Data Protection & Privacy

Privacy Notice

This is the Privacy Notice for Hames Partnership Limited. In this document “we”, “our” or “us” refers to Hames Partnership Limited.

Our Company number is 4775405 and we are registered in the United Kingdom.

This is a notice to inform you of our policy regarding the information we record about you. It sets out the conditions under which we may process any personal information that we collect from you, or that you provide to us.

At Hames Partnership Limited we are committed to protecting and respecting your privacy. We take this responsibility very seriously.

We will only use your personal information to deliver the services you have requested from us, and to meet our legal responsibilities.

This Privacy Notice explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Our Policy complies with UK Law, accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR). We are required to inform you of your rights and our obligations to you in regard to the processing and control of your personal data.

How do we collect information about you?

We obtain personal information about you when you engage us to deliver our services and/or when you contact us via letter, telephone, email, our website or Facebook.

What type of information do we collect about you?

The personal information we collect from you will vary depending on what services you engage us to deliver.

The personal information we collect might include but is not limited to, your name, postal address, landline phone number, mobile phone number, email address and IP address, date of birth, National Insurance number, UTR number, copy of passport/driving licence, copy of proof of address, spouse details such as name, address, date of birth and date of marriage.

For limited companies, we also may hold your Statutory Records as part of the service we offer, which may include details of directors, shareholders, company secretary, annual returns, articles of association, company registration number, authorisation code and Certificate of Incorporation.

If we prepare your year-end accounts, we may hold details from your bank accounts, loans, PAYE, VAT and CIS, if they are relevant to your business.

If we prepare your quarterly VAT returns, we may also hold your government gateway login details if you have your own.

If we prepare your personal Self-Assessment Tax Returns we may hold details such as PAYE and pension details, savings and investment accounts, dividends, foreign income, student loans and income from property. 

If we process your payroll, we may hold details such as tax codes, salary details, pay rates, pension contributions and statutory sickness/maternity/paternity/adoption/shared parental details.

When you contact us, whether by telephone, through our website or by email, we collect the data you have given to us in order to reply with the information you need. We keep personally identifiable information associated with your message, so we are able to track our communications with you to provide a quality service.

How is your information used?

We use and share information because we have a duty to prevent fraud and money laundering, to manage our risk and protect our business and to comply with the laws that apply to us. 

In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:

• to provide you with the accountancy and management consultancy services you require;
• process your financial transactions;
• contact you by post, email or telephone;
• contact you with marketing material via our E-news accountancy emails;
• verify your identity;
• understand your needs and how they may be met;
• maintain our records in accordance with applicable legal and regulatory obligations;
• prevent and detect crime, fraud or corruption. 

Through certain actions when otherwise there is no contractual relationship between us, such as when you telephone, write, emails or complete our online contact form on our website to which you would reasonably expect us to reply, you consent for us to process information that may be personal to you.

We may process information on the basis that there is a legitimate interest either to you or to us, of doing so. Where we process your information on this basis, we do so after giving careful consideration to: 

• whether the same objectives could be achieved through other means;
• whether processing (or not processing) would cause you any issues;
• whether you would expect us to process your data and whether you would consider it reasonable to do so.

How long is your information kept?

We keep your personal information only for as long as required by us:

• to provide you with the services you have requested
• to comply with the law, including for the period demanded by our accountancy body and tax authorities

We don’t keep your information for longer than we need to, which is typically a minimum of six years (depending on the nature of the data) after your relationship with us ends, unless we are required to keep it longer.

Who has access to your information? 

Any employee at Hames Partnership Limited with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow by our accounting body, CIMA.

We will not share your information with third parties for marketing purposes.

We will not sell or rent your information to third parties. 

What about third-party service providers?

We may, on occasion, be requested to give your information to third parties but we will always seek confirmation with you before sharing any information. 

However, when we use our third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.

Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.

Third party websites – If requested, we permit a reputable third-party organisation access to your information in order to provide you with a free newswire service. To request this service, you will be asked to provide your first name, last name and email address only. You may have linked to our website from another website and/or our website may feature links to third party websites. Please, therefore, note that whilst we endeavour to only associate ourselves with responsible businesses, we cannot be responsible or liable for the privacy notices and practices of other websites.

Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people. Examples include:

• posting a message in a forum
• tagging an image
• clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks

In posting personal information, it is your responsibility to satisfy yourself about the privacy level of every person who might use it.

We do not specifically use this information except to allow it to be displayed or shared. We do store it and reserve the right to use it in the future. 

Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.

We do not moderate or control what is posted.

Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal information that you have posted. You can make a request using the contact information at the end of this Privacy Notice. 

If you complain about any of the content, we shall investigate your complaint. If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate. Free speech is a fundamental right, so we must make a judgement regarding any alleged offending content. If we feel your complaint has no basis, we shall not correspond with you about it and the matter will be closed.

What security precautions are in place to protect the loss, misuse or alteration of your information?

Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Hard copy reports are stored in individual client folders which are kept in a lockable filing cabinet in a secure, alarmed building which requires access through several keypad doors to gain entry.

Our server is contained in a secure locked cage at all times. Access is restricted to the server and is mainly accessed by our external IT Support provider.

Staff mobile phones may contain phone numbers and emails. We ensure all phones are password protected to the highest standard and are only accessible by the member of staff who holds it.

Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

How do we dispose of your information?

Due to the nature of our business, we hold personal information on all our clients, so we ensure that it is disposed of correctly. We use a professional confidential waste company to dispose of all confidential paper records.

What rights do you have to access your personal information?

Under the General Data Protection Regulation, you have the right to ask for a copy of the personal information Hames Partnership Limited holds on you.

We will provide this information to you free of charge within one month of receipt of the request. We can extend the period of compliance by a further two months where requests are complex or numerous, but we must inform you why the extension is necessary. A charge may apply to complicated requests.

If you require a copy of this, please contact us using the contact details at the end of this Privacy Notice.

When we receive any request to access personal information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

What rights do you have to correct your personal information? 

Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. Under the General Data Protection Regulation, you have the right to ask us to correct any personal information about you that you believe does not meet these standards.

If any of your information changes, please contact us using the contact details at the end of this Privacy Notice.

When we receive any request to correct personal information we shall first take reasonable steps to verify your identity before taking any action. This is important to safeguard your information. 

What rights do you have to ask for your personal information to be deleted.

Under the General Data Protection Regulation, you have the right to ask us to delete personal information about you where:

• you consider that we no longer require the information for the purposes for which it was obtained
• you have validly objected to our use of your personal information – see ‘Objecting to how we may use your information’ below
• our use of your personal information is contrary to law or our other legal obligations

However, please note that we are required by legislation, our accounting body, other regulatory bodies and our insurers to retain your information for a period of time. Please refer to the section “How long is your information kept?” for details of retention periods.

If you require any of your information to be deleted, please contact us using the contact details at the end of this Privacy Notice.

When we receive any request to delete personal information we shall first take reasonable steps to verify your identity before taking any action. This is important to safeguard your information.

You do not wish to receive alerts on changes in legal and regulatory requirements or developments. 

We may occasionally contact you by post, email or telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us using the contact details at the end of this Privacy Notice.

What to do if you wish to complain?

Under the General Data Protection Regulation, you have the right to object or complain about how we use your personal information. If you wish to raise a complain on how we have handled your personal data or you feel there has been a data breach, you can contact us to have the matter investigated. In the first instance please contact us using the contact details at the end of this Privacy Notice.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office. Contact details can be found at the end of this Privacy Notice.

During any investigation, if your complaint reasonably requires us to contact another person or organisation (which may be a third-party), we may decide to give that other person or organisation some of the information contained in your complaint.

Changes to our Privacy Notice 

We keep this Privacy Notice under regular review and will place any updates on http://www.hamespartnership.co.uk. Paper copies of the Privacy Notice may also be obtained by request from our office, please see contact information below.

This privacy notice was last updated in May 2018.