David Grey & Co. are committed to protecting your personal data and respect your privacy. This privacy notice will inform you of how we use and look after your personal data.
David Grey & Co. Accountants are Data Controllers and we collect, store and use the personal information of our clients to enable us to provide the services that have been requested of us.
This version was last updated on 1st May 2018
Personal data, or personal information, means any information about an individual from which that person can be identified, such as:
Identity data incl. first, last & middle names, date of birth
Contact data incl. address, e-mail address, phone & fax numbers
Professional Data incl. any information we may collect in the course of providing our services to you.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with an answer to an enquiry). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The personal information that we process has been obtained directly from the data subject themselves or via a 3rd party who use our services. The data may have been given over the phone, via e-mail or letter or through a form that has been filled out.
We only use your personal data where the law allows. The following are the Lawful Basis for processing personal information, for more information on the Lawful Basis please Click Here
A – Consent | B – Contract | C – Legal Obligation | D – Vital Interests | E – Public Task | F – Legitimate Interest
David Grey & Co. process the following personal information, the reasons and lawful basis for this is detailed in the table below:
|Lawful Basis||Lawful Basis (Category)||Reason|
|First Name||C||Legal Obligation||Anti-money laundering|
|Last Name||C||Legal Obligation||Anti-money laundering|
|Middle Name(s)||C||Legal Obligation||Anti-money laundering|
|Address (incl. Postcode)||C||Legal Obligation||Anti-money laundering|
|Email Address||B||Contract||Contacting client|
|Date of Birth||C||Legal Obligation||HMRC|
|National Insurance Number||C||Legal Obligation||HMRC|
|UTR Number||C||Legal Obligation||HMRC|
|Proof of Identity||C||Legal Obligation||Anti-money laundering|
|Proof of Address||C||Legal Obligation||Anti-money laundering|
Change of purpose We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
David Grey & Co. retain the personal data of clients for the duration of time that a client uses our services. Should a client leave, David Grey & Co. will send to the client all personal data and accounts held on file in a safe and secure manor. This information and any associated documentation will then be permanently deleted and/or destroyed by David Grey & Co.
Where the law requires it, copies of accounts or other information may be kept on file/in storage for a period of 7 years, after which it will be deleted and/or destroyed.
Any documentation relating to anti-money laundering will be kept for a period of 3 years after which it will be deleted and/or destroyed.
The GDPR includes the following rights for individuals, for detailed information on these rights please Click Here
You also have the right to request a copy of all the Personal Information that is processed by David Grey & Co. and upon request will receive a report containing this information free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. If you wish to exercise any of the rights set out above, please contact us.
As a security measure we may need to request certain information from you to help us confirm your identity and ensure your right to access your personal data. We aim to respond to all legitimate requests within one month.
Individuals have the right to complain to the ICO (www.ico.org.uk) if they think there is a problem with the way their data is being handled by David Grey & Co.