For people who contact us through our website:
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal date will become part of your file with us. If you do not become a client, we will delete your personal data [3] months after your last contact with us.
For people who sign up for our newsletter:
We use the contact information you have provided us to send you our newsletter and other updates. Our legal basis for this processing is the consent that you provided when you signed up. We always include an unsubscribe option in our marketing communications, so you can opt out of receiving such communications at any time. We will retain your contact information until you unsubscribe or opt out.
For people whose information we received from one of our clients:
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of 7 years because we believe we have a legal responsibility to retain it for this period.
We share your personal data with our IT service providers, including [our SaaS accounting software provider] and [our cloud data storage provider]. These providers are not permitted to use this data, except on our behalf. We may share your personal data with advisors who are subject to rules of confidentiality. We may also be obliged to provide access to your personal data to regulators, including our professional body.
If we received your personal data from one of our clients, then we also share your personal data with that client.
We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.
[We transfer data to [a service provider] located in [specify country outside the EEA]. The safeguard we have put in place for this transfer is to enter into European Commission approved standard contractual clauses with the provider.
[Repeat for other transfers to other third countries].