This policy is intended to provide information about how Hugh Davies & Co use (or "process") personal data about individuals including its staff and its customers. Collectively, we refer to these individuals as Hugh Davies and Co’s community.
This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff and customers are all encouraged to read this Privacy Notice and understand Hugh Davies and Co’s obligations to its entire community.
This Privacy Notice applies alongside any other information Hugh Davies & Co may provide about a particular use of personal data, for example when collecting data via an online or paper form.
This Privacy Notice also applies in addition to the business's other relevant terms and conditions and policies, including:
- Any contract between Hugh Davies & Co and its staff or customers;
- Hugh Davies & Co’s retention of records policy;
- Hugh Davies & Co’s health and safety policies, including as to how concerns or incidents are recorded; and
- Hugh Davies & Co’s IT policies, including its Acceptable Use policy, eSafety policy, WiFi policy, Remote Working policy and Bring Your Own Device policy.
Anyone who works for, or acts on behalf of, Hugh Davies & Co including volunteers or self –employed staff should also be aware of and comply with this Privacy Notice which also provides further information about how personal data about those individuals will be used.
Why Hugh Davies and Co needs to process personal data
In order to carry out its ordinary duties to staff and customers, Hugh Davies & Co needs to process a wide range of personal data about individuals as part of its daily operation.
Some of this activity Hugh Davies & Co needs to carry out in order to fulfil legal rights, duties or obligations – including those under a contract with its staff and customers.
Other uses of personal data will be made in accordance with Hugh Davies & Co’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals, and provided it does not involve special or sensitive types of data.
Hugh Davies and Co expects that the following uses will fall within that category of its (or its community’s) “legitimate interests”:
- To provide accounting and payroll services,
- For the purposes of management planning and forecasting, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
- To monitor (as appropriate) use of Hugh Davies and Co’s IT and communications systems in accordance with the IT: acceptable use policy;
- Where otherwise reasonably necessary for Hugh Davies and Co’s purposes
Types of personal data processed
This will include by way of example:
- names, addresses, telephone numbers, email addresses and other contact details;
- passwords and logins to access HMRC or other financial or accounting services;
- bank details, taxation details and other financial information,
- personnel files, including in connection with academics, employment or safeguarding;
- where appropriate, information about individuals' health and welfare, and contact details for their next of kin;
How Hugh Davies and Co collect data
Generally, Hugh Davies and Co receives personal data from the individual directly. This may be via a form, or simply in the ordinary course of interaction or communication.
Who has access to personal data and wo does Hugh davies share it with?
Occasionally, Hugh Davies and Co will need to share personal information relating to its community with third parties, such as:
- government authorities such as HMRC and others
- appropriate regulatory bodies such as the Information Commissioner and others
- professional advisers
How long we keep personal data
Hugh Davies and Co retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and customer files is up to 7 years following departure.
If you have any specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact: Hugh Davies
However, please bear in mind that Hugh Davies and Co often have lawful and necessary reasons to hold on to some personal data even following such request.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a "suppression record").
Keeping in touch and supporting Hugh Davies and Co
Should you wish to limit or object to any such use, or would like further information about them, please contact Hugh Davies in writing. You always have the right to withdraw consent, where given, or otherwise object to direct marketing. However, Hugh Davies and Co is nonetheless likely to retain some of your details (not least to ensure that no more communications are sent to that particular address, email or telephone number).
Rights of access, etc.
Individuals have various rights under Data Protection Law to access and understand personal data about them held by us, and in some cases ask for it to be erased or amended or have it transferred to others, or for Hugh Davies and Co to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to Hugh Davies.
Hugh Davies & Co endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information, but actually fulfilling more complex requests may take 1-2 months longer).
Hugh Davies & Co will be able to respond quickly to smaller, targeted requests for information quickly. If the request for information is manifestly excessive or similar to previous requests, Hugh Davies & Co may ask you to reconsider, or require a proportionate fee (but only where Data Protection Law allows it).
Requests that cannot be fulfilled
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which is subject to legal privilege (for example legal advice given to or sought by Hugh Davies & Co, or documents prepared in connection with a legal action).
You may have heard of the "right to be forgotten". However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your (or your child's) personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
Where Hugh Davies & Co may rely on explicit consent as a means to process personal data, any person may withdraw this consent at any time. Please be aware however that Hugh Davies & Co may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.
That reason will usually have been asserted under this Privacy Notice, or may otherwise exist under some form of contract or agreement with the individual (e.g. an employment contract, or because a supply of services to clients).
Data accuracy and security
Hugh Davies & Co endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify Hugh Davies of any significant changes to important information, such as contact details held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law): please see above for details of why Hugh Davies and Co may need to process your data, and who you may contact if you disagree.
Hugh Davies & Co take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to Management Information Systems. All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
Hugh Davies & Co will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.
Queries and complaints
Any comments or queries on this policy should be directed to Hugh Davies
If an individual believes that Hugh Davies & Co has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise Hugh Davies & Co complaints procedure and should also notify the Hugh Davies. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with Hugh Davies & Co before involving the regulator.