Oasis Accountants - Privacy Notice for Clients
Who we are:
We are Oasis Accountants Limited Building 3, Chiswick Park 566 Chiswick High Rd London United Kingdom W4 5YA Company Registration No 08359050 Registered in England and Wales
Our contact details:
If you have any questions about this Privacy Notice, please contact:
Mr. Prashant Yadav
1. Privacy laws
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.
2. The capacities in which we process data
In providing you with our services, we may act both as
- a) A controller of personal data (as defined by Article 4(7) GDPR) with respect to any processing for which we determine the purpose and means. This includes data that we obtain from you in order to facilitate the administration of our business relationship and the fulfilment of our contract with you, and;
- b) A processor of personal data (as defined Article 4(8) GDPR) with respect to the processing of data you share with us in order to fulfil a purpose determined by you.
3. The purposes of this privacy notice are;
- a)To inform you about our processing of your data as a controller, in accordance with the ‘transparency’ requirement of Article 13 GDPR.
- b)To establish the legal basis and other stipulations upon which we process data as a processor under 2(b) in accordance with Article 28 GDPR (see Appendix A).
(NB: All of the following sections of this privacy notice, except Appendix A, relating to our processing of your data in this capacity), and;
4. The types of personal data we collect
The personal data we use may include, but is not limited to:
- Your name, address and contact details, including email address and home and mobile telephone numbers
- Identification data, including passport & driving licence
- Financial data including bank account and payment card details
- Date of birth and gender
- Family & beneficiary details for insurance, estate and pension planning services
- Financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records)
- Calendar data and other details of your activities and whereabouts
- Personal preferences and requests
- The terms and conditions of your contract with us for the provision of our services.
We may also collect Special Category Personal Data
- Personal identification documents that may reveal race, religion or ethnic origin
- biometric data of private individuals, beneficial owners of corporate entities, or applicants
- Expense receipts submitted for individual tax or accounting purposes that reveal affiliations with trade unions or political opinions
- Adverse information about potential or existing clients that may reveal criminal convictions or offences information, or
- Information provided to us by our clients in the course of a professional engagement.
5. How we collect the personal data
Data might be collected through:
- Electronic, written or verbal correspondence with you
- Meetings in person, or
- Indirectly from sources such as public registers
6. Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide services to you.
7. What we use your personal the data for
Provision of professional services
- To provide you with accounting, wealth management or estate planning services at your request
- As necessary to support the contract with you and to allow us to receive full payment for those services
- As necessary for our own legitimate interests or those of other persons and organisations, subject to your rights and freedoms as a data subject
- For good governance, accounting, and managing and auditing our and business operations both internally and by third parties
- For surveys of client experience and quality of our services
- To monitor emails, calls, other communications
- For market research, other surveys and analysis and developing statistics for improving business performance.
To comply with a legal obligation
- When you exercise your rights under data protection law
- For the establishment and defence of legal rights
- For activities relating to the prevention, detection and investigation of crime
- To investigate complaints, legal claims and data protection incidents.
8. The legal basis for processing
In providing you with professional services, we will process your personal data under Article 6 (1)(b) of the General Data Protection Regulations, on the legal basis that processing is necessary for the performance of a contract for the provision of our services, or in order to take steps at your request prior to entering into a contract, or in order to fulfil your instructions during the execution of that contract.
In addition, we may process your personal data on the following legal bases
- Consent: where you give your consent for the processing – Article 6 (1)(a)
- Legal obligation: the processing is necessary for compliance with a legal obligation - Article 6 (1)(c)
- Vital interests: the processing is necessary to protect someone’s life - Article 6 (1) (d)
- Public interest: the processing is necessary to perform a task in the public interest - Article 6(1)(e)
- Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party - Article 6 (1) (f). In such cases, the legitimate interest of the processor will be balanced against the rights and freedoms of the data subject to ensure no detriment is caused to the latter.
Where we process special category data, we do so on the basis of your consent - Article 9(2)(a)
In addition, we may process your special category data on the following legal bases
- Vital interests of the Data Subject - Article 9 (2) (c)
- Substantial public interest – Article 9 (2) (g)
- Public interest in the area of public health such as protecting against serious cross border threats to health - Article 9 (2) (i)
9. Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with
- Subsidiary companies within the Oasis Accounting group
- Other organisations necessary for the provision of our services and who require your data in order to meet that requirement
- Our legal and other professional advisors
- Fraud prevention agencies, credit reference agencies, and debt collection agencies
- Government bodies and agencies in the UK and overseas (e.g. HMRC) who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office
- Courts, to comply with legal requirements, and for the administration of justice
- In an emergency or to otherwise protect your vital interests
- To protect the security or integrity of our business operations and other clients
- Payment systems and providers and
- Anyone another party where we have your consent or as required by law
10. Transfer of personal data
In order to facilitate our provision of professional services, we may employ the services of professionals in other countries. Where such processors are located in a country outside the European Union (a ‘third country’) that has not been declared as having an adequate data protection status, the transfer will be subject to a legal instrument providing appropriate safeguards in accordance with Article 46 GDPR.
11. How long do we keep your data?
We will take steps to erase payment data held by us as soon as it is no longer required. Data relating to taxation will be kept for five years from the end of the tax year to which the data relates. Other information will be kept for a maximum period of five years from the date of the termination of our professional relationship or from the last date on which we provide services to you whichever is the earlier, but may be held for longer periods where any of the following apply
- Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have
- Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us and
- Retention in accordance with legal and regulatory requirements.
12. Your rights under the applicable data protection law
Your rights are, where applicable:
- The right to be informed about the processing of your personal data
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
- The right to object to the processing of your personal data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the "right to be forgotten”)
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data ("data portability") and
- Rights in relation to automated decision-making including profiling
You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
13. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.
You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Stipulations for acting in the capacity of a data processor
The data we process under 2(b) above will consist of data provided to us by you as its controller, in order that we may carry out processes specified by you. Where such data relates to other data subjects (your employees , contractors, clients or others) we will process it on the understanding of your compliance with the provisions of the GDPR and, in particular, that
- You have met the transparency requirements of Article 13 GDPR in respect of informing those data subjects about your sharing of their data with us and our processing of it, and
- You have established and documented legal bases for the processing of their data and, in particular, any special category data. Where such legal bases include the consent of the data subject, you have obtained, and documented, informed and freely given consent.
In acting as a data processor on your instructions, we confirm that we shall respect the privacy rights and freedoms of those data subjects whose data you share with us. In particular, and in accordance with the requirements of Article 28 GDPR, we shall
- Only act on your documented instructions, unless required by law to act without such instructions or it is in the vital interests of the data subject to do so
- Ensure that people processing the data are subject to a duty of confidence
- Take appropriate measures to ensure the security of processing
- Only engage a sub-processor with your prior authorisation and under a written contract that contains all of the technical and organisational measures necessary to ensure compliance with these stipulations and any other GDPR requirement relevant in the circumstances
- Take appropriate measures to assist you to respond to requests from individuals to exercise their rights under GDPR
- Taking into account the nature of processing and the information available, assist you in meeting GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
- Delete or return all personal data to you (at your choice) at the end of the contract, unless the law requires its storage; and
- Submit to audits and inspections.