PCLG, Chartered Accountants (“we” / “us” / “our”) take the privacy of our clients, prospective clients and website users very seriously and take appropriate measures to protect your privacy.
Personal data is any information relating to an identified or identifiable natural person, and can include, but is not limited to Biographical information or current living situation (including dates of birth, Tax Identification Numbers, phone numbers and email addresses), Workplace data and information about education (including salary, job title and tax information), and private and subjective data (including religion, political opinions and geo-tracking data).
PCLG, Chartered Accountants is a Data Controller and Data Processor, and holds personal data for various purposes. For each purpose the means of collection, lawful basis of processing, disclosure, and retention periods may differ.
In accordance with the Data Protection Act 1998 we are registered with the Information Commissioner’s Office (ICO). Please visit www.ico.org.uk for more information.
Basis for holding personal information
The provision of personal information is essential for us to be able to perform the services which we have been engaged, or may be engaged to undertake. You may provide us with such personal information face to face, through postal and email correspondence, over the phone and submission of data either electronically or in person. This means that our lawful basis for holding this personal information falls into one (or more) of the following:
‘Performance of a contract’ i.e. we are required to hold and process personal information about our clients, or on behalf of our clients, in order to perform the services agreed under the terms of out engagement.
‘Compliance of a legal obligation’ i.e. we are required to hold and process personal information about our clients, or on behalf of our clients, in order to fulfil your legal and statutory obligations, for example the submission of information to HMRC, the Registrar of Companies etc.
‘Legitimate interests’ i.e. we have a legitimate interest to share with you relevant information about our services, as your accountants and advisors.
We may need to obtain information from third parties, if this is permitted by law. We may also use legal sources of publicly available information to obtain information about you, for example, to verify your identity. This information will only be obtained from third parties that operate in accordance with the General Data Protection Regulation (GDPR).
Use of personal data
Your personal information is used to provide the services we have been engaged to undertake, and undertake to protect your personal data, in a manner which is consistent with PCLG, Chartered Accountants duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will always take all reasonable security measures to protect your personal data in storage and in transit. As applicable, the information you provide may be used to, but not limited to:
Engagement Procedures – as part of our client take on procedures and ongoing client due diligence, we collect and hold personal information. We may carry out searches using publicly available information, e.g. internet searches.
Provision of Audit, Accountancy, Taxation and other associated services – in order for us to perform our contract, we may need to process personal information, e.g. payroll administration, or review of accounting information during the audit process
Practice Management and Development – as part of our practice management and development, we may need to process and hold personal data e.g. in order to manage client relationships, or share with you relevant information about our services which may be relevant to you.
Quality Control and Assurance Procedures – personal information may be processed as part of our Quality Assurance and Control monitoring that we undertake, e.g. client due diligence. As a member of the Institute of Chartered Accountants in England & Wales (ICAEW), we need to process and hold personal information in order to comply and demonstrate compliance with their specific requirements, and those of any other laws or regulations.
We will keep personal information about you confidential and secure. We never share personal information with any third party, unless it is within our lawful basis for doing so, and may incude, but is not limited to:
Government bodies – e.g. HMRC, Companies House and any bodies or agencies required so that we comply with relevant laws and regulations;
Crime Prevention Agencies – e.g. Police, National Crime Agency etc;
Software, IT and other 3rd party providers working on our behalf – e.g. those required in order to perform the services agreed under the terms of out engagement, e.g. accounts production software, cloud based accounts providers and third parties engaged to manage our internal IT systems.
Transfer of your personal data outside of the European Union (EU)
As part of the services offered to you, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing. Where our third-party supplies are in the US we will ensure that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the US.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
We keep information in line with the retention policy guidelines of PCLG, Chartered Accountants. Except where other stated, we will hold personal information only for as long as is required by us to:
Provide you with the services we have been engaged to perform;
Comply with applicable law to ensure compliance with legal and other obligations such as anti-money laundering regulations and HMRC’s requirements on document retention;
Support a claim or defence in court.
Dependent on the above, the specific retention policy can vary from one piece of information to the next.
We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk, e.g. by email.
Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
The General Data Protection Regulation (GDPR) grants you, the data subject, various rights with respect to your personal information;
Access to your personal information - You have the right to request a copy of the personal information about you that we hold.
Correcting your personal information - We endeavour to ensure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information - You have the right to ask us to delete personal information about you where:
you consider that we no longer require the information for the purposes for which it was obtained;
you have validly objected to our use of your personal information – see ‘Objecting to how we may use your information’ below;
our use of your personal information is contrary to law or our other legal obligations;
we are using your information with your consent and you have withdrawn your consent – see ‘withdrawing consent to use your information’ below.
Restricting how we may use your information - In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue
Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Right to rectification - You have the right to request from us, without undue delay, the rectification of inaccurate personal data we hold and you may also have the right to have any incomplete personal information completed.
Exercising your rights
Should you wish to exercise any of your rights, please write to the Data Protection Officer at PCLG Ltd, Equinox House, Clifton Park Avenue, Shipton Road, YORK YO30 5PA.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates on our website Paper copies of the privacy notice may also be obtained from our office.
This privacy notice was last updated on 24 May 2018 and the version number is 1.1
Further information and complaints
Should you have any queries regarding the processing and holding of personal information, or wish to make a complaint please write to the Data Protection Officer at PCLG Ltd, Equinox House, Clifton Park Avenue, Shipton Road, YORK YO30 5PA.
Further information can also be found at the Information Commissioner’s Office -