DJS Consulting Privacy and client data protection policy
Data subjects consent to holding data
When instructing DJS Consulting to act , and or simply sending data to us, you, as a data subject are giving consent for David Sawyer and DJS Consulting Tax Consultants (DJS) to hold data on yourself, your spouse/partner (if appropriate) and brief details of other family members that you might supply to DJS.
This data may include sensitive personal data, which is defined as: ‘data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation’.
You may withdraw DJS’s permission to hold any data at any time by writing to DJS’s usual business address. Withdrawal of such permission may severely limit the ability to assist you with taxation work. If this is the case, DJS will advise you accordingly.
Use of data held
The data held may be used for the purposes of:
• Advising you concerning the services that DJS offers to its clients.
• The processing of business that you conduct through DJS. This may include the use of third party tax software which is used to produce tax returns and assist with tax calculations.
• The ongoing reporting and administrative matters that arise regarding the business that you have conducted through DJS.
For regulatory reasons, some of the data DJS holds must be retained for 5 years and 10 months from the end of the tax year concerned. Although data may be held longer at DJS discretion subject to risk profile of each individual client and business sector pending potential further enquiries from the UK HM Revenue & Customs (HMRC).
You may request DJS to either delete or transfer data to third parties of your choice (this may be subject to agency law limitations), should you so wish. In turn, DJS will advise you whether such deletion or transfer will affect the services provided to you.
DJS treats the use and handling of your data very seriously and will not release data to any third party without your prior consent, save being instructed to do so by the UK HMRC or other government agency.
The rights of data subjects
As a data subject, your rights have recently been enshrined in EU and international law. They can be summarised as follows:
• A right to require information about data being processed about you.
• Access to the data in certain circumstances.
• The right to have data that is wrong, corrected.
• The right to restrict certain types of processing.
• The right to object to data being used for direct marketing.
• The right to ask for data to be sent to you, the data subject, in a format that is regarded as being standard and easily transferred.
• The right to be forgotten. To have the data held on you erased, as a data subject. And to inform any interested parties this has been done (nb subject to above retention policy).
Data will only be held by DJS on a desktop computer or associated devices that are password protected and cloud service from a third-party provider that is securely managed with access to a document exchange facility if required. DJS will always ensure that data in paper form is held in a secure environment.
You authorise us to correspond with you via normal post (via hard mail service ie postman) to your notified mailing address although generally from a practical point of view we will correspond by email which will not usually be subject to encryption. This is principally due to compatibility difficulties although we will keep the potential development of email encryption and such exchange under review.
Should there be any occasion where there is evidence that emails have gone astray or in particular there is evidence of potential hacking, DJS will inform you without delay.
If the data held on your behalf has been subject to a data breach DJS will inform you as soon as DJS is aware of the problem.
Data breaches may occur due to technological breakdowns or where data has been transferred to a third party, either in error, or more unusually, through theft or misrepresentation.
Please rest assured that DJS take the management of your data very seriously and employ robust practical and technological solutions to protect it.
If DJS become aware of any potential fraud surrounding your data held, DJS will inform you without delay and will suggest methodologies you may be able to use to mitigate the situation. If necessary, DJS will contact any third parties that have been accessed via DJS to try to ensure that they do not deal with other parties purporting to be yourself.
The existence of Data Protection Agencies (DPA) varies from country to country. DJS must report any data breaches on a timely basis as appropriate.
The responsibilities of holding data
DJS takes its responsibilities of holding data very seriously. Current international law requires that DJS thoroughly understands its own business to ensure the control and safety of data at all times.
By its very nature, and indeed as a legal requirement, this policy needs to be brief and to the point. Please do not hesitate to raise any questions should further clarification be required as DJS will be very pleased to assist you with your enquiry.
Information Commissioner’s Office registration reference: Z2417244
Anti-money laundering supervision via Institute of Financial Accountants IFA