Base10 Accounting

Chartered Accountant

Privacy

I am committed to ensuring the protection of the privacy and security of any personal data which I process. I aim to minimise the personal data that I control by only collecting and retaining personal data to the extent set out below.

Andrew Robert Boyd trading as Base10 Accounting is registered with ICAEW as an accountancy and tax advisory firm and with HMRC as a tax agent.

I am registered as a data controller at the Information Commissioner’s Office (ICO) under registration number ZB561517.

I am regarded by law as the Data Controller, this means that I am responsible for deciding how I hold and use personal data about you.

As a sole practitioner, I also act as Data Protection Officer and am responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact me about this notice or your data you can do so by emailing data@base10.uk

Categories

The information I hold about you will depend on our business relationship, be that as corporate client, personal client, a connected individual to a client (e.g. an employee, supplier etc), a supplier or contact of mine, or as a user of this website.

Types of information that I may hold include the following:

  • your personal details such as your name, address and date of birth;
  • additional contact details such as phone number and email addresses;
  • details to comply with obligations under The Money Laundering, Terrorist Financing and Transfer for Funds (Information on the Payer) Regulations 2017 (MLR 2017)
  • details of contact I have had with you in relation to the provision, or the proposed provision, of services;
  • details of any services you have received from me;
  • our correspondence and communications with you;
  • information about any complaints and enquiries you make to me;
  • details necessary to perform services such as unique taxpayer references, national insurance numbers, tax codes, salary and pension details, details of other income or losses, details of capital assets and disposals etc;
  • details necessary to process tax refunds or for overpaid fees such as bank details;
  • details of relationships and business interests for the purpose of identifying connected persons, tax associates, related parties or other tax or accounting sensitive associations.

Collection

I obtain your personal data directly from you when:

  • you initially contact me regarding a new or additional  services;
  • you provide me with information necessary to for me to pride services to you;
  • you contact me by email, telephone, post, via our website or social media.

I may also obtain your personal data indirectly:

  • from your employer or other client relationship when it engages me to provide services and also during the provision of those services;
  • from HMRC with regard to historic and current tax position, tax codes and service related correspondence;
  • from IRIS Elements to comply with our obligations under MLR 2017 such as address verification, identity verification, verification financial data, verification sanctions and politically exposed persons, insolvency, county court judgements, mortality, telephone, driving licence and company director search;
  • from general web searches for the purpose of understanding background and history of clients;
  • from Companies House or Charities Commission for the purpose of understanding business connections and to ensure correct disclosure have been made.

Purposes

I may process your personal data for purposes necessary for the performance of my contract with you, your employer or a client. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of a client.

I may process your personal data for the purposes of my own legitimate interests provided that those interests do not override any of your own interests and rights which require the protection of personal data. This includes processing for business development, statistical and management purposes.

I may also process your personal data for purposes necessary for the performance of my legal obligations. This may include times where I am legally required or permitted to process your personal data without your knowledge or consent.

Retention

I will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, I will take into consideration purpose for which the personal data was collected and the services that were required, the requirements of my business and any legal obligations.

Sharing

I will share your personal data with third parties where I am required by law, where it is necessary to administer the relationship between us, or where I have another legitimate interest in doing so.

“Third parties” includes third-party service providers and regulators, these include but are not limited to:

  • IT and cloud services,
  • banking services, and
  • HMRC, ICAEW & ICO as regulators.

I will only permit our third-party service providers to process your personal data for specified purposes and in accordance with my instructions.

In the course of running my business and providing services to clients I may transfer personal data to third parties located in other countries that have less stringent data protection laws. This is because I rely on IT and service providers that use cloud services to store and process data and where this could happen on servers located around the world. Where I engage with a service provider, I ensure service contracts will protect personal data to at least the same standard as required by UK law.

Security

I have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.

I have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Rights

You have rights in relation to any of your personal data held by me as a data controller. Should you wish to exercise your rights right, please contact me by emailing data@base10.uk I will endeavour to respond to any request promptly and certainly within any legally required time limit, normally being one month.

You have the right to request access to your personal data, known as a Subject Access Request (SAR). This enables you to check that the personal data I hold about you is correct and being processed lawfully.

You have the right to request rectification to your personal data if it requires updating or correcting. This is important to ensure the information I hold about you is current and accurate You may also be under a statutory or contractual obligation to provide the personal data and ensure that it is current and accurate.

You have the right to request erasure of your personal data where there is no good reason for me to continue to process your personal data.

You have the right to object to me processing of your personal data where I am relying on a legitimate interest. You must have a compelling reason for your objection. You have an absolute right to stop your data being used for direct marketing, that said I do not use direct marketing.

You have the right to request the restriction of processing of your personal data. This is often linked to the use of your other rights. In the circumstances where I agree the restriction is necessary I will stop processing your personal data by will continue to store your personal data.

You have the right to request the transfer of your personal data to you or another data controller, known as data portability. I will facilitate data portability where technically feasible.

Changes

Any changes I may make to our privacy notice in the future will be published on this website.

This privacy notice was last updated on February 2024.

Complaints

In the UK you may complain about the use of personal data to the Information Commissioner’s Office. The ICO’s website contains further information on our rights. The contact details for the ICO are as follows:

Telephone – 0303 123 1113

Website – https://ico.org.uk/make-a-complaint/