CLIENT DATA PRIVACY NOTICE – GDPR COMPLIANT
Data Processor – Numerii Ltd
Numerii Ltd (Numerii) collects and processes personal data relating to clients to manage their accounting matters. Numerii is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does Numerii collect and process?
Numerii collects and processes a range of information from clients, some of which contains personal information about the business owners, the directors, the partners and their employees (where applicable). This includes:
- name, address and contact details, including email address and telephone number, date of birth and gender;
- the terms and conditions of our services;
- employee details so that we may process their payroll information;
- information about remuneration, including entitlement to benefits such as pensions or insurance cover;
- details of bank accounts and national insurance number;
- information about marital status, next of kin and dependants;
Numerii may collect this information in a variety of ways. For example, data might be provided by email, Dropbox, Google Drive, physical paperwork and, occasionally, by telephone; or through face to face meetings.
In some cases, Numerii may collect personal data about you or your business from third parties, such as information from employees, accountants, your clients and your suppliers.
Data will be stored in your client file in Numerii’s data management folders which are password protected and backed up on a daily basis.
Why does Numerii process personal data?
Numerii needs to process data to prepare accounting information for its clients and to meet its obligations under its terms & conditions of engagement. For example, it needs to process personal data to provide a payroll or personal tax service.
Numerii needs to process data to ensure that it is complying with legal obligations. For example, it is required to check a client’s personal data to accurately prepare tax information for an annual self assessment tax return.
Numerii has a legitimate interest in processing personal data before, during and after the end of the client relationship. Processing client data allows Numerii to:
- maintain accurate and up-to-date financial accounts for clients;
- prepare management information for clients;
- submit statutory accounts and tax returns as required under HMRC regulations;
- run payroll for clients;
- ensure effective business administration.
Some special categories of personal data, such as information about age or medical conditions, is processed to carry out employment and tax law obligations (such as those in relation to pension and tax).
Who has access to data?
Your information may be shared internally with your Account Manager, the Accounts or Payroll Team and IT staff if access to the data is necessary for performance of their roles.
Numerii shares your data with third parties such as accountants, banks or insurers. In those circumstances the data will be subject to confidentiality arrangements. Numerii will only share your data with your explicit consent and instruction.
How does Numerii protect data?
Numerii takes the security of your data seriously. Numerii has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Physical files before scanning are kept under lock and key, scanned files and all other information is kept digitally on a password protected data server.
Data will be provided using a secure server to which you will be given password protected access or via password protected emails.
Where Numerii engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does Numerii keep data?
Numerii will hold your personal and business data for the duration of its engagement and for the period required under current legislation once your engagement ceases.
As a Controller, you have a number of rights. You can:
- obtain a copy of your data on request;
- require Numerii to change incorrect or incomplete data;
- require Numerii to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- request that Numerii assists you in respect of your obligations under GDPR.
If you would like to exercise any of these rights, please contact the Director.
If you believe that Numerii has not complied with your data protection rights, you can complain to the Information Commissioner.
As a Controller, it is your responsibility to obtain consent from your employees for us to process their personal data.
What if you do not provide personal data?
You have some obligations under accounting and tax regulations to provide Numerii with data. In particular, you are required to provide Numerii with specifically requested personal data in order that Numerii may process your financial information in accordance with tax law.
Certain information, such as contact details and family information have to be provided to enable Numerii to enter into an engagement with you. If you do not provide the information, this will hinder Numerii’s ability to administer the rights and obligations arising as a result of the engagement relationship efficiently.