- Our details are as follows:
- Data controller: Tempest Forensic Accounting UK LLP, 5th Floor Royal London Buildings, 42-46 Baldwin Street, Bristol BS1 1PN.
- ICO registration number: Z3640234
- This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.
- Please take the time to read this Policy, which contains important information about the way in which we process personal data.
- For the purposes of this Policy, “European Data Protection Legislation” is defined as, for the periods in which they are in force, the European Data Protection Directive 95/46/EC, all laws giving effect or purporting to give effect to the European Data Protection Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same apply) and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”) or any equivalent legislation amending, supplementing or replacing the GDPR.
Information we may collect about you
- We may collect and process information about you and your personnel through various means, including:
- in the course of carrying out work for you (or your business); As noted above, we will almost always act as a data controller in this capacity but there might be very limited circumstances in which we will act as a data processor. Where we are acting as a data processor, we will separately let you know and ensure that appropriate contract terms are in place
- via our website (e.g. on our ‘Contact Us’ page)
- by email or other electronic correspondence (including through the technical monitoring tools and other tracking technologies which we use for purely administrative / technical reasons in respect of emails, to check our emails are sent to the intended recipients and are read / engaged with in the way we want)
- by telephone
- networking (e.g. conferences, client events and/or other meetings or events either hosted or attended by us)
- through the extranet or other document storage, management or review sites or platforms that we make available in the context of the services we provide
- otherwise through providing our forensic accounting services or operating our business, such as invoices and receipts; accounts, VAT and tax returns, insurance policies and related documents
- in relation to our sub-contractor and consultant agreements
- The personal data you give to us may include:
- your name and title
- contact information, including telephone number, postal address and email address
- information relating to your location, preferences and / or interests
- employment and job application details, e.g. date of birth, employment history, qualifications
- photographic and other identification documentation
- in certain circumstances, your and others’ signature(s), National Insurance number(s), financial details such as bank account details and details of any relevant sanctions or similar restrictions
- in certain circumstances, data relating to health (including disabilities), ethnicity, race, religious beliefs, trade union membership and other ‘special category personal data’
- the content of any enquiry submitted over our website
- in relation to our consultants and sub-contractors, hourly rates and bank details
- any other personal data we collect (such as the client reference number which may be assigned to you) in the context of our work for our clients or in the course of operating our business.
- Each time you visit our website, we may automatically collect the following information:
- Web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
- Location, device and demographic information (Google Analytics provides age range and gender information. Find out more about how Google collects demographic data).
- We may ask you for information when you report a problem with our website.
- If you contact us, we may keep a record of that correspondence.
- The personal data described above may relate to any of the following categories of person:
- our clients and clients’ personnel
- third parties with whom we have contact by virtue of providing forensic accounting services (e.g. third party payers of invoices, counterparties on a client’s matter and users of, or other individuals identified on, the extranet or other document storage, management or review sites or platforms that we make available in the context of the services we provide)
- our contacts at our referrers, professional advisors or others with whom we work in the context of our forensic accounting services
- our prospective target clients
- our sub-contractors, consultants and suppliers
- those who submit enquiries through our website or whose details are otherwise entered into our client relationship management system
How we will use your information
- We may use your information for the following purposes:
- to respond to any query that you may submit to us
- to manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purpose
- to complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Terms of Business (including any associated administration)
- to carry out any relevant conflict checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)
- to verify your identity using electronic verification. Any personal data received from you for the specific purpose of proving your identity will be processed only for the purposes of preventing money laundering or terrorist financing (as detailed above), unless any additional use is permitted by law or you consent to us using it for a different purpose
- to send you or email or post any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable European Data Protection Legislation
- to ensure that our website’s content is presented in the most effective manner for you and your device
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses
- to ensure we appropriately administer any attendance / visits to our offices
- to comply with any other professional, legal and regulatory obligations which apply to us or policies or procedures that we have in place (including procedures by which we use software tools to review and access information stored on our system in order to assess, verify or otherwise process the personal data we hold)
- as we feel is necessary to prevent illegal activity or to protect our interests.
Legal grounds for processing your information
- We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
a) Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any other professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract – we would not be able to act for you without this personal data.
b) Compliance with a legal obligation to which we are subject.
c) We have a legitimate interest in doing so as a legal services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients, as an expert witness to analyse documents containing this information in order to provide our expert advice, administering visits to our offices and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
d) Where processing of ‘special category data’ is necessary in the context of the establishment, exercise or defence of legal claims, or where another legal ground other than explicit consent is available to us under European Data Protection Legislation
e) in certain circumstances, such as those described in paragraph 4.1(e) above or where we need to process ‘special category data’ in the context of our legal work but outside the scope of paragraph 14 d) above, where we have obtained your express/explicit consent to do so. As we will explain at the time we collect your consent, you may withdraw it at any time in accordance with the information we provide to you at that time.
Sharing your information
- We may share your details with carefully selected third parties. These may include service providers, support services and organisations that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and/or our clients in the course of business.
- If we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the European Data Protection Legislation.
- We may disclose your information to third parties when:
- you specifically request this or it is necessary to provide our services to you (e.g. when we need to instruct advisers to provide advice which you have requested)
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- The third parties include:
- our bank
- our insurers
- our accountants
- other professional advisors or third parties with whom we engage as part of our work for our clients or who our clients separately engage in the same context
- our regulator, the Institute of Chartered Accountants in England & Wales
- our data processors providing email security, data governance, archiving and other IT and business support services
- our email marketing platform provider and our website platform provider
- analytics and search engine providers that assist us in the improvement and optimisation of our website
- any third party you ask us to share your data with.
- Our website may, from time to time, contain links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.
Storage and retention of your personal data
- We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on our website will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
- We will keep your information stored on our systems for as long as it takes to provide the services to you and in accordance with our Terms of Business. Personal data in legal cases is retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed on the conclusion of the case. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research, preventing conflicts of interests or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and only used for those purposes.
- Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.
- Any contact details stored on our client relationship management database will be removed from our mailing lists if they do not interact with our emails (i.e. open emails or click on links within them) for a certain period following which they will be moved to an archive folder before being deleted permanently.
- The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
- We will, subject to paragraph 22, not store your information for longer than is reasonably necessary or required by law.
Sending your information outside of the EEA
- If we need to share your personal data with a recipient outside the European Economic Area (“EEA”) (e.g. a professional advisor or third party engaged by us or you as part of our work under an engagement letter) we will ensure we do so in compliance with European Data Protection Legislation, including where applicable by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. If these transfers affect you, you may contact us to obtain more precise information and a copy of relevant documentation.
- Our people may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
Withdrawal of consent
- Where we process your personal data we do so on the basis that you have provided your consent for us to do so for the purposes set out in this Policy when you submitted your personal data to us. You may withdraw your consent to this processing at any time by contacting us firstname.lastname@example.org or via the web form on our contact-us page
- If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.
Your information rights
- You have a number of legal rights in relation to the personal information that we hold about you and you can exercise your rights by contacting us using the details set out below.
- These rights include:
- Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information. In particular, information that is subject to legal professional privilege will not be disclosed other than to our client and as authorised by our client.
- Requesting that we correct your personal information if it is inaccurate or incomplete.
- Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
- Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
- In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit those information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.
- Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
- Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us. We can, on request, tell you which data protection authority is relevant to the processing of your personal information.
- You can access the personal information we hold on you by writing to us at: using the contact details at the end of this policy.
- We will ask you to provide proof of identity before we show you your personal information – this is so we can prevent unauthorised access.
- If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
- You also have the right to make a complaint to the Information Commissioner’s Office. For more details please visit the ICO website.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us. You can do this by writing to the firm’s Data Protection Lead, Caroline Stephens at email@example.com.
Questions, comments and requests regarding this Policy should be addressed to our Data Protection Lead:
Name: Caroline Stephens
Address: 5th Floor Royal London Buildings, 42-46 Baldwin Street, Bristol BS1 1PN
Email address: firstname.lastname@example.org
Telephone number: +44 (0) 117 379 0254
Alternatively, you can contact us through the contact-us section of our website.