What Personal Data do we collect and why?

Purpose

We collect only the information we need in order to fulfil the professional service you have engaged us to provide.  Examples of other purposes in which we may process personal data are as follows:

  • To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
  • To comply with professional obligations to which we are subject as a member of the Institute of Chartered Accountants in England and Wales.
  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.

 

Legal bases

Our intended processing of personal data has the following legal bases:

  • At the time you instructed us to act, you gave consent to our processing your personal data for the purposes listed above.
  • The processing is necessary for the performance of our contract with you.
  • The processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2017).
  • The processing is necessary for the purposes of legitimate interests which we pursue.

 

Personal data

Examples of information that we collect are:

  • Your contact details
  • Your identity documents to meet the requirements of MLR
  • Our correspondence and communications with you

Any information we request will be limited to the requirements dictated by this service, and processed to fulfil our contract with you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this policy, where we are legally required or permitted to do so.

 

Special Category Data

Some of the information we request is classed as special category data, meaning that this data needs to be handled with extra care.  Examples of special category data which we may hold if relevant, include but are not limited to:

  • Race or ethnic group
  • Health records for benefit purposes
  • Religious or philosophical beliefs

This is most likely to apply to our Payroll, Personal Tax, and HR clients.

 

Will we share your personal data?

There are times when we may share your personal data. This will be to fulfil a business service or as part of a legal or regulatory obligation.

We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to Alliott Group member firms, and reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

 

How long do we retain your information?

We retain personal data that is relevant, accurate, up-to-date, and necessary for regulatory and legal requirements, alongside our service provision to you.

We will only keep your data for as long as we need to.  In making this decision we will consider:

  • The purposes for which we originally collected the personal data
  • Any statutory or legal obligations

The table below outlines the Alliotts internal retention policies for our clients by service line.

 

Service Line

Retention period

Action at end of period

Accounts and Outsourcing

Six years plus current

Secure destruction

Audit

Six years plus current

Secure destruction

Corporate tax

Six years plus current

Secure destruction

Personal Tax

Six years plus current

Information relating to gifts, chargeable assets, capital relief and others as applicable will be retained permanently and reviewed annually

Secure destruction

Retained until client disengagement and information returned to client.

Payroll

Six years plus current

Secure destruction

Probate

Duration of client engagement

Return to client or secure destruction – action to be taken according to written instruction from the client.

Company Secretarial

Retained for the duration of client engagement

Cosec records returned to client or sent to new accountant


Data Security

We have put appropriate security measures in place to prevent your personal data being lost, accessed by or disclosed to unauthorised parties.  Access to personal data is limited to those employees, agents, contractors and third parties who require this data in order to fulfil our contract with you.  A strict hierarchy of networked drives exist to ensure staff and partners only have access to content which is relevant to the performance of their jobs.

Alliotts staff are contractually obliged to adhere to data security policies which include email encryption, secure portals for the transfer of data between Alliotts and clients, and minimal paper records to ensure data is maintained in the secure IT environment in which Alliotts operates. 

We are committed to ensuring all staff are up-to-date with the latest data protection legislation.  Mandatory training will be provided when major updates to legislation take place, with refresher courses offered at regular intervals to ensure all Alliotts employees and partners continue to use best practice when handling personal data.

We have robust procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

Chris Mantel
Chris Mantel
Beth Lyle
Beth Lyle