General Data Protection Regulations
Privacy Statement – May 2018
Introduction To GDPR
The General Data Protection Regulation (GDPR)
will come into force on 25 May 2018. It is an overhaul of the
existing EU legislation on Data Protection, and not a new approach. It replaces
the UK’s Data Protection Act 1998.
Name of the Data Protection Officer (DPO)
Mrs Hazel Todesco
The Purposes of
Processing Personal Data
Court Park Financial Services Ltd is a
“processor” of personal information. We will use some, or all, of your personal
data to prepare Accounts, Company Secretarial documents, Payroll, Reports and
Tax Returns, to communicate with you, and to ensure that our databases are
accurate and up-to-date.
Lawful Basis for
The processing of your personal data is
necessary for the contract we have with you (Letter of Engagement).
Categories of Personal
In addition to personal data obtained from
yourself, we sometimes obtain personal data from HM Revenue & Customs and
Companies House to assist in the preparation of Accounts, Company Secretarial
documents, Payroll, Reports and Tax Returns. We may also need to obtain
personal data for Court Park Financial Services Ltd to comply with the Money
Laundering legislation. When appropriate, we will request personal data from a
previous Accountant/Tax Advisor to ensure a smooth handover of your affairs and
to accurately prepare your accounts, Tax Returns and other documents. Court
Park Financial Services Ltd does not purchase information about clients or
potential clients. We do not obtain any data from people who access our
Recipients of Your
Personal data is provided to HM Revenue &
Customs and Companies House when we submit Accounts, Tax Returns and Company
Secretarial forms. We will not supply your personal data to any other
organisation or person unless we receive your specific consent, or there is a
legal basis for us to do so and we have a duty to comply.
Retention Periods of
Your data will be stored and used from the
time you become a client until you cease to be so. It is our normal policy to
retain routine personal data in hard copy for at least six years after the end
of a financial year/tax year to comply with our Institute’s rules (ICAEW).
Important personal data may be kept for longer.
Personal data held in electronic format, stored
on our computers may last for longer periods.
The Rights Available
The GDPR provides the following rights for
- The right to be informed about our processing of your
- The right to request access of your data;
- The right to rectification of inaccurate and/or
- The right to erasure of your personal data;
- The right to restrict processing of your data;
- The right to data portability of your data; and
- The right to object to processing of your data.
There are rights in relation to automated
decision making and profiling. Court Park Financial Services Ltd is not
involved in such activities.
You have the right to complain to the
Information Commissioner’s Office. It has enforcement powers and can
investigate compliance with data protection law.
What Personal Data Do
We hold personal data such as full names,
addresses, marital status, gender, telephone numbers, email addresses, date of
birth, national insurance number and/or Passport details, tax reference number
and financial details.
Why Do We Hold
We retain your personal data to provide the
professional services that we offer, issue invoices and statements, and to
maintain our client database.
Where & How Is
Personal Data Secured?
We use professional software such as Quickbooks,
plus Microsoft Excel spreadsheets and Word documents. The computers are
password protected and have professional anti-virus software installed, which
is up-dated regularly and have firewalls. Data is backed up weekly. Current paper-based
data held in files and folders are located in a lockable office.