PURPOSE OF THIS NOTICE
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act [1998 OR 2018] and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Forrester Boyd & Forrester Boyd Robson Limited are accountancy firms and are based at the locations in the Contact Us section
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Forrester Boyd or Forrester Boyd Robson Limited is the Data Processor for you when we are processing payroll on your behalf
We have appointed a Head of Privacy. Our Head of Privacy is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact you can do so using the contact details noted at paragraph 12 (Contact Us), below
TYPES OF PERSONAL DATA PROCESSED
The types of personal data processed will vary depending on the data we require to process in order to deliver to you the requested service(s) and in accordance with our engagement terms with you. We may need to process both ‘personal data’ as defined in Article 4(1) GDPR and/or ‘special category personal data’ as defined in Article 9(1) GDPR.
CATEGORIES OF DATA SUBJECTS
Categories of data subjects will include you as the data subject and the data of any other data subjects you provide to us in connection with our delivery of the services. This may include the data of adults and children and be of but not limited to demographic, financial and/or health data.
If you are providing information and/or contact data for a 3rd party (for example your client, relative or spouse) we assume that you have their explicit consent to share this with us. They retain the right to access, correct or remove this information at any point.
LEGAL BASIS FOR DATA PROCESSING
As the Data Controller for the personal data we collect from you, we have identified a number of legal bases on which to carry out our processing activities. These are defined under GDPR as:
Contract entry and performance: In order to commence working with you as a client we are legally required to take certain steps, such as assuring ourselves of your identity. In order to do so we require some personal data from you. During the course of our engagement with you we require to continue processing personal data about you to enable us to deliver the service(s) to you.
Consent: By providing us with your personal data and asking us to deliver you with specific services you provide us with your permission to utilise your personal data for those purposes.
Our legitimate interests: We may also use your personal data on the basis of our own legitimate interests including in delivering, promoting and developing our services, assessing our performance and defence of claims. Activities promoting our services include marketing which you may opt-out of at any time. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by emailing our Head of Privacy at email@example.com
Legal obligations: certain statutory obligations apply to Forrester Boyd’s work which require us to process personal data and in some circumstances to provide it to third parties, such as law enforcement. Where such obligations arise we will, insofar as is possible without breaching any other duty we owe to those services, advise you of our intention to process your data for their purposes.
Should we require special category personal data from you we will ask for your permission to process those data. If you are not willing to provide us with certain data we may be unable to deliver some or all of our services and will make this clear to you.
We will process personal data for so long as you instruct us to do so and in accordance with our legal obligations. At the cessation of our services to you we will retain your data in accordance with our internal and statutory requirements.
Personal data we collect are managed in accordance with our Data Retention Policy which reflects current legal obligations. Retention periods for personal data vary.
USE OF SUB-PROCESSORS
As part of our service delivery it is may be necessary for us to use sub-processors.
Our IT is provided through our own IT team. Some solutions we utilise are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.
All sub-processors are bound by Forrester Boyd or Forrester Boyd Robson Limited to provide at least the same level of protection for your data as we do.
Most sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process. Unless we have otherwise expressly agreed conditions with them, sub-processors are prohibited from using your personal data for their own purposes.
Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
Which third-party service providers process my personal data?
“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, marketing services, paper based storage services
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.
TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
As part of the services offered to you, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing. Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
YOUR DATA SUBJECT RIGHTS
Where we act as a Data Controller for your data you may exercise a number of rights.
- Request access to the personal data we hold about you
- Ask us to correct any data which are inaccurate
- Request to have your personal data deleted
- Put in place restrictions on our processing of your data
- Ask us to transfer your data to another controller (data portability)
We will handle all exercise of your data subject rights in accordance with the requirements of GDPR and any national laws at the time of your request. Requests should be submitted in writing to our Head of Privacy (firstname.lastname@example.org).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Should we receive a request from you or one of your staff, clients, customer, contractors or prospects, to exercise data subject rights but we are only acting as a Data Processor, we will forward the request to you as Data Controller to process. Unless you explicitly instruct us not to we will advise the data subject that we have passed their request to you.
We ensure appropriate technological and organisational controls are in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Our personnel who have access to your personal data have been trained to maintain the confidentiality of such information. Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, sub processors and suppliers.
Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us and through our website are protected using encryption technologies to ensure they remain secure.
Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.
We may use customer personal data to provide you with details about our business updates, services and events which we think may be of interest.
You have the right to opt-out of receiving the information detailed in section 7.1 at any time. To opt-out of receiving such information you can:
click the unsubscribe button contained in any such communication received; or
email us email@example.com or call 01472 350601 providing us with your name, contact details and Client Code.
Targeted emails from us may include additional data privacy information as required by applicable privacy laws.
VISITORS TO OUR WEBSITES
We may collect and process personal data about you in the following circumstances:
when you complete the online contact forms on our website www.forrester-boyd.co.uk.co.uk providing us with your name, address, email address and contact number;
whenever you provide information to us when reporting a problem with our Site, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
when you visit our Sites we will retain details such as traffic data, location data, weblogs and other communication data, and the resources that you access (see section on Cookies below); and
whenever you disclose your information to us, or we collect information from you in any other way, through our Sites.
We may also collect data in the following ways:
We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We may use your personal data for our legitimate interests in order to:
Provide you with information, or services that you requested from us;
Respond to an enquiry submitted via our online contact forms;
Allow you to participate in interactive features of our Sites, when you choose to do so;
Ensure that content from our Sites are presented in the most effective manner for you and for your device;
Improve our Sites and services;
Process and deal with any complaints or enquiries made by you; and
Contact you for marketing purposes where you have signed up for these.
Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
CHANGES TO THIS STATEMENT
We recommend you check this statement on a regular basis to ensure you remain happy with the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our Head of Privacy – Andrew Spencer firstname.lastname@example.org or telephone Andrew Spencer on 01472 350601.
Alternatively write to us at one the locations below
|Forrester Boyd – Grimsby Office|
26 South Saint Marys Gate
|Forrester Boyd – Louth Office|
|Forrester Boyd – Scunthorpe Office|
66-68 Oswald Road
|Forrester Boyd – Skegness Office|
47 Algitha Road
|Forrester Boyd Robson Limited|
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745.
Website – https://ico.org.uk/concerns