Grosvenor House Practice follows the following principles when processing personal data, in line with our duty of confidentiality to you – all data will be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what serves the purpose
- Accurate and kept up to date (inaccurate data should be erased)
- Kept in an appropriate form which allows for identification of data subjects and is kept for no longer than is necessary
- Processed securely
Data and Data Sharing
The type of data we hold about you to provide your service include:
- Personal details – i.e. name, address, date of birth and contact information
- Details of services and correspondence
We will share your personal data with third parties where we are required to by law and where we need to, in order to provide you with your service – i.e. HMRC and Companies House.
Third parties include third party service providers – IT and cloud services, professional advisory services and administration services. All our third party service providers are only allowed to process your personal data in accordance with our instructions and for no other purpose.
Processing your Personal Data
Processing your data can be obtaining, recording, holding or doing anything else with data – i.e. organising, adapting, altering, using, disclosing or removing.
GDPR applies to controllers – a person who decides how and why personal data is processed (Grosvenor House Practice) and processors – a person acting on the controller’s behalf. Processors have to maintain data processing records, document under which lawful basis they process data and inform the data controller in the case of a breach.
Lawful Basis for Processing
Grosvenor House Practice must have a lawful basis for processing personal data.
- Legal Contract – Processing is necessary for us to have a contract with individuals – i.e. an engagement letter for specific accounting services
- Legal Obligation – Processing is necessary to comply with a legal obligation under EU laws or regulations we are subject to
- Legitimate Interests – The controller or processor have a legitimate interest to process data, except where such interests are overridden by the interests, right or freedoms of the data subject
- Consent – this must be freely given, informed and explicit rather than implied. Specific for the purpose for which it is given and separate from other terms. Consent should be clear, documented, unambiguous and verifiable and have an easy to use option to withdraw.
Your Rights (SARs)
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights re: automated decision making and profiling
You can exercise your rights at any time by contacting us using any of the contact details in our section Contact Us below
It is important that the personal data we hold about you is up to date and current. Should your personal information change, please notify us as soon as possible.
Any changes to this policy will be updated and publicised here on our website.
If you have any questions regarding this policy, please either email us on firstname.lastname@example.org or telephone us on 01666 503606.
Grosvenor House Practice does not have a Data Protection Officer. Our Director, Tim Brown will oversee data protection matters.
Grosvenor House Practice will always aim to resolve any complaint you might have regarding the handling of your personal data; however, you also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office,
Telephone – 0303 123 1113 (local rate) or 01625 545 745 (national rate)