The Business Bookkeeper Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

1. Information About Us
The Business Bookkeeper Ltd
Registered in England under company number: 8139683
Registered address: 22 Burley Close, London, SW16 4QQ.
Data Protection Officer: Selina Orleans-Foli
Email address: dpo@thebusinessbookkeeper.co.uk
We are a member of International Association of Bookkeepers

2. What Does This Notice Cover?
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an
identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 6, below.

4. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know,
but you can always contact us to find out more or to ask any questions.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data held by us inaccurate or incomplete.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of.

5. How Do You Collect or Obtain Personal Data?
– We may collect data about you by you providing the data directly to us (for example by filling in forms on our website, corresponding with us by phone, mail, email, social media or otherwise, by you posting details and documents to us or by you granting us access to shared online/electronic
resources such as accounting software or online storage).
– We may also collect data relating to your tax affairs (for example PAYE coding notices, tax calculation statements, and other correspondence) by it being sent to us by post or in electronic format by HMRC in cases where you have authorised HMRC to liaise directly with us as your tax agent.
– To comply with legal obligations to which we are subject, to obtain evidence of your identity and address, we may receive data from third party
agencies which may include residency and identity checks and ‘risk’ factors such as politically exposed persons and those on sanctions lists, and from publicly availably sources such as Companies House and the UK Electoral Register.

6. What Personal Data Do You Collect?
We may collect some or all of the following personal data (this may vary according to your relationship with us:
– Full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth,
business name, job title, profession, payment information, national insurance number, passport number, tax reference number and financial details.
– Information relevant to preparing your financial accounts, corporation tax, payroll, VAT and other services you require from us.

7. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it or to comply with any legal requirements. Your personal data may be used for the following purposes:
– Supplying our services to you as our client. Your personal details are required in order for us to enter into a contract with you
– To provide, maintain and improve our bookkeeping services
– To fulfil our obligations under relevant laws in force (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on
the Payer) Regulations 2017 (“MLR 2017”)).
– To comply with professional obligations to which we are subject as a member of International Association of Bookkeepers.
– To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
– To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
– Communicating with you. This may include responding to emails, calls or texts from you.
– To contact you about other services we provide which may be of interest to you if you have consented to us doing so.

8. How Long Will You Keep My Personal Data?
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
– to provide you with the services you have requested
– to comply with other law, including for the period demanded by HMRC
– to support a defence of claim in court
– Where we act as a data processor we will delete or return all personal data to the data controller as agreed with the controller

9. How and Where Do You Store or Transfer My Personal Data?
We shall only transfer any Personal Data we hold to a country outside the European Economic Area (“EEA”), if one of the following conditions applies:
– The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms.
– You have given your consent that your Personal Data is transferred.
– The transfer is necessary for one of the reasons set out in the GDPR 2017, including the performance of a contract between you and us, or to protect your vital interests.
– The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
– The transfer is authorised by the ICO and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.

The security of your personal data is essential to us and to protect your data, we take a number of important measures, including but not limited to the following:
– Data is protected by strong passwords that are changed regularly
– Data is backed up frequently
– Software is kept up-to-date with the latest security patches
– Computers are protected by security software and firewalls
– Files are kept in locked drawers or filing cabinets
– Paper documents are shredded and disposed of securely when no longer required
– Data users shall be appropriately trained and supervised in accordance with this notice which includes requirements that data users log off from or lock their computer/electronic device when it is left unattended. We shall take appropriate security measures against unlawful and/or unauthorised processing of personal data and against the accidental loss of or damage to your personal data.

10. Do You Share My Personal Data?
There may be situations in which it is necessary for us to disclose your Personal Data to other third parties, which include but are not limited to:
– HMRC, our professional body International Association of Bookkeepers and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to the requirements of MLR 2017 (or any similar legislation), professional indemnity insurers, and an alternate appointed by us in the event of incapacity or death.
– In providing you with our service we use secure online storage and software providers to process electronic data, including personal data. These providers are GDPR compliant or apply equivalent/adequate safeguards. A full list of these providers can be provided on request.
– In some limited circumstances we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
– If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
– If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR 2017.
– We use youtube videos embedded on our website, Youtube has it’s own cookie and privacy policy over which we have no control. You can view their privacy policy here.

11. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal address shown in Part 12. In order to respond to your request, we may request additional information from you to confirm your identity. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

12. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Selina Orleans-Foli)
Email address: dpo@thebusinessbookkeeper.co.uk
Telephone number: 0207 137 6565.
Postal Address: The Business Bookkeeper Ltd, 22 Burley Close, London, SW16 4QQ.

13. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available at www.thebusinessbookkeeper.co.uk