Abbiss Cadres LLP ("Firm", "We") are committed to the protection of your personal data. This document sets out key information relating to what we do with your data and what we use it for. It is addressed to our clients, potential clients, visitors to our website and those people outside the firm that subscribe for our communications or who seek further information about our services or who communicate with us.
We deal with your personal data in accordance with UK data protection laws and the General Data Protection Regulations "GDPR" (together the "Data Protection Legislation"). This document is drafted in compliance with the Data Protection Legislation and may be updated from time to time in accordance to changes in UK law.
We are a "data controller" in relation to your personal data. Our contact details are: Abbiss Cadres LLP, 11 Ironmonger Lane, London, EC2V 8EY. Telephone: +44 (0) 203 051 5711. Abbiss Cadres LLP is a limited liability partnership registered in England and Wales with number OC339497.
Types of personal data we may collect about you
The following is a list of personal data we may collect about you
"Identity Data and Biographical Data" including first name, maiden name, last name, marital status, title, date and place of birth, nationality, gender, tax status, passport / national identity card details and country of domicile, your employment (including applicable terms and policies) and employment history, job title and roles, earnings (particularly where we provide tax/social security advisory or compliance services to you), work performance, education, interests and other information relevant to our interaction with you or provision of professional services to you.
"Contact Data" includes billing address, delivery address, email address and telephone numbers.
"Financial Data" includes bank account details and date relating to your financial status and for fraud prevention purposes.
"Transaction Data" includes details about payments from you and other details of matters on which you have instructed us and/or products and services you have purchased from us as well as information gleaned from meetings with you, including your aims if you are seeking professional services from the Firm.
"Technical Data" includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
"Usage Data" includes information about how you use our website, products and services.
"Marketing and Communications Data" includes your preferences in receiving marketing from us and your communication preferences and your feedback and survey responses obtained through professional and/or social interaction.
How we collect your personal information
We collect data from and about you in various ways including from:
Direct interactions. You may give us information about your identity, contact and job data by giving us business cards in hard or electronic copy, by filling in forms (including electronic forms on our website) or by communicating with us by telephone, email, post, or otherwise, or briefing us when you meet with us in person or otherwise interact with our systems. This includes personal data you provide when you:
- meet with us or attend at business events organised by us or by third parties;
- enquire about the services we provide;
- instruct us to provide you with services;
- subscribe to our publications;
- work with us; or
- request information about the Firm to be sent to you.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also collect data relating to you if you use other systems belonging to or operated by the firm.
From third parties or publicly available sources. Information about you may also be supplied to us by your organisation or your agents, advisers or other intermediaries or persons acting on your behalf, or by other clients of ours. We may also receive personal data about you from various third parties and public sources as set out below:
- Technical Data from analytics providers (such as Google).
- Identity and Biographical Data, Contact and Financial Data from publicly availably sources such as the Electoral Register, the London Stock Exchange and other public stock exchanges, Companies House (a UK government agency), organisation websites and industry directories, and via providers of other UK and international publicly available data sources including OpenCorporates (Chrinon Ltd), C6-Intelligence (C6 Intelligence Information Systems Limited) and Creditsafe (Creditsafe Business Solutions Limited) which also access public resources such as sanctions lists, watch lists, data from law enforcement agencies and other public sources. Creditsafe also accesses customer payment data which is not necessarily public.
How we use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where you have consented to such use;
- Where we need to perform a contract we have entered into with you, or to take steps at your request before entering into a contract with you;
- Where we need to comply with a legal obligation that the Firm is subject to;
- Where it is necessary for our legitimate interests pursued by us or any third party and your interests and fundamental rights do not override those interests; or
- Where you have consented to the processing in question.
We may also use your personal information in the following situations, which are considered unlikely to arise:
- Where we need to protect your vital interests (or someone else's interests); or
- Where it is needed in the public interest or in the exercise of an official authority vested in the Firm.
We set out below the purposes for which we may use your personal data as well as identifying the legal basis. How we use personal data will vary as between clients, their representatives, business contacts, intermediaries and potential clients or other individuals whose personal data we necessarily process as part of our provision of professional services or the operation of our business:
- For preparing and communicating to you or your organisation a proposal in relation to services we may offer and the terms of such provision.
- For completing the client engagement process (including the carrying out of "know your client" checks).
- For providing professional or other services to you and for carrying out your instructions to the Firm.
- For managing our relationship with you, including for invoicing and credit control, for financial record-keeping purposes and more generally for the proper operation of our Firm including the analysis of our financial/commercial performance, and for dealing with any feedback or complaints you may have in relation to the provision of our services or the activities of the Firm.
- For training our staff and monitoring and managing the delivery of our services.
- For administering and protecting our staff and ex-staff, our business, and its website, premises, visitors, and systems (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and our communications.
- For the purposes of seeking our own legal or regulatory advice or to prosecute or defend any claims or potential claims which may come to our attention.
- Compliance with our legal and regulatory obligations, such as anti-money laundering laws, data protection laws, and tax reporting requirements, and to comply with Court orders.
- For using data analytics to improve our website, products/services, marketing, client relationships and experiences.
- For communicating with you to make suggestions and recommendations to you about services that may be of interest to you.
How we use sensitive personal information
The provision of our services to you or the operation of a contract with you may also require us to process special categories of personal data (including data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health and sexual life) and / or data relating to criminal convictions and offences. Such special category data is subject to additional protection. We may only process such personal data with your explicit consent or the processing is necessary for the establishment, exercise or defence of legal claims, or for reasons of substantial public interest or where you have made such data public or where processing is necessary for the purposes of carrying out the obligations and exercising specific rights we or you may have in the field of employment and social security and social protection law.
In addition to our own staff we may share your data with third parties who process your data on our behalf, when required by law to do so, where it is necessary to administer the commercial relationship with you or where we have another legitimate interest in doing so.
We currently share personal data with the following categories of third party:
- Providers of tax and payroll software and administration services (where we offer tax or social security or payroll advisory or compliance services);
- Providers of the Firm’s financial administration software;
- Providers of the Firm’s data storage and database services;
- Providers of marketing platforms for the mailing of electronic communications to you and the storage of relevant marketing information including your preferences for mailing content;
- IT Consultants;
- Marketing and business development consultants; and
- Our own legal and professional and financial management services providers and insurers, where appropriate.
We are required to ensure that all such third parties are obliged to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
To ensure that your personal information receives an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects Data Protection Legislation.
We may also share your data with other third parties who do not process your data on our behalf.
- Parties we engage to assist in providing services to you, such as lawyers (including barristers), other professional services firms, translators and / or couriers;
- Intermediaries and service providers whom we may introduce to you;
- Potential purchasers and their advisers in the event of the potential or actual sale or purchase of all or part of our business or assets, subject to all applicable confidentiality obligations; and
- Courts and other competent authorities (including regulatory authorities) in connection with legal action and the proper provision and administration of our services.
Rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Object to our use of your personal data based on our or a third party’s legitimate interests on grounds relating to your particular situation.
- Withdraw your consent for us to process your data where that processing is based on that consent.
- Complain to the Information Commissioner's Office if you consider that we are not processing your data in accordance with the Data Protection Legislation.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us on firstname.lastname@example.org or by post to Privacy Partner at our address as stated above.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
The provision of our services to you may require us to transfer personal data outside the European Economic Area to a jurisdiction which may have inferior levels of data protection. We will ensure that any such transfer has appropriate safeguards to meet the requirements of the Data Protection Legislation.
Where you provide us with us with personal data that we use for marketing or business development purposes we may process the data on third party providers’ platforms which may be located outside of the European Economic Area (“EEA”). Where we do so, or where we otherwise process your data outside of the EEA, we can confirm that there are adequate safeguards and protections in place to ensure compliance with the Data Protection Legislation. Please contact email@example.com for a list of these third parties and information on their compliance measures that satisfy the relevant Data Protection Legislation.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties acting on our behalf who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In many cases this will mean that we shall retain your personal data for the same period as we retain your files or a copy of your files. If you are a client of the Firm then we will usually retain our file of the matter (which may include personal data) for 16 years.
Data protection responsibility
If you have any questions about this privacy notice or how we handle your personal information, please contact us at firstname.lastname@example.org, on +44 (0) 203 051 5711 or by post to Privacy Partner at our address as stated above.
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.