General Data Protection Regulation (GDPR)
By now you should have heard of GDPR, with alerts and notifications coming from all quarters (it comes into force on 25 May 2018).
The Regulation contains six main Underlying Principles regarding Personal Data:
- It must be processed lawfully, fairly and transparently.
- It should only be used for a specific processing purpose that the data subject has been made aware of and no other, without further consent.
- It should be adequate, relevant and limited.
- It should be accurate and, where necessary kept up to date.
- It should not be stored for longer than is necessary, and that storage is kept safe and secure.
- It should be processed in a manner that ensures appropriate security and protection.
At Blythe & Co, we adhere to all of these Principles although please note with regard to the length of time we keep data, it is our intention to hold data indefinitely unless specifically asked not to do so. You have the right (and always have had) to ask for your data to be removed – no change here.
The only purpose for which we use your data is to help you to conduct your financial affairs. Once you have signed our Engagement Letter, we consider we have your consent to share data with HM Revenue & Customs and (where relevant) Companies House – no change here.
- The concept of confidentiality has always been one of our corner stones. With the exception of data sent to HMRC and Companies House we never divulge any of your data without your express approval (e.g. when we provide financial references) – no change here.
- Our data resides in the office and is backed up using the Amazon S3 cloud facility where data security is given high priority – no change here.
- We have Password protection on all of our computers with a second level Password protection on the Tax and Accounts Software that we run – no change here.
- We take our Anti-Virus and Firewall settings very seriously as well as the physical security in the office – no change here.
We don’t open unsolicited unidentifiable e-mail – no change here.
- The only external parties that have access to our data are our WebMaster (he has no access to financial data) and our Computer Consultant. Both are well known to us and both have confirmed that they are GDPR compliant – no change here.
SO WHAT IS CHANGING? The main impact will be felt in the way that we contact you especially when transmitting sensitive data. Remember, in particular, your Tax Return contains your Name, Address, Date of Birth, NI number, Tax Reference, and, in many cases, your Bank Details. We take reasonable steps to ensure our e-mail defence is strong (we are not aware of any data theft or security breaches in the past) but we cannot guarantee the security of data transmitted by e-mail. And from 25 May 2018 we consider it to be unlawful for us to transmit Tax Return and Accounts completion packs by e- mail without your express permission.
The alternative (that we have referred to over the past 5 years) is our on-line portal: IRIS OpenSpace. We cannot guarantee the security here either but our technical advice is that it is considerably more secure than e-mail and it complies with GDPR. We now strongly advise that you adopt IRIS OpenSpace.
For those 17% of you who are used to IRIS OpenSpace, there will be no change – for the rest, an invitation to register will be triggered when we upload our 2018 Tax Return Information Request. You can then set up a UserName and Password enabling you to transmit your data to us via IRIS OpenSpace (recommended) and we can upload the completion packs with an approval facility. We will continue to use e-mail for less sensitive correspondence.
What happens next
Please look out for the IRIS OpenSpace alerts with the Information Requests from us and act appropriately.
For those not prepared to adopt IRIS OpenSpace there are two options – you can either:
- instruct us to continue with e-mail confirming that you accept risk
- request us to revert to paper and the Royal Mail
Blythe & Co Website Privacy Statement
Who we are
Blythe & Co
ICAEW Firm Number: 7249913
Data Privacy Manager: Jonathan Blythe
Address: 206 Upper Richmond Road West, East Sheen, London, SW14 8AH
Phone: 020 8876 1097
How do we collect personal data from you via the web?
We obtain personal data from you when you use our website, when you contact us about our services or submit information directly to us via our website.
We will not collect any data from you, which is not required for the purposes for which it is used as set out below in the section entitled: How is your information used?
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.
When someone visits the Blythe & Co website we use a third-party service, Google Analytics, to collect standard Internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our website.
As part of our activities we collect personal information. We use that information to keep you informed of services provided by Blythe & Co and occasionally to check that our records are correct and up-to-date.
We use a third-party provider, Mail Chimp, to deliver our email communications and news updates. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our communications. For more information, please see Mail Chimps privacy notice here: https://mailchimp.com/legal/privacy/
You can unsubscribe from our communications at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing: email@example.com.
Types of data we collect via the website
The personal information we collect via the website might include your name, address, email address, IP address.
We do not collect any financial information or any special categories of personal data about you, this includes details about your race, ethnicity, religious or philosophical beliefs, political opinions, trade union membership, nor do we collect any information about criminal convictions and offences.
How is your information used?
We may use your information:
- To ensure that the content on the site is presented in the most efficient way for you and the computer that you are using
- To enable you to participate in interactive features of the site
- To provide you with information relating to our website, or activities that you request from us
- To notify you about any changes to our website, including improvements, and service or product changes
- To send you communications which you have requested and that may be of interest to you.
- For our internal purposes including statistical or survey purposes, quality control, site performance and evaluation in order to improve our website
- To administer this website
Your privacy is important to us and we confirm that we will never release your personal details to any third party for any reason.
Third Parties and Service Providers working on our behalf
Only Blythe & Co has access to your personal data that is submitted to us in order to carry out our professional services.
The only external parties that have access to our website related data is our Webmaster at Logical Events (https://logicalevents.co.uk) who is well known to us and is GDPR compliant.
Please be reassured that we will not release your information to third parties beyond Blythe & Co for them to use in any way.
Data security and access to your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to our webmaster who would only process your personal data on our instructions and he is subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any particular regulator of a breach where we are legally required to do so.
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org
You have the right to ask for a copy of the information Blythe & Co holds about you.
How long do we keep your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
Your legal rights and how to opt out
You have the right to:
- Request access to your personal data, this enables you to receive a copy of the personal data we hold about you and to check we are processing it lawfully.
- Request correction of the personal data we hold about you, this enables you to have any incomplete or inaccurate date we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
You have a choice about whether or not you wish to receive information from us. If you no longer want to receive communications from us, then you can completely unsubscribe in one of two ways:
- Click the ‘unsubscribe’ link at the bottom of all emails sent to you
- Email: email@example.com and we will process your request within 7 days
Links to other websites
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
It is important that the personal data we hold about is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We keep this Policy under regular review.