1. How we process personal data
For people who contact us through our website
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal date will become part of your file with us. If you do not become a client, we will delete your personal data 12 months after your last contact with us.
For people whose information we received from one of our clients
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of a minimum of 7 years because we believe we have a legal responsibility to retain it for this period.
2. Whom we share data with
We share your personal data with our IT service providers, including [our SaaS accounting software provider] and [our cloud data storage provider]. These providers are not permitted to use this data, except on our behalf. We may share your personal data with advisors who are subject to rules of confidentiality. We may also be obliged to provide access to your personal data to regulators, including our professional body.
If we received your personal data from one of our clients, then we also share your personal data with that client.
We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.
3. Transfers of data outside the European Economic Area
From time to time we may transfer data to service providers located outside the EU. The safeguard we have put in place for all such transfers is to enter into European Commission approved standard contractual clauses with the relevant provider.
4. Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
5. Your rights
You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:
• Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
• Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
•Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.
In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at email@example.com or by post at Main Street Virginia Co. Cavan, Ireland. You also have the right to lodge a complaint with the Data Protection Commission, whose contact details are as follows:
Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.