For the purposes of this statement “Smith Cooper” refers to Smith Cooper Limited, Smith Cooper Audit Limited and SC Advisory Services Limited which trades as Smith Cooper.
Smith Cooper (“we”, “us”, “the firm”) takes the protection of your privacy very seriously and we are firmly committed to the protection of personal data. We define personal data as being any information which can identify a living person. As such, there are numerous different ways in which we collect and use personal data. We will only use your personal information to deliver the services that you have requested from us and to meet our legal responsibilities. Set out below in this Privacy Statement are the ways and reasons that we collect personal data and how we use it. We have also stated the lawful basis of processing, and the period for which each type of personal data is retained.
Who do we hold or process data on?
We hold and/or process personal data on any of the following:
- Personal clients
- Contacts, targets and intermediaries
- Website visitors
- Partners and employees
How do we collect information from you?
We obtain information about you when you engage us to deliver our services and/or when you use our website, for example, when you contact us about our services.
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, address, telephone number, email address, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details, your IP address, which pages you may have visited on our website and when you accessed them.
When we take on new clients we also request personal data to verify the client in accordance with the Money Laundering Regulations. We also carry out regular reviews of our client base to establish whether we need to update our verification data which may involve further personal data being requested. Personal data may be obtained direct from the client or from other publicly available sources.
Use of credit reference agencies
As part of our procedures to verify clients in accordance with the Money Laundering Regulations we may use the services offered by Transunion (formerly CallCredit). This is not a credit check, solely and identity check. The personal data which we provide to Transunion may include:
- Date of birth
- Passport number
- Driving license number
We will use the information obtained from Transunion to confirm your identity. We do not share details about our clients with credit reference agencies and solely use them for identification purposes.
You can find out more about Transunion, including who they are, the data they hold and how they use it, how they share personal information, how long they can keep data and your data protection rights by following the link below:
Sensitive personal data
We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. Examples of sensitive personal data we may obtain include:
- Dietary restrictions or access requirements when registering for in-person events that reveal religious beliefs or physical health.
- Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants.
- Expense receipts submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
- Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
- Information provided to us by our clients in the course of a professional engagement.
Lawful reasons for processing personal data
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
- Contract – We may process personal data in order to perform our contractual obligations.
- Consent – We may rely on your freely given consent at the time you provided your personal data to us.
- Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include
- Delivering services to our clients – To deliver the professional services our clients have engaged us to provide:
- Direct marketing – To deliver timely market insights and speciality knowledge we believe is welcomed by our business clients, subscribers and individuals who have interacted with us.
- Legal obligations and public interests – We may process personal data in order to meet regulatory and public interest obligations or mandates.
How is your information used?
In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:
- contact you by post, email or telephone
- verify your identity where this is required
- understand your needs and how they may be met
- maintain our records in accordance with applicable legal and regulatory obligations
- process financial transactions
- prevent and detect crime, fraud or corruption
We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you. The period of retention required varies with the applicable legislation but is typically at least seven years. To ensure compliance with all such requirements it is the policy of the firm to retain all data for a period of at least seven years from the end of the period concerned. For certain other services such as insolvency or where data is standing data the retention period may be longer. If you have any doubts about how long we will retain your data please contact your local office.
Processing data on for personal clients
In addition to basic contact details, the processing of data for personal clients includes data such as income, assets and investments, tax references, family information, employment and business interests.
We may need to process personal data in certain of the services that the firm provides:
- Data obtained from personal clients is used to complete HMRC tax returns, providing tax advice and general business advice to sole traders, partnerships and directors of limited companies;
- If we are also preparing the payroll for our clients we will process personal data to produce payroll reports.
- We may also process personal data as part of the day to day running of the firm. For example, in managing our client relationships, organising client seminars and training events and general management of our website.
Who has access to your information?
We will not sell or rent your information to third parties and we will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
We are authorised by and registered with, the Institute of Chartered Accountants in England & Wales. We are therefore subject to regulatory, legal and professional obligations and are subject to regular inspections. Compliance with these obligations may involve granting access to personal data.
Use of third parties
There are occasions when personal data held by us may be transferred to other parties. For example, we use other Smith Cooper group companies to provide and maintain the firm’s IT systems. These companies are subject to the same Privacy Policies as Smith Cooper. We also use other providers of IT services such as website hosting, cloud based software, IT security and storage. We ensure that the IT systems used by those third parties are located in secure sites and that the companies themselves have compliant GDPR systems and procedures. Where we use third parties to process personal data on behalf of the firm we ensure that written contracts are in place which set out our respective responsibilities and liabilities.
We may also have a need to disclose personal data to other parties such as the firm’s auditors, other professional firms and our own regulatory bodies. We may also have a legal obligation to disclose personal data to government and regulatory authorities for compliance purposes.
How you can access and update your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email us at email@example.com, or call your local office. We will make every effort to ensure that the data is updated as soon as possible.
You have the right to ask for a copy of the information which Smith Cooper holds about you.
Security measures in place to protect the loss, misuse or alteration of your information
We take the protection and security of personal data very seriously. We have detailed and documented policies in place covering the security of personal data and our staff are trained in the requirements of data protection legislation. Personal data will only be shared with others when we are legally entitled to do so. In such situations we ensure that contractual agreements are in place with those other parties to ensure that the personal data is protected and kept confidential.
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but within the European Economic Area (EEA). We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
We may occasionally contact you by post, email or telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us at firstname.lastname@example.org
Where we send regular newsletters and other marketing material to clients and contacts this may fall outside the legitimate interest and lawful basis for processing data and may also fall within the scope of the Privacy and Electronic Communications Regulations. We therefore obtain your consent prior to sending any such material to you. At any time, you may choose to opt out of further mailings by contacting us at email@example.com
Access to your information: You have the right to request a copy of the personal information about you that we hold.
Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information:
Under certain circumstances, you may have a right to have any personal data held by the firm deleted. If you would like to exercise this right please contact us at firstname.lastname@example.org There may be statutory or other reasons why we are unable to remove the data and if this is the case, we will inform you of this.
You have the right to ask us to delete personal information about you where:
- you consider that we no longer require the information for the purposes for which it was obtained
- you have validly objected to our use of your personal information – see ‘Objecting to how we may use your information’ below
- our use of your personal information is contrary to law or our other legal obligations
Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in ‘Contact information’ below if you wish to exercise any of these rights.
Personal data obtained from visitors to our website is used to request information, sign up to mailshots or to sign up to attend seminars
If you do not opt out of receiving other information we may use the personal data to contact you about other services offered by the firm which we think may be of interest to you.
Personal data will be retained for as long as we have a relationship with the visitor
Visiting our offices
CCTV is in operation outside some of our offices. This is in place for security reasons and is controlled by parties outside of the firm who manage the properties. It is generally only accessed when an incident occurs which requires access to CCTV records by police or other security companies. Records are overwritten on a regular basis.
If you visit one of our offices you will be required to sign in and out of the building. These records are kept in order to comply with fire regulations, are stored securely and destroyed on a regular basis.
Partners and employees
Personal data on partners and staff is collected in the ordinary course of running our business. Further details are included in the firm’s Staff Handbook which is available for all staff on the firm’s HR system. Personal data obtained from staff and partners will be retained for sufficient time to comply with employment laws and HMRC regulations.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on our website at www.smithcooper.co.uk. Paper copies of the privacy notice may also be obtained from your local office.
Please contact us with any concerns or amendments to personal data at email@example.com
We seek to resolve directly all complaints about how we handle your personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office at
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745