Introduction To GDPR

The General Data Protection Regulation (GDPR) came into force on 25 th May 2018. It was an
overhaul of the existing EU legislation on Data Protection, and not a new approach. It replaced the UK’s Data Protection Act 1998.

The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.

Name of The Responsible GDPR Officer

Mr. Warren Gell

The Purposes of Processing Personal Data

Warren Gell Chartered Taxation Advisor is a “processor” of personal information. I will use some, or all, of your personal data to: –

  1. Enable me to supply professional services to you as my client;
  2. Fulfil my obligations under relevant laws in force from time to time (e.g., The Proceeds of Crime Act 2002 (POCA) as amended, The Terrorism Act 2000 (TA 2000) as amended, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the 2017 Regulations) as amended, Terrorist Asset-Freezing etc. Act 2010, Anti-terrorism, Crime and Security Act 2001, Counter-terrorism Act 2008, Schedule 7, Criminal Finances Act 2017.
  3. Comply with professional obligations to which I am subject as a member of
    (e.g., CIOT & ATT);
  4. Use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;
  5. Enable me to invoice you for my services and investigate/address any attendant fee disputes that may have arisen; and
  6. Contact you about other services I provide which may be of interest to you if you have consented to me doing so.

The Legal Bases for our intended Processing of Personal Data

My intended processing of personal data has the following legal bases: –

The processing is necessary for the performance of my contract with you (The Letter of
Engagement).

  1. The processing is necessary for the performance of my contract with you (The Letter of
    Engagement).
  2. The processing is necessary for compliance with legal obligations to which I am subject (e.g., The
    Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer)
    Regulations 2017 (the 2017 Regulations) as amended.

It is a requirement of my contract with you that you provide me with the personal data that I
request. If you do not provide the information that we request, I may not be able to provide
professional services to you.

Categories of Personal Data Obtained

In addition to personal data obtained from yourself, and maybe your professional adviser(s),
I sometimes obtain personal data from HM Revenue & Customs and Companies House to assist in the preparation of Accounts and Tax Returns. When appropriate, I will request personal data from a previous Accountant/Tax Advisor to ensure a smooth handover of your affairs and to accurately prepare your Accounts, Tax Returns and other documents. I do not purchase information about clients or potential clients. I do not obtain any data from people who access our website.

Recipients of Your Personal Data

I may share your personal data with: –

  1. HM Revenue & Customs & Companies House;
  2. Any third parties with whom you require or permit me to correspond;
  3. Subcontractors;
  4. An alternate appointed by me in the event of incapacity or death;
  5. Professional indemnity insurers; and
  6. My professional bodies (e.g., CIOT & ATT) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the 2017 Regulations) as amended (or any similar legislation).

If the law allows or requires me to do so, we may share your personal data with: –

7. The police and law enforcement agencies;
8. Courts and tribunals; and
9. The Information Commissioner’s Office (“ICO”).

    I may need to share your personal data with the third parties identified above in order to comply with my legal obligations, including my legal obligations to you. If you ask me not to share your personal data with such third parties, I may need to cease to act.

    Transfers of personal data
    outside the UK

    Your personal data will be processed in the UK only.

    Retention Periods of Personal Data

    In accordance with recognised good practice within the tax and accountancy sector I will retain all our records relating to you as follows: –

    1. Where Accounts and Tax Returns etc., have been prepared it is my policy to retain information for at least 7 years from the end of the tax year to which the information relates;
    2. Where ad hoc advisory work has been undertaken it is my policy to retain information for 7 years from the date the business relationship ceased; and
    3. Where I have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but should be deleted 7 years after the end of the business relationship unless you as my client ask me to retain it for a longer period.

    Individuals, trustees and partnerships: –

    My contractual terms provide for the destruction of documents after 7 years and therefore
    agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.

    You are responsible for retaining information that I send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as
    follows: –

    Individuals, trustees and partnerships: –

    1. With trading or rental income: five years and 10 months after the end of the tax year; and
    2. Otherwise, 22 months after the end of the tax year.

    Companies, LLPs and other corporate entities: –

    1. Six years from the end of the accounting period.

    The Rights Available to Individuals

    The GDPR provides the following rights for individuals: –

    1. The right to be informed about my processing of your personal data;
    2. The right to request access of your data;
    3. The right to rectification of inaccurate and/or incomplete data;
    4. The right to erasure of your personal data;
    5. The right to restrict processing of your data;
    6. The right to data portability of your data; and
    7. The right to object to processing of your data.

    There are rights in relation to automated decision making and profiling.
    I am not involved in such activities.

    You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law.

    What Personal Data Do I Hold?

    I hold personal data such as full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, national insurance number, tax reference number and financial details.

    Where & How is Personal Data Secured?

    I have a computer to hold personal data in electronic format. I use professional software called
    TaxCalc, plus Microsoft Office products. The computer is password protected and have professional malware and anti-virus software installed, which is up-dated regularly. Data is backed up to a hard drive and cloud storage. Current paper-based data held in files and folders are held in a lockable cupboard and filing cabinets.

    I may amend this privacy notice from time to time. If I do so, I will supply you with and/or otherwise make available to you a copy of the amended privacy notice. The latest privacy notice will be available on our website.