Client Privacy Statement
Who we are
This is the privacy statement of Stevenson and Kyles, Chartered Accountants and Stevenson and Kyles (Services) Limited, hereafter referred to jointly as Stevenson and Kyles. We are an accountancy firm operating from 25 Sandyford Place, Glasgow, G3 7NG. Stevenson and Kyles operate in the fields of accountancy, auditing, bookkeeping, financial planning, insolvency, payroll services and taxation and as such routinely process the personal data of our clients. In the terms under the relevant data protection legislation we operate both as a data controller and data processor.
This privacy statement explains how we collect and use personal information about you.
What personal information we collect
Our policy is to collect only the personal data relevant to the tasks for which we are engaged by our clients. This data is often sensitive in nature and we take the utmost care in ensuring all necessary security measures are in place for protecting this data. These measures include physical and electronic protection against unauthorised access or use of our clients’ data.
Examples of the data we may require to collect and retain include (but are not limited to):
- Personal details such as name, contact details, date of birth
- Details of correspondence between ourselves and our clients
- Details and history of any work we have carried out for our clients
- The submissions to the various authorities we have made on our clients’ behalf
- Information collected from other sources relating to our clients
Where we collect personal information from
The majority of the data handled by Stevenson and Kyles is collected directly from our clients or internally generated. We will also, when required, collect data from public sources such as Companies House and, when necessary and with our clients’ express consent, from the tax authorities. All data we hold, regardless of the source, is held under the same security precautions.
How we use your personal information
We may process your personal data for purposes necessary for the performance of our contract with you, or your employer, or our clients and to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
Please note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data.
Who we share your personal information with
For the purposes of data protection, there is no separation between Stevenson & Kyles and Stevenson and Kyles (Services) Limited and data held by one entity may be shared with the other.
We will only share your personal data with a third party where we have received your instruction to do so, either under our contractual obligations to you or by your express consent, or where we are legally required or permitted to do so.
From time to time our third party service providers (for example our IT support) may be in a position to access your data. All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
If you do not provide your personal information
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
How long we retain your personal information for
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the services provided;
- Any statutory or legal obligations;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Holding personal information outside the EEA
We may transfer the personal data we collect about you to the USA which is outside of the EEA in order to perform our contract with you. This may happen if you use Cloud software, or we choose to do so in performing our contract with you. This is due to some Cloud software providers holding their servers in the USA.
There is an adequacy decision, made by the European Commission, in relation to the USA which entities can adopt in order that they are deemed to provide an adequate level of protection for your personal information for the purpose of the Data Protection Legislation.
Where relevant, we have obtained written confirmation from the software providers, that they have in place equivalent security measures to those applicable in the EU and have ensured that our contract with the software providers contain E.U. model data protection clauses.
Should you require further information about this please contact us using the contact details outlined below.
Using our website
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained.
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information
- You have validly objected to our use of your personal information – see Objecting to how we may use your information
- Our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by request from our office.
This privacy statement was last updated on 23 May 2018
Contact information and further advice
If you have any questions regarding this notice or if you would like to speak to us regarding your personal data, please telephone (0141 248 3856) or email our Data Protection point of contacts Leon Marshall () or Douglas Marshall ()
Alternatively, any questions or requests may be made in writing to the above individuals at:
Stevenson & Kyles
25 Sandyford Place
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns