PRIVACY | 14/10/18

Accounting Solutions for Charities (ASC), as a provider of outsourced accounting and financial management services, deal with personal information daily. We do this both as

A data controller with our own clients, staff and suppliers;
A joint data controller, handling data on behalf of our clients.

This policy is addressed to anyone and everyone we hold data on, referred to as “you” below and in legal terms our “data subjects”. It tells you about us, the information we collect about you, why and how we use your data, and about the rights you have over your data.

Who we are

We are Accounting Solutions 2020 Ltd, a private limited company registered in England, company registration number 12108489. Our address is 23 Cadogan Gardens, London, N3 2HN. You can contact us by post at the above address, or by email at dataprotection@charity-accounts.org.uk.

The personal data we collect

As a data controller in our own right we collect personal data for people we do business with, both suppliers and customers, for our own staff and also for people applying for employment with our company. As a joint data controller with our clients we also collect personal data about their suppliers, customers and employees. This may include;

· Name, address and contact details including email address and phone number

· Bank account details

· Details of remuneration package

· National insurance number and date of birth

· Address verification ID required for anti-money laundering legislation

· Details of qualifications, skills experience and employment history

· Information about entitlement to work in the UK

How we use this data

ASC will use personal data for specific limited purposes.

1. Service delivery

Our accounting and financial management services require us to collect and process some personal data as part of our service delivery. This may include

· A range of personal details required to process payroll

· Bank account details required to process payments

· Employee salary details required to produce budgets, financial reports and statutory accounts.

· Contact details in order for us to communicate with you

2. Contractual obligations

For example we need to hold bank account details of employees and suppliers so that we can pay salaries, fees and invoices.

3. Legal obligations

Sometimes we need to collect personal data to meet specific legal obligations. For example

· As an employer we are obliged to provide certain information to HMRC

· Anti-money laundering legislation may require us to verify the identity of our suppliers and customers

· As a potential employer we are obliged to ensure that anyone applying for a job with ASC has the right to work in the UK before offering them a contract of employment

When you enter into a contract with ASC, you agree that we may collect, hold and use your personal information and for clients the personal information of your own data subjects in the way described in this policy. ASC will not use this data for any purpose other than that described in this policy, unless we have your express permission or instruction to do so.

Personal data provided to ASC by our clients

As a provider of outsourced accounting and financial management services as part of our service delivery we are required to collect and process information from our clients about their own data subjects. This makes ASC and our clients joint data controllers. In these instances we will ensure that service contracts define as clearly as practicable the personal data involved and the uses to which we will put it.

Our clients retain full responsibility, as joint data controller, to comply fully with GDPR in relation to this data, including:

· Ensuring that the individuals concerned are aware that their personal information is being collected and for what purpose, who the intended recipients of the information are and of their right to obtain access to that information.

· Ensuring that you are authorised to disclose such information to us and for it to be processed by ASC in the manner requested.

· Ensuring that your own systems and processes in relation to such data are GDPR compliant.

Our responsibilities

When acting as a data controller ASC will establish processes and procedures that keep the data secure and we will not share it with any other third parties, nor use it for any purposes other than those described in this policy.

We will work with clients with whom we have joint data controller responsibilities to support any GDPR compliance requirements. We will advise our clients of areas that we become aware of within their own processing, that in our opinion compromise GDPR compliance.

We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We use trusted third-party service providers for the processing and storage of personal information, including Dropbox, Xero, and online bank payment systems. These all have their own privacy policies to be compliant with GDPR and data transfer protocols. Some of these providers store data outside of the EU, mainly in the United States. While we carefully select our third-party service providers, ASC is not responsible for the privacy policies or practices of any third party.

In the unlikely event that a breach of data privacy occurs, we will let you know you as soon as we become aware.

Sharing your data

ASC will only use your personal information for the intended purpose and service delivery. It might be necessary to share this information with carefully selected third parties where they facilitate this service delivery (eg a payroll bureau), but we will only do so in cases where this is required, sharing will be limited to that purpose, and we will ensure that GDPR compliant safeguards are in place.

ASC will never otherwise share your information with a third party, unless we have your express consent or are legally required to do so for example when reporting payroll information to HMRC. Where that disclosure is required, we will inform you, unless we are prevented from doing so by law.

Data Retention

Any personal information we hold, will only be kept for as long as it is required to provide the relevant service.

Where appropriate in cases where we are acting as a joint data controller with a client, the data will be moved so that it is only on the client’s own systems. It will then be the responsibility of the client to manage that data in accordance with GDPR.

In some cases, we have a legal obligation to keep your information for a specified amount of time, which might be longer than the intended purpose (e.g. due diligence information required to comply with laws relating to money laundering, the required period for retention of financial records).

Your rights

If you become aware of any inaccuracy in the personal data that we hold about you, you should inform us and we will correct it appropriately.

You have the right to request access to the information that we hold about you, and to request updates to such information. Any such requests should be submitted

· By e-mail to dataprotection@charity-accounts.org.uk.

· By letter to The Data Protection Officer, Accounting Solutions 2020 Ltd, 23 Cadogan Gardens, London, N3 2HN.

Unless we are legally prohibited from providing this information, we will process your request as soon as is practicable, and within 30 days of receiving your request. If for any reason this is not possible, we will let you know why.

Complaints

If you have a complaint about how your personal information is handled, we want to sort it out. Please provide full details of the complaint

· By e-mail to dataprotection@charity-accounts.org.uk.

· By letter to The Data Protection Officer, Accounting Solutions 2020 Ltd, 23 Cadogan Gardens, London, N3 2HN.

Changing this policy

In order to keep you as up to date as possible about the use of your data and ensure we comply with changing legal requirements we may need to change this policy from time to time. Such changes will become effective when posted to our website (www.charity-accounts.org.uk). We will make a reasonable effort to communicate any significant changes via email, but your continued use of our services will be deemed as your acceptance and agreement to our policy, so we advise you to regularly read this policy so that you are aware of any changes.

Contact us