally collected or processed it;
- we are relying on your consent as our lawful basis for holding the data, and the you withdraw your consent;
- we are relying on legitimate interests as our basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing;
- we are processing the personal data for direct marketing purposes and you object to that processing;
- we have processed the personal data unlawfully (ie in breach of the lawfulness requirement of the 1st principle);
- we have to do it to comply with a legal obligation; or
- we have processed the personal data to offer information society services to a child.
The right to erasure may not exist if retaining the information is:
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation;
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for the establishment, exercise or defense of legal claims
From time-to-time we may revise this statement. Any revised changes will apply from the date of publication. If you have any queries regarding this privacy statement or the treatment of your personal information please email firstname.lastname@example.org, quoting reference "GDPR".