H Armstrong & Associates Ltd
1. Who we are
H Armstrong & Associates Ltd is a Company limited by Shares in Northern Ireland. We are Chartered Accountants.
Registered Company Number NI 633317. Registered at 6B Main Street, Castledawson, Magherafelt, Co Derry. BT45 6AB.
2. Your rights
The General Data Protection Regulation (‘GDPR’) ensures that we use your personal information only if we have a proper reason to do so. The law says we must have one or more of these reasons for using your data:
To fulfil a contract we have with you to provide our services;
Where it is our legal duty;
When it is in our legitimate interest;
When you consent to the use of the data.
A legitimate interest is when we have a business or commercial reason to use your information. If we rely on our legitimate interest, we will tell you what that is.
Under the GDPR your rights are:
To be informed – we must make available this privacy notice with the emphasis on transparency over how we process your data.
Access – you are entitled to find out what details we may hold about you and why.
Rectification – we are obliged to correct or update your details.
Erasure – this is the right to be forgotten.
Restrict processing – you have the right to suppress the processing by us of your personal data.
Data portability – you have the right to obtain your personal data that you have provided to us.
Object – you have the right to object to us processing your data.
3. Your personal data
At H Armstrong & Associates Ltd we process personal data. This may include your name, address, date of birth, family relationships & contact details. We primarily collect personal data in relation to the provision of our services, including details of your tax & financial affairs, bank accounts, business records, investments, payroll information and other statutory returns. We are also required to retain copies of identification documents such as driving licence or passport in order to comply with our own obligations under Money Laundering legislation.
3.1. How we collect data
We generally collect your data in the following ways:
Through engagement (or potential engagement) of our services.
By communications including email, telephone & post.
Via third parties and/or public available resources (such as HMRC, your employer, financial advisor/bank or Companies House)
When you fill in a form on our website (such as the contact request form)
Via Google Analytics*
* We use Google Analytics to store information about how our website visitors use our website so that we may make improvements and give visitors a better user experience.
Google – http://www.google.com/intl/en/policies/privacy/
We use LinkedIn, Facebook and Twitter and occasionally use their advertising services but there are no tracking codes installed on our website and so no personal data is stored.
3.2. How & why your data will be used
At H Armstrong & Associates Ltd we take your privacy seriously and will only use your personal information in the course of the provision of service or engagement that you (or your employer) have requested from us. We will only use information provided to us subject to your instructions, data protection law and our duty of confidentiality.
Your data may be utilised for internal use and operations including data analysis for management purposes, organisation and maintenance to our own internal systems.
When we receive personal information from you for the specific purpose of Money Laundering or anti-terrorism legislation, it will be used for this sole purpose alone.
We may use your personal information to provide you with information about services we offer that we feel would be of benefit or interest to you or to notify you about changes to our services.
3.3. How we will share your data
Your information may be shared internally within our organisation for administration purpose or for the purpose of service provision. Otherwise your information will be retained with H Armstrong & Associates Ltd except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you.
We use third party service providers such as agents and other organisations to help us provide services to you. These would include:
Accounting & payroll providers including Sage, Xero, Relate Software, Auto Entry and associated processing services;
Email & secure document exchange systems;
Our IT Service support partner, KBS Group;
Cloud storage solutions and providers such as Microsoft Azure.
We may share you data with third parties such as HMRC, Companies House, Revenue Commissioners Ireland, Office of National Statistics or any other legislative body as deemed necessary under legal or statutory requirements. Any interaction with third party financial institutions or financial/legal professionals will be done at your request or prior agreement.
3.4. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
The requirements of our business and the services provided;
Any statutory or legal obligations such as HMRC record retention legislation;
The purposes for which we originally collected the personal data;
The lawful grounds on which we based our processing;
The types of personal data we have collected.
3.5. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
3.6. Data correction/deletion/consent withdrawal
Should you wish to have a necessary correction made to the data we hold, make an application for your data to be deleted or you wish to withdraw your consent to data processing, you should make a request in writing to the postal or email address provided.
We may have a legal or statutory requirement to retain some data following a data deletion request/withdrawal of consent.
The withdrawal of consent does not affect the lawfulness of earlier processing.
If you withdraw your consent, we may not be able to continue to provide services to you.
4.Subject Access Request
A Subject Access Request under GDPR is your right to request a copy of the information that we hold about you. Such requests must be in writing to the contact details provided in this policy. If we do hold your personal data, we will respond in writing within one calendar month of your request (subject to the request being submitted in accordance with this policy and verification of identity).
The information we supply will:
Confirm that your data is being processed, verify the lawfulness and the purpose of the processing and will contain the information held in a readable format.
In the event that we do not hold information about you, we will also confirm this in writing at the earliest opportunity.
How to contact us:
By Email: firstname.lastname@example.org Subject ref: Privacy/GDPR
Or in writing to GDPR Compliance, H Armstrong & Associates Ltd, 6B Main Street, Castledawson, Magherafelt, Co Derry. BT45 6AB.
You also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone 0303 123 1113 (local rate) or 01625 545 745