The purpose of this notice
When we provide our accounting, tax and advisory services to you, we will collect personal information about you and your business.
It is vitally important to be open and transparent with you as to the types of information we collect, why we collect it, how we use it and who we share it with.
The Data controller of your personal information is Marion Shannon & Co 31 Mill Street, Irvinestown, Co. Fermanagh BT94 1GR, who is registered with Association of Chartered Certified Accountants as a Chartered Certified Accountancy Firm.
We have appointed a Data Protection Officer who overseas our data protection compliance programmes in accordance with the relevant law and in particular the General Data Protection Regulation. As our business engages clients in both the United Kingdom and the Republic of Ireland we must comply with the laws across both jurisdictions; in the UK the law is legislated in the Data Protection Act 2018, in the Republic of Ireland it is legislated in the Data Protection Act 1998 and that Data Protection (Amendment) Act 2003. The General Data Protection Regulations, having been legislated by the European Parliament, is in force across the entire European Union.
How we collect client information?
We may ask you to provide personal information by filling in hard copy forms and documents, and also during the course of our consultations with you or by corresponding with us by phone, letter or electronic communications to include email or sms text messaging.
What type of information will be processed and why?
Types of personal information |
Why we collect it |
| Identity detail including your name, address, date of birth, National Insurance Number, (UK) Unique Tax reference number (UTR), (ROI) PPS number. | To enable us to engage with any third parties in order to complete our engagement with you: this may included financial institutions, HM Revenue & Customs( The Office of Revenue Commissioners in Republic of Ireland), The Department for work and pensions and True Potential and Companies House ( The Companies Registration Office (CRO) in Republic of Ireland. We collect and process this personal information in order to comply with our legal and regulatory requirements. |
| Your contact details including your name, postal, phone and email address(es) and other personal details about you including your title and date of birth. | To contact you in order to manage our engagement with you and your business. To respond to any correspondence and self related enquiries you send to us in respect of our engagement with you and your business. To discuss services provided by our office or related third parties which you may be interested in. To communicate any updates to you including any changes to our services, the terms and conditions of any services which we have provided to you, any changes to this notice and to our website. |
| Details of your dependants (name, address and date of birth. | To enable us to provide you with services that you have requested that would require your dependants information (dependants may be vulnerable adults or minors) examples of such services are student financing, applications and state benefit entitlement claims and administration. |
| Details of contact that we have had with you such as face to face consultations with you, discussions about your business, recommendations, referrals and quotes. | To allow us to provide a professional service to you. |
| Client experience and other feedback and information you provide us. Information about complaints and incidents. | To review your feedback and experience with us so that we can improve our services for you and for our other clients. As required by our professional oversight bodies. |
| All of the personal information described above. | To comply with our legal duty of care obligations relating to the quality of service we provide you. We may disclose your personal information to third parties where we are required to do so to comply with applicable laws and regulatory requirements including in circumstances where we are required to do so by court order, regulatory authority or any other third party with the lawful right to request and receive the personal information we hold about you. We may also use your personal information where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties. We collect and process this personal information for our legitimate business interests including carry out our own internal business panning, compliance, training and quality assurance purposes. |
Who might my personal information be shared with?
We may disclose your personal information to the following categories of recipients:
- To other providers of accounting, tax and advisory services, financial institutions and solicitors in respect of whom you request us to process applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you;
- To our suppliers and partners in order for them to help us provide our services to you, this may include; our IT systems providers to assist us with an efficient, modern and professional service, regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements;
- Our solicitors and professional indemnity insurers to take advice and establish our legal rights;
- To regulatory bodies with whom tax and financial information is shared;
- To any national and or international regulatory, enforcement body, government agency or court where we believe disclosure is necessary;
- As a matter of applicable law or regulation;
- To exercise, establish or defend our legal rights, or
- To protect your vital interests or those of any other person; and
- To any other person with your consent to the disclosure or where we are permitted to do so by law.
Our legal basis for processing personal information
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In respect of the personal information and the purposes for which we may process your personal information which are set out in this notice, we have confirmed the legal basis upon which we collect and process your personal information in the ‘what type of personal information will be processed and why’ section above.
If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly if we collect and use your personal information with your consent, then you can withdraw your consent any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to the data protection authority about our collection and use of your personal information.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Data Retention
We retain personal information we collect from you where we are legally obliged to do so or if we consider that we have an ongoing legitimate need to do so, for example:
- To provide you with a product or service you have requested us to provide:
- To perform our contractual obligation to you:
- To comply with applicable legislation:
- All relevant tax or accounting requirements:
- To defend or manage any claims or complaints between us, you and any relevant third party including taking legal advice in respect of such claims in order to establish, exercise or defend our legal rights or such claims. This would include complaints and claims which you may bring against us or which are submitted to a court, regulatory authority or professional body.
When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Updates to this notice
We may change or update this notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
How to contact us
If you would like contact us in relation to this notice or if you have any other questions in respect of our processing of your personal information, please contact the Data Protection Officer, Marion Shannon & Co, Chartered Certified Accountants, 31 Mill Street, Irvinestown, Co. Fermanagh, BT94 1GR; Mob: 077 1499 5690; Tel 028 686 28327; email; marion@marionshannonandco.co.uk
Contacting the regulator
If you feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioners Office.
You can contact them by telephoning 0303 123 1113
You can also go online at www.ico.org.uk/concerns.