This is the privacy notice of Bharat D Hathi Ltd trading as BdH Chartered Certified Accountants.
We are company number 05300256 registered in England and Wales, Our registered office is at 95 Newcome Road, Portsmouth, PO1 5DR.
Our policy complies with UK and the EU General Data Protection Regulation (GDPR).
This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We take seriously the protection of your privacy and confidentiality. We understand that our clients are entitled to know that their personal data will not be used for any unintended purpose, and will not accidentally fall into the hands of a third party.
We undertake to preserve the confidentiality of all information you provide to us, and we do not share, or sell, or disclose to a third party, any information you provide.
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.
The bases on which we process information about you
The law requires us to determine the bases we process different categories of your personal information, and to notify you of the basis for each category.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Information we process because we have a contractual obligation with you
When you become our client and agree to our terms and conditions (engagement letter), a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information such as:
Date of Birth
Address (home and business)
National Insurance Number
Tax Reference Number
Other income details
PAYE Reference Number
We may use it in order to:
verify your identity as required for money laundering regulations
provide you with our services so that you comply with your legal obligations with HMRC
We process this information on the basis that there is a contract between us. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process with your consent
Wherever possible, we aim to obtain your explicit consent to process this information. Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
The data we process will collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Information we process because we have a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
How we will communicate with you
We will no longer email you any data that we deem confidential data such as payslips, P45’s, P60’s VAT returns, personal and corporation tax returns and business accounts.
Instead we will give you access to our portal using your username and password, which you should update when you first log in. We will provide full instructions on how to use the portal.
Only you will have access to the portal and any documents we place. All data is encrypted.
How we store your data, for how long & data security
We have carried out a detailed data audit throughout our systems to ensure that we only store data that is absolutely necessary for us to keep in order to perform the services you have contracted with us.
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.
All personal data we process is processed and stored on servers within the European Union. Sometimes we may outsource some work we do for you; we only work with companies that hold certification provided by British Standards Institutions (BSI) such as 9001-2015 Quality and ISO 27001-2013.
No Third parties have access to your personal data unless the law requires us to do so.
Data is always encrypted when it is stored on our servers and we use multi factor authentication in many of our systems.
All our systems are protected by a firewall and we have monthly scans by a third party to check the vulnerability of our data systems to identify weaknesses which would be immediately rectified.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted (subject access request).
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated using the email address firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office.