PRIVACY STATEMENT

Who we are

This is the privacy statement of High AP Ltd t/a Highland Accountancy Practice.

This privacy statement explains how we collect and use personal information about you.

What personal information we collect

Name
Contact details (including home and business addresses, email, telephone number)
Date of birth
Photographic ID
Family details
Employment details (including current and previous employers)
Income details from all sources
Expenditure details
Tax information including NI numbers and tax reference numbers
Other relevant information that may be required to fulfill our services to you

Where we collect personal information from

Information will generally be gathered directly form you by way of email, telephone conversations, letters and meetings, but may also be provided to us by employers, HMRC and other relevant third parties who hold financial data on you that is required to complete our financial and taxation services to you. If we acquire personal data about you from other sources we will normally seek you approval or comment on it before acting on it. If your personal data changes you should let us know.

Lawful basis for holding and processing information

The basis for using your data will be to fulfil our services/contractual duties to you together with necessity to comply with legitimate interests and legal obligations. We currently do not do any form of direct marketing and as such do not rely on consent as the basis for holding your data. Should we ever wish to use your data for these purposes we would only do this if express consent is first sought and given.

How we use your personal information

The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive)

deliver services and meet legal responsibilities
verify identity where this is required
communication by post, email or telephone
understand needs and how they may be met
maintain records
process financial transactions
prevent and detect crime, fraud or corruption

Who we share your personal information with

Confidentiality is very important to us. We will not, therefore, share any of your personal information with anyone unless:

We need to do so to carry out the transaction/work that we have agreed to do for you
We are obliged to do so in order to comply with legal obligations
We need to do so to protect your vital interests
We need to do so in order to carry out a task in exercise of official authority given to us by Court, Parliament or Governmental body
It is within our legitimate interests to share your data and does not conflict with your fundamental rights or freedomsv
With your consent

Some of the processing activities we do may on occasion require us to share information with third parties. It would only ever be used for those processing purposes by the third party, and will not be passed on for any other purpose. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party. They will also have to comply in full with the GDPR.

The following is a list of the main third parties with whom we may have to share personal information:

Oversight regulators and statutory bodies (e.g. HMRC, the FRC, ICAS)
Software providers which allow us to operate efficient digital processes, including:
~ IRIS
~ SAGE
~ Microsoft
~ Quickbooks
Our external IT support providers - Dynamic Edge

For practical reasons, this is an indicative, but not exhaustive list. Please also note that the list may be updated from time to time.

Our policy is to encrypt any personal data that is sent by email.

How long we retain your personal information for

We will gather your personal data manually and electronically and it will be stored in digital and hard copy formats while we are working for you and for a period after work has ended.

We are required by our regulators, insurers and to meet legal requirements to retain most data for a period of up to 7 years. This will apply to all electronic and hard copy data for existing clients. After a client no longer uses our services we will remove all electronic data from our systems within 6 months of them leaving. Hard copies will be retained in secure offsite storage until the 7 year requirement has been met. After 7 years all hard copy data is destroyed securely for all existing and previous clients.

We do not hold any personal information outside the EEA.

Using our website

We do not store or gather any personal information from any users of our website.

Your rights

Access to your information - You have the right to request a copy of the personal information about you that we hold.

Correcting your information - We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information - You have the right to ask us to delete personal information about you where:

You consider that we no longer require the information for the purposes for which it was obtained.
We are using that information with your consent and you have withdrawn your consent - see Withdrawing consent to using your information below.
You have validly objected to our use of your personal information - see Objecting to how we may use your information below.
Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information - You have the right at any time to require us to stop using your personal information for direct marketing purposes should we ever seek consent to have used it for those purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information - In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Automated processing - If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.

Withdrawing consent to using your information - Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.

Changes to our privacy statement

We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained from our registered office - Suite 1A, Willow House, Stoneyfield Business Park, Inverness, IV2 7PA

This privacy statement was last updated on 12 April 2018.

Complaints

We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office, whose contact details are as follows:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone - 0303 123 1113 (local rate) or 01625 545 745

Website - https://ico.org.uk/concerns