Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.
Who are we?
Nathan Evans Limited collects, uses and is responsible for certain personal data about you. When we do so we are required to comply with data protection regulation and we are responsible as a data controller of that personal data for the purposes of those laws. When we mention "NEL", "we", "us" or "our" we are referring to Nathan Evans Limited.
Who can you contact for privacy questions or concerns?
If you have any questions or comments about this Privacy Policy or how we handle personal data, please direct your correspondence to: Nathan Evans Limited, 16 Cambrian Way, Marshfield, Cardiff CF3 2WB or e-mail info@nathanevansltd.co.uk. We aim to respond within 30 days from the date we receive a privacy�related communication. You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling to report any concerns you may have about our data handing practices.
How do we collect personal data?
• Directly. We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card, complete online forms, attend meetings, visit our offices or e-mail us
• Indirectly. We obtain personal data indirectly about individuals from a variety of sources. We may include personal data in our software systems to better understand and service our clients, satisfy a legal obligation or pursue our legitimate interests.
- Public Sources – personal data may be obtained from public registers (such as Companies House), credit reference agencies and internet searches
- Business Clients – our clients may engage us to perform professional services which involves sharing personal data they control. For example, we may be asked to provide payroll services for a client which involves personal data about all employees
- Banks – personal and financial data may be obtained from banks and financial institutions, with an individual’s consent, to allow us to provide accounting, tax and other services
What categories of personal data do we collect?
• Personal data. Here is a list of personal data we commonly collect to conduct our business activities. o Contact details (e.g.name, company name, job title, work and mobile telephone numbers, e-mail and postal addresses)
- Family details (e.g. date of birth and marriage status)
- Professional details (e.g. job and career history, educational background and professional memberships)
- Financial information (e.g. National Insurance number, Unique Taxpayer Reference, bank details, payroll data, investment information)
• Sensitive Personal data. We typically do not collect sensitive or special categories of personal data. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive data we may obtain include:
- Personal identification documents that may reveal race or ethnic origin of private individuals, beneficial owners of corporate entities or applicant.
- Expense receipts submitted for individual tax or accounting services that reveal affiliations with trade unions or political opinions.
- Information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
- Information provided to us by our clients in the course of a professional engagement.
• Child data. Although we do not intentionally collect information from individuals under 13 year of age, we may occasionally receive details about children in relation to tax services provided to their parents. Nathan Evans Limited Chartered Accountants
What lawful reasons do we have for processing personal data?
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our product and services:
• Contract – We may process personal data in order to perform our contractual obligations.
• Consent – We may rely on your freely given consent at the time you provided your personal data to us.
• Legitimate interests – We may rely on legitimate interest based on our evaluation that the processing is fair, reasonable and balanced. These included:
- Delivering services to our clients – to deliver the professional services our clients have engaged us to provide
- Direct marketing – to deliver timely market insights and speciality knowledge we believe is welcomed by our clients or those who have interacted with us
• Legal obligations and public interests – We may process personal data in order to meet regulatory and public interest obligations or mandates.
Why do we need personal data?
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
• Providing professional advice and services related to our bookkeeping, accounting, tax and other professional services. Our services may include reviewing client paperwork to assist with completing our work for that client.
• Administering, maintaining and ensuring the security of our information systems, applications and website.
• Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.
Do we share personal data with third parties?
We may share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several, or all, of the following categories of recipients:
• Parties that support us as we provide our services (e.g. IT system support, document production services and cloud-based software services)
• Our professional advisers, including solicitors and insurers
• Financial and professional advisors
• Law enforcement or other government and regulatory agencies (e.g. HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation
• A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all of our business or assets, or any associated rights or interests
Do we transfer your personal data outside the European Economic Area?
We store data on servers located in the United Kingdom. We will not transfer your personal data outside of the European Economic Area or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
What are your data protection rights?
Under the UK’s data protection laws, you have a number of rights in respect of the processing of your personal data. This summary provides an overview of your rights.
• You have the right to object to the processing of your personal data
• You have the right to request access to your personal data
• You have the right to request that any mistakes in your personal data are corrected. For any personal data that we process in order to fulfil our legitimate interests rather than comply with a legal obligation:
• You have the right to request to restrict or prevent your personal data being processed
• You have the right to have your personal data transferred to another data controller
• You have the right to request to have your personal data deleted
Under the relevant data protection law, we may still have valid reasons to continue to store, process or transfer your personal data. You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk. Nathan Evans Limited Chartered Accountants
What about personal data security?
We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Unless a difference time frame applies as a result of a business need or specific legal, regulatory or contractual requirements, where we retain data in accordance with these uses, we retain personal data for seven years. We will dispose of personal data in a secure manner when we no longer need it. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Do we link to other websites?
Our website may contain links to other sites that are not governed by this Privacy Policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by other sites.
Do we change this privacy policy?
We regularly review this Privacy Policy and will post any updates to it on this webpage. This Privacy Policy was last updated on 1 February 2019.