Table of Contents
Cobbold & Company (Accountants) Ltd is committed to safeguarding your privacy.
This Privacy Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Notice from time to time, the date at the top of the notice indicates the last update.
This policy sets out the basis on which we, Cobbold & Company (Accountants) Ltd, will process any personal data we collect from you, or which you provide to us, in the course of using our website www.cobboldandcompany.co.uk, when you contact us or when you use our services.
Cobbold & Company (Accountants) Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us”, or “our” in this privacy notice).
Where we are providing a payroll service, we act as the data processor on behalf of the data controller.
There are many ways in which you can contact us, including by phone, email, and post. Our full contact details are:
Full name of legal entity: Cobbold & Company (Accountants) Ltd
Data Protection Manager: Neil Cobbold
Email address: firstname.lastname@example.org
Postal Address: 90a High Street, Hanham, Bristol, BS15 3EJ
Telephone Number: 0117 967 2504
We collect the following categories of information about you:
- Contact Details – including your name, email address, telephone number, address.
- Identity Data – including your date of birth, marital status, gender, Unique Tax Payer Reference, National Insurance Number, a copy of your driving licence, or other photographic identification.
- Customer Data – including information about any services your have purchased from us, notes of meetings, correspondence, and communications with you.
- Employment, income and financial data – including bank account details, payroll records, tax status information, investments.
- Marketing Data – including your preferences in receiving marketing from us and our third parties and your communication preferences.
- User Data – including information about how you use our website and any online services.
We may be unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we will make this clear to you.
In general, we will not process special category data about you unless it is necessary for performing the contract with you or complying with our legal obligations. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so or it is necessary to protect public interests. In circumstances where special category data is relevant to the advice and/or services that we provide, or is necessary for our legal obligations, we may process the following information about you:
- Information about health, including any medical conditions.
- Information about your nationality.
We may collect personal information (as set out in Section 1) when you:
- provide your information to us over the phone, via email, or via post;
- subscribe to our newsletter or to receive marketing communications;
- fill out the contact form on our website; or
- contact us via social media.
We also may receive your information:
- when you give permission to third parties to share it with us, such as banks, a legal representative, your cloud accounting software provider;
- from your employer or our clients;
- from HMRC (Her Majesty’s Revenue and Customs);
- where the information is publicly available, such as from companies house; and
We only process your personal data when we have a specific reason and a lawful basis to do so. The reasons we process your personal data are:
To deliver our service – when you enter into a contract for services with us, or where you wish to register an interest in doing so, we will use your personal information to enter into and fulfil our contractual relationship. When your employer or our clients enter into a contract for services with us, we may need to process your personal data where you are an employee, subcontractor, supplier or customer of our client. We will use your personal information to fulfil our contractual relationship with our client. Our lawful basis is for the performance of a contract.
Keeping Cobbold & Company running – the main purpose of Cobbold & Company (Accountants) Ltd is to provide accountancy and taxation services. To enable you to use the services we offer and to keep you updated on any services we feel may be of interest to you, we need to process your personal data. We also need to administer and audit out accounts. Our lawful basis is for our legitimate interests.
Improve our services – we process some personal information to ensure that content from our site is presented in the most effective manner for you and your computer/device. To be able to respond and act upon complaints made by or about you regarding our business, we need to process certain information. Our lawful basis is for consent and our legitimate interests.
To comply with our legal obligations – as an accountancy firm, we maintain our records in accordance with applicable legal and regulations. We are also required to process certain personal data prevent and detect fraud, such as copies of photographic identification. Our lawful basis is our legal obligations.
Contract – Processing your data is necessary for a contract that you or our client have with us, or because we have asked you to take specific steps before entering into that contract.
Consent – You have given us your consent to process your data for a specific purpose. Remember you can change your mind and withdraw your consent at any time. You can do this by emailing us at email@example.com. Note: under the Privacy and Electronic Communications Regulation (PECR), if you an individual or sole trader and have engaged with us previously (i.e., purchased services, or expressed an interest in purchasing our services) then we may send you relevant marketing information, unless you opted out of receiving it. All communication will contain an opt-out option. This regulation is not superseded by GDPR but works in tandem with it. For more information, please see What are PECR? | ICO
Legitimate Interest – Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities. When we process your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
The main purpose of Cobbold & Company (Accountants) Ltd is to provide accountancy and taxation services. We will process your personal data in respect of:
- Internal and external audit for financial or regulatory compliance purposes; and
- Statutory reporting.
- Contacting you about services we feel may interest you;
- Contact you about relevant news, article or blogs:
- Responding to enquires;
- Delivery of requested services or information;
- Communications designed to administer existing services including administration of financial transactions;
- Acknowledgement, thank you communications and receipts;
- Maintaining a database of clients and enquirers;
- Processing financial transactions and maintaining financial controls;
- Prevention of fraud misuse of services, or money laundering;
- Enforcement of legal claims; and
- Reporting criminal acts and compliance with law enforcement agencies.
We may disclose your personal information to the following third parties:
- Service providers acting as processors who provide IT and system administration services;
- Professional advisors acting as processors or joint controllers including bankers, insurance providers, external advisors, auditors, and lawyers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services;
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances;
- Third parties with whom you require or permit us to correspond, such as Xero, Quickbooks, Sage; and
- If we are required to do so by law, any applicable regulation or to protect the rights, property, or safety of ourselves or others. This may include disclosing to other companies and organisations in connection with fraud protection and credit risk reduction.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. Our purposes for sharing data are where it is necessary to administer the relationship between us, where we have your consent, where we are required to do so by law or where we have another legitimate interest in doing so.
Otherwise, then as set out in this privacy notice, we will only ever share your data with your informed consent. We will not share you information
We do not routinely transfer your data outside of the EU. However, with your consent, we do use;
We use of Google Analytics on our website, only with your consent. Google uses the information, including IP addresses and information from cookies, for a number of purposes, such as improving its Google Analytics service. Information is shared with Google on an aggregated and anonymised basis. To find out more about what information Google collects, how it uses this information and how to control the information sent to Google, please see the following page: How Google uses information from sites or apps that use our services – Privacy & Terms – Google
Cloud Accounting Software
With your consent, we will process your personal data using your cloud accounting software provider. Some of these providers have data centres based outside of the UK. We suggest that you familiarise yourself with the privacy information from your chosen provider.
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclose of, or access to your personal information. Your information is only accessible by appropriately trained staff and contracted associates, for the purposes outlined above. The security, confidentiality and integrity of your personal information is important to us and we make use of measures such as encryption, physical security, and access controls to protect data.
We do not knowingly process any data of any person under the age of 16. If we come to discover or have reason to believe that you are under 16, and we hold any of your personal data, we will delete that data within one month.
Where we provide links to other websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on other websites that you visit.
We use Facebook and Twitter. If you post on our social media pages or send us a private or direct message via these platforms, we will assume that you give us permission to respond. Messages posted on our social media pages are available publicly and we can’t take responsibility for those messages, which are subject to the privacy policies of the application provider and the specific privacy account settings of the user. If you choose to use these platforms, we suggest you familiarise yourself with their privacy information.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time.
You also have the following rights:
- right to be informed – you have the right to be told how your personal information will be used. This statement and other policy statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used;
- right of access – you can ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled see the information requested and we have successfully confirmed your identity, we have one calendar month to comply;
- right of erasure – under certain circumstances you can ask us for your personal information to be deleted from our records;
- right of rectification – if you believe our records of your personal information are inaccurate you have the right to ask for those records to be updated;
- right to restrict processing – you have the right to ask for processing of your data to be restricted if there is disagreement about its accuracy or legitimate usage; and
- the right to data portability – where we are processing your personal information with your consent, because such processing is necessary for the performance of a contract (or enable us to take steps, at your request, prior to entering into a contract) AND that processing is taking place by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please contact us using the contact details below. Where we consider that the information provided does not enable us to identify the personal information in question, we may ask for personal identification and/or further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – Individual rights | ICO – or please contact us using the details above.
The data we collect from you is the minimum we require to facilitate the lawful processing described in this notice. Personal data is held for only as long as is required for the purpose we collected it or for our legitimate interest purposes. We will retain all our records in relation to you for 7 years after the business relationship has ended, or for financial information such as tax returns, for 7 years following the end of the tax year. If you have not entered into a business relationship with us, we will retain your information for 3 years following the last contact we had with you. However, if before that date:
- your personal information is no longer required in connection with such purpose(s);
- we are no longer lawfully entitled to process it; or
- you validly exercise your right of erasure;
then we will remove it from our records as soon as is practicable.
Should you ask us to stop sending your direct marketing or other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
If you feel that after contacting us, that we are not acting appropriately with respect to our data privacy, you have the right to contact the governing body. In the UK this is the ICO, the Information Commissioner’s Office, their web pages for handling issues are at:
Or by post, telephone or email:
Information Commissioner’s Office
Telephone: 0303 123 1113