Privacy Notice

This is the Privacy Notice for Ekstra Accounting Solutions Ltd.

The purpose of this notice is to inform you about how and why your personal data is used so that we are as transparent as we possibly can, and to ensure that you are aware of your rights under UK data protection legislation (UK General Data Protection Regulation, Data Protection Act 2018).

The Company

Ekstra Accounting Solutions is a company registered with Companies House, registration number NI067186 and with the ICO under registration ZB165831. We are a data controller for the personal data we collect from you. The owner of Ekstra Accounting Solutions Mrs Janet Jensen is the designated data protection lead.

Our correspondence address is Office 3 -The Foundry, East Belfast Enterprise Centre, 68-72 Newtownards Road, Belfast, Co Antrim, BT4 IGW. You can contact us at contactus@ekstraas.co.uk or telephone 07458 302 512.

The purpose for processing your data and our basis for doing so.

We process personal data so we can provide business accounting and related services (such as company accounts, tax returns, business advice etc.) to clients and engage with prospective clients and partners. We will also use your data for complying with the UK anti money laundering legislation and for marketing purposes.

In processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it. References to the basis of processing e.g.,” (Article. 6.1.f)” are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question.

If you are a client, we will hold the following information about you:

  • Your full name.
  • Your postal address.
  • Correspondence address.
  • Your email address.
  • Your contact telephone number(s)
  • Alternative contact details.
  • Your data of birth.
  • Gender.
  • Marital status and dependants.
  • Next of Kin.
  • Unique Tax Reference number.
  • National Insurance number.
  • Other government identifier.
  • Photograph.
  • Your signature.

We process this information so we can provide you with accounting services, invoice you and maintain our communication with you. Our legal basis for doing this is Article 6.1.b – performance of a contract, this is necessary to deliver the service to you.

We will process your data to enable us to perform due diligence checks on you both at point of engagement and during our commercial relationship. This is to allow us to comply with the requirements of the UK’s anti-money laundering regulations. Our legal basis for doing this is Article 6.1.c – compliance with a legal obligation.

Where we require your data in the pursuance of a contract, if you fail to provide that data, we will not be able to provide you with our services or enter into a commercial agreement.

If we have engaged with you as a prospective customer, we will process the following information about you:

  • Your full name.
  • Your email address.
  • Your contact telephone number(s).
  • Postal address details.
  • Government identifier.
  • Photograph.

We will process this information for the purposes of complying with the UK anti money laundering regulations and so we can communicate with you and send you occasional updates on our services.

Marketing

If you are from a ‘corporate’ entity, we may send you updates and information as a legitimate interest activity (Article 6 1.f). If you are a sole trader or an individual and we have had conversations about providing you our services, we are able to market to you without consent as allowed by the Privacy and Electronic Communications Regulations 2003 (amended). You can ask us to stop sending you communications at any time.

Recipients of your data

As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Lawful basis Article 6.1.f, we have a legitimate interest to pursue money owed to us.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Lawful basis is Article 6.1.c Legal Obligation
  • We are required to undertake due diligence by law for anti-money laundering purposes, as such we may be required to share your personal data with our professional supervisory authority and / or law enforcement agencies. Our lawful basis is Article 6.1.c – performance of a legal obligation.
  • Her Majesty’s Revenue and Customs will also receive some of your personal data as will Companies House. The lawful basis for sharing this is Article 6.1.c – performance of a legal obligation.

Data processed by third parties on our behalf.

We use the services of other organisations in the processing your data. We use cloud-based platforms for accounting, credit checking and video conferencing purposes and other service providers to support our accounting activities. A list of those data processors is available on request.

Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.

Transferring your data outside of the UK

We do not transfer your personal date outside of the United Kingdom.

Retention periods

We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose.

If you are a customer, then we will keep your data for all the time you are a customer and for 7 years following. This is to comply with HMRC audit requirements.

If you are a prospective customer, we will keep your information for 2 years from last meaningful contact unless you have asked us to stop contacting you. If this is the case, we will remove you from the mailing list but will keep the minimum of data to ensure you are not added back into it.

Personal data collected for the purpose of client due diligence, will be retained for a minimum of 5 years.

Security

The UK GDPR requires us to implement technical and organisational measures to protect your data. This means our IT systems are protected by anti-virus and anti-malware software. We use SSL certificates to encrypt any data you supply to us through our website.

Your rights

The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:

  • You have the right to get access to and copies of your personal data.
  • You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
  • You can ask us to rectify any inaccurate information we may be holding.

If you want to exercise any of these rights, contact us on the above email address.

You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.

Information Commissioner’s Office – Northern Ireland


10th Floor

Causeway Tower

9 James Street South

Belfast

BT2 8DN

Telephone: 0303 123 1114

Email: ni@ico.org.uk

Website: www.ico.org.uk