Privacy Information Notice

Dugald Macleod, Chartered Accountant

PRIVACY POLICY

Dugald Macleod, Chartered Accountant (CA) is committed to protecting the privacy of individuals whose data it processes (“you” or “your”).

1. IMPORTANT INFORMATION AND WHO WE ARE

This privacy policy aims to give you information on how Dugald Macleod CA collects and processes your personal data as a controller through you being a client of Dugald Macleod CA. In addition, it outlines your data protection rights under the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679) (the “GDPR").

Please contact Dugald Macleod CA at Tulloch Whin, Newtonairds, Dumfries DG2 0JL, or at [email protected] if you have any queries in relation to the processing of your personal data under this policy.

Dugald Macleod CA may from time to time update this policy. Please refer back to this page regularly to see any changes or updates to this policy.

2. CATEGORIES OF DATA SUBJECTS

(A) CLIENTS OF DUGALD MACLEOD CA

The following section of this policy sets out how Dugald Macleod CA may process personal data about its clients [and those that have enquired about becoming a client of Dugald Macleod CA (referred to in this section as "client")].

We may hold personal data about our clients which is provided to us by you directly, including in conversation, through our website, telephone calls and/or corresponding with us or which is provided to us by third parties. We may also process personal data about individuals that are connected with you as a client (for example your family, employees, partners or fellow Directors).

We may collect, store, and use the following categories of personal information about you: contact details [including name, title, address (business and personal), telephone number, email address, website address,] introducer, family details, date of birth, business / occupation, National Insurance number, unique taxpayer’s reference number (company, partnership, and individual), company / partnership name and number, company or partnership details (date first registered, memorandum and articles of association, names, addresses and dates of birth of directors and shareholders), sources and quantum of income, details of expenses, tax returns and tax history (including income tax, corporation tax, capital allowances, capital gains tax, inheritance tax and VAT), copies of passport, driving licences, utility bills, qualifications, insurance details, bank account details, accounting system used, mortgage application(s), details of bankruptcies / sequestrations, details of previous accountants.

Your personal data may be processed by Dugald Macleod CA or its sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

(a) to hold your personal data on our system and to contact you as necessary in accordance with Dugald Macleod CA's contractual obligations, or on the basis of our legitimate interests;

(b) to process your accounting information, which is being carried out to pursue Dugald Macleod CA's legitimate interest;

(d) to allow us to administer and manage Dugald Macleod CA which is necessary for the purpose of Dugald Macleod CA meeting its contractual obligations, to comply with applicable laws and/or to pursue the legitimate interests of Dugald Macleod CA and its clients;

(e) to allow us to process payments in connection with your contract with Dugald Macleod CA which is necessary for the purpose of Dugald Macleod CA meeting its contractual obligations and to pursue its legitimate interests;

(f) to update and maintain records of Dugald Macleod CA's clients to pursue its legitimate interests;

(g) to carry out actions in an attempt to detect, prevent, investigate and/or prosecute fraud and crime, which Dugald Macleod CA considers necessary for compliance with its legal obligations, for the performance of a task being carried out in the public interest and/or to pursue the legitimate interests Dugald Macleod CA and/or its clients;

(h) to prepare tax related information in order to report to tax authorities in compliance with a legal obligation to which Dugald Macleod CA is subject;

(i) to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes; and

(j) such other actions as are necessary to manage the activities and/or to comply with the legal and/or regulatory requirements of Dugald Macleod CA, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes, and enforcing or defending the rights and/or interests of Dugald Macleod CA, in order to comply with Dugald Macleod CA's legal obligations and/or to pursue the legitimate interests of Dugald Macleod CA and/or its clients.

Where such processing is being carried out on the basis that it is necessary to pursue the legitimate interests of Dugald Macleod CA or a third party, such legitimate interests are not overridden by your interests, fundamental rights or freedoms. Such processing may include the use of your personal data for the purposes of sending you electronic marketing communication, in relation to which you can at any time subscribe by following the instructions contained in each marketing communication.

Dugald Macleod CA does not anticipate being required to obtain your consent for the processing of your personal data as listed above. If Dugald Macleod CA wishes to use your personal data for other purposes which do require your consent, Dugald Macleod CA will contact you to request this.

If we consider it necessary to obtain your consent in relation to the use your personal data, we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We do not envisage that we will process information about criminal convictions or special categories of personal data about you.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

(B) VISITORS TO OUR WEBSITE

The following section of this policy sets out how Dugald Macleod CA may process personal data (as a controller) about visitors to its website.

We may collect, use, store and transfer different kinds of personal data about you which you provide to us though our website: name, date of birth, address, email address, telephone numbers, technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, usage data including information about how you use our website, products and services, [and marketing and communications preferences (including your preferences in receiving marketing from us and your communication preferences)].

We do not collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We use different methods to collect data from and about you including through:

direct interactions with you, including by filling in forms. This includes personal data you provide when you subscribe to our publications and/or request marketing to be sent to you.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. [We may also receive technical data about you if you visit other websites employing our cookies.]
[Technical data from the following parties:

(a) analytics providers [such as Google based outside the EU];

(b) advertising networks [based inside or outside the EU]; and

We will use your personal data in the following circumstances: where it is necessary for our legitimate interests, or those of a third party (including in relation to the sending of electronic marketing communications) and where your interests and fundamental rights are not overridden by those interests, or where we need to comply with a legal or regulatory obligation.

Your personal data may be processed by Dugald Macleod CA or its sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

(a) to use data analytics to improve our website, marketing, customer experiences on the basis of our legitimate interests;

(a) to comply with legal or regulatory requirements;

(b) to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes; and

(c) such other actions as are necessary to manage the activities of the Dugald Macleod CA, including by processing instructions, and enforcing or defending the rights and/or interests of Dugald Macleod CA, in order to comply with its legal and/or regulatory obligations and/or to pursue its legitimate interests.

Where the Website provides links to other websites, Dugald Macleod CA is not responsible for the data protection/privacy/cookie usage policies of such other websites, and you should check these policies on such other websites if you have any concerns about them. If you use one of these links to leave our website, you should note that we do not have any control over that other website.

Cookies: A cookie is a small file which asks permission to be placed on your computer. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website by tailoring it to the needs of users. We only use this information for statistical analysis purposes.

Overall, cookies help us provide a better website by enabling us to monitor which pages users find useful and which they don’t. A cookie does not give us access to a user’s computer or any information about them, other than the data they choose to share with us.

The browsers of most computers, smartphones and other web–enabled devices are usually set up to accept cookies. If your browser preferences allow it, you can configure your browser to accept all cookies, reject all cookies, or notify you when cookies are set. Each browser is different, so check the “Help” menu of your browser to learn about how to change your cookie preferences.

However, please remember that cookies are often used to enable and improve certain functions on our website. [If you choose to switch certain cookies off, it will affect how our website works and you may not be able to access all or parts of our website.]

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

You can find more information about the individual cookies that we use and the purposes for which we use them below:

Essential Website / Session Cookies - These are strictly necessary cookies that
enable our site to function as intended.

Analytical / Performance Cookies - These enable to monitor the
performance of our site (page loading speeds, etc) to ensure that everything is
functioning correctly.

Functionality Cookies - These enable our clients to be recognised when they
return to our site to improve their user experience for example, if they have a user
account with us, they may remember their details so they can log in faster.

For further details on cookies (including how to turn them off) can be found at www.allaboutcookies.org.

(C) BUSINESS CONTACTS

The following section of this policy sets out how Dugald Macleod CA may process personal data (as a controller) about its business contacts and (current, previous and/or potential) service providers (and employees of service providers) and data subjects that have provided a business card to, or have corresponded with Dugald Macleod CA.

We may collect, use, store and transfer different kinds of personal data about you which you provide to us including: name, date of birth, address, email address, telephone numbers, place of work, and business.

[We do not collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.]

We will use your personal data in the following circumstances: where it is necessary for our legitimate interests, or those of a third party and where your interests and fundamental rights are not overridden or where we need to comply with a legal or regulatory obligation.

Your personal data may be processed by Dugald Macleod CA or its sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

(a) to hold your personal data on our system and to contact you on the basis of the legitimate interests of Dugald Macleod CA and/or third parties;

(b) in respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided;

(d) to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes; and

(e) such other actions as are necessary to manage the activities of Dugald Macleod CA, including by processing instructions and enforcing or defending the rights or interests of Dugald Macleod CA and/or third parties, in order to comply with their legal obligations and/or to pursue their legitimate interests.

If we consider it necessary to obtain your consent in relation to the use your personal data, we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at Tulloch Whin, Newtonairds, Dumfries DG2 0JL or [email protected] Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Where such processing is being carried out on the basis that it is necessary to pursue the legitimate interests of Dugald Macleod CA or a third party, such legitimate interests do not override your interests, fundamental rights or freedoms.

1. DISCLOSURES OF YOUR PERSONAL DATA

We will not disclose personal information we hold about you to any third party except as set out below.

To Her/His Majesty’s Revenue and Customs (HMRC) as is necessary to carry out our duties as accountants and tax processors.

We may disclose your personal data to third parties who are providing services to us, including IT service providers, event management, PR and marketing service providers, background and/or credit reference services, travel agents, printers, telephone service providers, document storage providers, backup and disaster recovery service providers.

We may also disclose personal data we hold to third parties:

(a) in the event that we sell any business or assets, in which case we may disclose personal data we hold about you to the prospective and actual buyer of such business or assets; and/or

(b) if we are permitted by law to disclose your personal data to that third party or are under a legal obligation to disclose your personal data to that third party.

2. INTERNATIONAL TRANSFERS

Whenever your personal data is transferred out of the Eurpoean Economic Area (EEA) by us, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the EEA.

3. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

4. YOUR LEGAL RIGHTS

In certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

• Request the transfer of your personal information to another party.

• Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at Tulloch Whin, Newtonairds, Dumfries DG2 0JL or [email protected] Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of the rights set out above, please contact Dugald Macleod CA in writing.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal data has been handled, please contact Dugald Macleod CA at Tulloch Whin, Newtonairds, Dumfries DG2 0JL or [email protected]