Privacy Notice
Introduction
We take the security and privacy of you and your personal data very seriously and we are committed to safeguarding your privacy and complying with data protection laws.
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data. We are required to explain to you what personal data we collect and what we do with it. We aim to keep this privacy statement concise and easy to understand.
Bauer & Cottrell is a data controller within the meaning of the GDPR and we process personal data. We are registered with the Information Commissioner Registration number: Z1005708
We may amend this privacy notice from time to time. If we do so, the latest copy will be available on our website or can be requested from our offices.
Our Website
Our website provides general information about the services we offer, including technical information about tax and NIC status, and IR35. You can also complete questionnaires and order forms on the site. Engaging our services means that you have completed an order form or instructed us via telephone, email, or in writing that you wish to engage us. This constitutes our contract with you.
When someone visits https://www.bauerandcottrell.co.uk/, we collect standard details of visitor behaviour patterns. This helps us find out things like the number of visitors to different parts of the site. We collect this information in a way that does not identify anyone personally. We do not attempt to identify visitors, and we do not associate any data gathered from this site with any personally identifying information from any source. If we do wish to collect personally identifiable information through our website, we will be transparent about this, clearly indicating what information we are collecting and how we intend to use it.
Our use of cookies
Cookies are small text files placed on your device by websites you visit. They are commonly used to make websites work more efficiently and to provide information to the site owners.
On our website, we use cookies to enable Google Analytics to function:
- _utma
- _utmb
- _utmc
- _utmz
These cookies collect information about how visitors use our site. We use the information to compile reports and help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come from, and the pages they visited.
Most web browsers allow you to control cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit All About Cookies.
To opt-out of being tracked by Google Analytics across all websites, visit Google’s Opt-Out Tool.
Information we may hold
We may hold details including your name, address, date of birth, tax and NI references, company numbers, business details, contracts, and Companies House information. Similar information may be provided to us by your accountant or advisor.
Anti-money laundering (“AML”)
We are required under AML regulations to confirm your identity and are supervised by HMRC for anti-money laundering purposes. We are required by law to keep this information confidential, but we may need to show the records we keep for AML purposes to the supervisor, and the National Crime Agency may seek access to these records.
Collection and use of personal data
We comply with UK Data Protection legislation when processing personal data about you. We may obtain, process, use, and disclose your personal data for purposes related to:
- The provision of professional services to you as our client.
- Compliance with relevant laws in force (e.g., AML legislation).
- Invoicing you for our services and maintaining our accounts.
We cannot provide the services you engage us to do without access to your personal data. If you do not provide the information that we request, we may not be able to offer our services.
How we collect and store information
We collect information electronically and on paper. Data is retained for as long as required by statute or regulation. Where possible, completed work is scanned, and paper copies are securely destroyed.
We store data via third-party applications (“the cloud”), including Microsoft, which assures us that they are secure and GDPR-compliant. We also store data on our accounting software, which is similarly secure and compliant.
All personal information is stored on secure servers, and all electronic transactions with us are encrypted. Our devices are password-protected and encrypted with BitLocker.
We take reasonable precautions to prevent the loss, misuse, or alteration of your personal information.
Sharing your personal data
We may share your personal data with:
- HMRC and HM Courts and Tribunal services during the course of an inquiry, investigation, or tax appeal if authorised by you, or in the case of a Schedule 36 FA 2008 Information Notice, as required by law.
- Any third parties with whom you require or permit us to correspond.
- Tax insurance providers, subcontractors, and professional indemnity insurers.
If the law allows or requires us to do so, we may share your personal data with:
- Police and law enforcement agencies.
- Courts and tribunals.
- The Information Commissioner’s Office (“ICO”).
We will only share data with third parties where necessary to comply with legal obligations or as authorized by you.
Transfers of personal data outside the EEA
Your personal data will be processed in the EEA only
Retention of personal data
When acting as a data controller, we retain records relating to you as follows:
- For ad-hoc work, we retain information for six years from the date the business relationship ceases.
- For ongoing client relationships, data is retained for six years after the end of the business relationship unless you request a longer retention period.
Your rights
Under the GDPR and DPA 2018, you have several rights regarding your personal data, including:
- Right of Access: You can request access to the personal data we hold about you. We will comply with such requests within one month, free of charge.
- Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You have the right to request that we erase your personal data, subject to certain legal exceptions.
- Right to Restrict Processing: You can ask us to restrict or stop processing your personal data in certain circumstances.
- Right to Data Portability: You have the right to receive the personal data we hold about you in a machine-readable format under certain conditions.
- Right to Object: You can object to the processing of your personal data in specific circumstances.
You can make these requests by contacting our offices.
Withdrawal of consent
Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Please note:
- Withdrawal of consent does not affect the lawfulness of earlier processing.
- If you withdraw your consent, we may not be able to continue providing services to you.
- Even if you withdraw consent, it may still be lawful for us to process your data on another legal basis (e.g., to comply with legal obligations).
Complaints
If you are dissatisfied with our response to a data-related request, or if you believe we have not complied with GDPR or DPA 2018, you can complain to our office. If you remain unsatisfied, you have the right to lodge a complaint with the ICO (www.ico.org.uk).