This policy covers all data that is shared by a visitor with us whether directly via www.richardsexton.co.uk or via email. This policy has been created by the internet marketing experts at Surge Digital on our behalf, and is occasionally updated by us so we suggest you re-review from time to time.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.
Certain businesses are required under the data protection act to have a data controller. For the purpose of the Data Protection Act 1998 our data controller can be contacted via email at email@example.com.
Richard Sexton & Co will hold personal information for clients that is relevant to past or future financial implications. Data protection law states that we are permitted to use personal information only if we have proper reason to do so. This personal information will never be shared with a third party unless we have clear consent from our client to do so. The third parties that we would share information with could be banks, mortgage lenders, legal representatives and HMRC. The only instance Richard Sexton & Co would act without permission of the client is if the information is requested by a legal body such as the Courts or the Police.
The information that Richard Sexton & Co will hold will include;
|Information held||Reasons to hold it||Plans to do with it|
|Address, date of birth and other forms of contact information for client||For contacting the client through letters, telephone or email. To talk to HMRC on clients’ behalf this information is needed. Date of birth needed for various age-related tax reliefs or liabilities such as National Insurance or for pension contributions due through PAYE.||Information stays on paper file in the cabinets at the office and on our payroll and tax software on password protected computers or in the client files on the server. This information is only shared with other employees at Richard Sexton & Co where necessary and third parties as stated above.|
|Identification numbers such as UTR, National Insurance numbers, Passport numbers, photographic evidence such as Driver’s License, letter with address present||Information is needed for tax returns, PAYE, acting on our clients’ behalf when in contact with HMRC. Money Laundering Regulations state we must obtain this information from all clients||Stays on our payroll and tax software on password protected computers or in the client files on the server or on paper files in cabinets at the office. This information is only shared with other RS & Co employees where necessary. Information will be shared with HMRC when we need to have direct dialogue regarding a client’s affairs.|
|Email correspondence and attachments received from the client||Saved on the email server to maintain a thread of conversation. Attachments saved for accounts or tax return purposes.||Stays on the email server. Emails will only be forwarded to private email accounts or to other email addresses in order to fulfil your request and we will delete it in accordance with our data retention policies.|
|Bank information||For the Tax Return when the client is due a refund. For cloud accounting purposes.||Stays on paper files in the cabinets and on our tax software on the password protected computer. This information is only shared with other employees at Richard Sexton & Co where necessary. Information is held within the cloud software a client subscribes to, this cloud software is password protected and has bank level security within the system.|
|PAYE information of payroll clients and their employees||Saved before issuing to client so we have a log of what was sent and when. Saved before sending to HMRC as part of RTI to ensure we know what was submitted. Saved before sending upload to relevant pension provider so we know what was submitted.||Stays on the company server that is only accessible by logging onto a password protected computer. This information is only shared with other employees at Richard Sexton & Co where necessary These will be sent to clients via a secure portal provided by IRIS located on Richard Sexton & Co website. Payslips will be provided to HMRC in line with RTI. Pension schedules will be uploaded to the relevant pension provider. Information is held within the third party cloud software a client subscribes to, this cloud software is password protected and has bank level security within the system.|
|Tax Returns and tax calculations||We are legally bound by HMRC to retain information for six years after the year end for accounts purposes and two years for tax only clients.||This is held on our company server and on the client file. After six years this information will be removed and deleted unless information relates to assets held or ongoing tax planning work. This information is only shared with other employees at Richard Sexton & Co where necessary. Information will be submitted to HMRC via online HMRC account which is password protected|
|Accounts and company accounts||We are legally bound by HMRC to retain information for six years after the year end for accounts purposes and two years for tax only clients.||This is held on our company server and on the client file. After six years this information will be removed and deleted unless information relates to assets held or ongoing tax planning work. This information may be shared with other RS & Co employees where necessary. Information will be shared with HMRC and Companies House as part of regular filing procedures. Information also may be provided to mortgage lenders, legal advisors or other professional advisors if requested by the client. Information is held within third party cloud software a client subscribes to. This cloud software is password protected and has bank level security within the system.|
Richard Sexton & Co may also use alternative methods to retrieve data on our clients, this can be done by accessing the clients Personal Tax Account. This will be only done if the client has given clear consent for us to do so. HMRC retrieve data can also be accessed by Richard Sexton & Co, this draws down information that HMRC hold on our client that we have the authority (provided by the client) to access.
Richard Sexton & Co ensure the security of the personal information being held by having information stored on office computers that are password protected. Richard Sexton & Co have virus and firewalls in place, installed by Rio IT Limited. This security is regularly reviewed by Rio and updated as and when is deemed necessary to keep Richard Sexton & Co security at the highest possible level. Physical security at Richard Sexton & Co is in line with professional workplace standards. A portal is in place located on the website of Richard Sexton & Co, this will be used in place of emails to send and receive sensitive information or attachments.
Richard Sexton & Co will never contact you for marketing purposes or sell on any part of your personal information to any third party companies. Richard Sexton & Co will also never inform other clients of personal information that is not of their own. This information is held and treated with the strictest confidentiality. If a data breach does occur that affects the rights or freedoms of a client Richard Sexton & Co are legally bound by 2018 General Data Protection Regulation (GDPR) to inform the client within 72 hours. This will involve Richard Sexton & Co stating what information has been breached and the effects of it being lost.
We welcome any queries, comments or requests you may have regarding this policy please do not hesitate to contact us at firstname.lastname@example.org
If you would prefer to write to us then our contact address is Richard Sexton & Co, St Margarets, 3 Manor Road, Colchester Essex CO3 3LU