Privacy, Data Protection & Cookies Policy

Privacy Policy

What is this document and who is it for?

This document is intended to provide you with important information about how we process your personal data. This includes details of what personal data we hold, how we store it, what we do with it, why we hold it and how long we hold it for.

The contents of this document apply to both clients and prospective clients of Humphrey & Crockett Ltd.

The below ‘summary information’ section provides some general summary information about what we do with your personal data. Full details can be found in the table at the end of this notice.

Summary information

In order to provide you with services Humphrey & Crockett Ltd must hold and process personal data. We use this information to; conduct Customer Due Diligence (CDD) checks we are obliged to conduct under law; meet our obligations detailed under our terms; and, provide you with any additional services we may agree with you to provide.

We may hold your personal data on cloud-based accountancy software, our emails systems, as spreadsheets stored locally on our computers via internal servers with protection firewalls

Data Protection Policy

You should read this privacy notice in connection with Humphrey & Crockett Ltd’s data protection policy.

Data controller’s and data protection officer’s details

Data Controller: Humphrey & Crockett Ltd

Data Protection Officer: Paul Humphrey

How to contact us with any questions

If you would like to contact us, please use the below methods. Please note that our office closes on weekends and English bank holidays. We normally close the office over the Christmas period, including some normal working days, please contact us for more information. If your contact relates to exercising your rights under data protection legislation it will help us if you make your communication in writing (either post or email).

Email: paul@humphreyandcrockett.co.uk

Telephone: 01264 310493

Post: Unit 11, Focus 303 Business Centre, Andover, SP10 5NY

Your rights

Under data protection legislation you have eight main rights relating to your personal data:

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights related to automated decision making including profiling

If at any time you would like to exercise one of your rights under data protection legislation, please contact us. We recommend that you consult our data protection policy before contacting us.

If you would like to make a complaint about the Association’s handling of personal data and how we have met our obligations under data protection legislation you can contact the Information Commissioner’s Office (http://www.ico.org.uk/). Though we would always encourage you to contact us in the first instance so that we can attempt to resolve your complaint.

Personal data we process for clients

Personal Data Name and contact info, appliance details and appliance history

Lawful Basis for Processing Contract. Legal Obligation under Regulation 27-29 of the MLR 2017

How/Where is the Data Stored? Cloud based accounting software, Email systems, Files stored locally on computers, Physical printouts

Who has Access? Any employees of Humphrey & Crockett Ltd

How Long the Data is Stored?Data held for 7 years in line with our regulatory requirements

Is the data transferred to a third country? (Name of Country) No

Details of safeguards in place (if transferred to a third country) N/A


Data Protection Policy

Purpose

Humphrey & Crockett Ltd takes its responsibilities under data protection legislation extremely seriously. Breach of our data protection responsibilities can result in significant financial and reputational damage. We therefore endeavour to implement practices which ensure that we are constantly upholding our responsibilities under data protection legislation and allow us to meet our clients’ expectations in terms of privacy.

Data Protection Act 2018

The primary legislation in the United Kingdom governing data protection is the Data Protection Act 2018. The legislation covers personal data. Personal data means any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.

The six principles established under this legislation, require personal data to be:

1. Processed lawfully, fairly and in a transparent manner in relation to individuals

2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest shall not be considered to be incompatible with the initial purposes

3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of individuals; and

6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Privacy Notices (Right to be Informed)

We maintain a privacy notice which all clients have been provided a copy of. This notice details important information relating to why and how data is processed. In particular our privacy notice contains details of; the identity and contact details of the controller and the data protection officer; what data is being collected; why the data is being processed and the lawful bases for the processing; who has access to the data; where the data will be stored; who the data will be transferred to, including details of any third country and applicable safeguards.

Access Requests (Right of Access)

All individuals have a right to obtain; confirmation that their data is being processed; access to their personal data; and, other supplementary information (which can largely be found in the applicable privacy notice(s)). Any individual wishing to obtain any of these should contact us using details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this document.

All access requests will be completed free of charge, unless the request is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and details of costs associated with fulfilling the request. The fee charged will be based upon; administration time costs; postage costs; printing costs; and, any other delivery cost.

In exceptional circumstances we may refuse an access request. An access request will only be refused if it is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and a statement that the request cannot be processed.

Inaccurate or Incorrect Data (Right to Rectification)

Humphrey & Crockett Ltd aims to ensure that all data it holds is accurate and correct. However, from time to time, this aim may not be met. All individuals have a right for inaccurate or incorrect data to be corrected or rectified. Any individual wishing to have their data corrected should contact us using details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this policy.

Where data has been transferred to a third party and subsequently it has been rectified, we will notify the third party without delay of the rectification.

In some instances, we may not take action to a right to rectification request (for example, if it is believed that the request has malicious intent or is inaccurate). If no action is to be taken, a written explanation will be provided to the individual who made the request.

Request to Delete Data (Right to Erasure)

Humphrey & Crockett Ltd aims to retain data for only as long as it is needed. However, from time to time, this aim may not be met, or a valid reason as to why the data no longer needs to be retained maybe presented which had not been considered by us. All individuals have a right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Any individual wishing to have their data erased should contact Humphrey & Crockett Ltd using details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this policy.

In limited circumstances we will not be able to comply with a request to delete or remove data. This will normally be because the data is being used to; comply with a legal obligation for the performance of a public interest task or in exercising official authority; or, to exercise or defend legal claims. If no action is to be taken, a written explanation will be provided to the individual who made the request.

Request to Suppress Processing of Data (Right to Restrict Processing)

Restricting processing means Humphrey & Crockett Ltd will continue to store the personal data, but will not ‘use’ the data or transfer it to third parties.

We will restrict processing; if you contest the accuracy of the personal data we hold, the restriction will apply until such a time as we have verified the accuracy of the data; if you have objected to the processing and we are considering if we have legitimate grounds not to act on your objection; if the processing we are conducting is found to be unlawful, but you oppose erasure; if we no longer require the data, but you require the data to establish, exercise or defend a legal claim. Any individual wishing to restrict processing of personal data should contact the Association using details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this policy.

If data has been passed to third parties, we will inform them of any restriction to processing as soon as possible.

We may have to retain certain personal data, either for a defined period of time or indefinitely, to ensure that a restriction on processing is enforced. This will always be explained in writing to the relevant individual.

Reusing Personal Data (Right to Data Portability)

Personal data can, on the request of the individual, be transmitted to other organisations, or, provided to the individual in a format which they can reuse. All individuals have a right to obtain and reuse their personal data across different services. Any individual wishing to reuse their personal data should contact Humphrey & Crockett Ltd using details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this policy.

Before providing data, we will take reasonable steps to ensure that the individual making the request has a right to the data they are asking for. This may include providing a copy of government issued ID.

Data provided as part of the right to data portability will always be provided in a structured, commonly used and machine-readable format, normally a CSV file.

Humphrey & Crockett Ltd welcomes information which clients have transferred from other organisations. All reasonable measures will be taken to facilitate the right to data portability.

In some cases, where the request is complex, or we have received a number of requests, we may require an additional two months to comply with a request to be processed. If this is the case a written explanation will always be provided to the individual concerned within one month of receiving a request.

Objections to Data Processing (Right to Object)

If Humphrey & Crockett Ltd is processing data based on legitimate interests, for direct marketing or for statistical purposes individuals have the right to object. To object the individual must have grounds relating to your situation.

If the objection relates to Humphrey & Crockett Ltd using an individual’s personal data for direct marketing purposes, then we will cease to process the data immediately.

Any objections should be made using the details provided in the ‘Contacting Humphrey & Crockett Ltd Regarding this Policy’ section of this document.

Training and Communication

A copy of this policy is given to all employees, contractors, apprentices, trainees and other official agents of Humphrey & Crockett Ltd. In some cases, as an additional control, some employees, contractors, apprentices, trainees and other official agents may be required to sign a copy of this policy.

All employees, contractors, apprentices, trainees and other official agents will be given training on this policy before being given access to personal data or being involved in a role related to the processing of personal data. All contractors, apprentices, trainees and other official agents will receive regular training on this policy. This will be documented in a CPD log.

Enforcement

Significant breaches of this policy can result in disciplinary action.

Responsibilities

Ultimate responsibility for this policy rests with the directors of Humphrey & Crockett Ltd

Monitoring and Review

This policy is kept under constant review to ensure its suitability, adequacy and effectiveness. Any improvements identified will be made as soon as possible.

Comments from employees, contractors, officials, clients and regulators are welcome and will be taken into consideration.

Contacting Humphrey & Crockett Ltd Regarding this Policy

If you need to contact Humphrey & Crockett Ltd regarding this policy please email: paul@humphreyandcrockett.co.uk

Alternatively you can write to Humphrey & Crockett Ltd’s registered office.


Cookie Policy

A cookie is a small text file which is transferred on to your computer, smartphone or tablet via your web browser. Cookies may be temporary (or “session”) cookies, which are only in use while you visit a website and are deleted when you close your browser, or permanent cookies, which stay on your device’s permanent storage after you leave a website until you delete them manually or your browser deletes them after a period of time.

Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

Cookies Use – We allow certain third parties (such as Google and other platforms) to use analytical and temporary tracking cookies on our website to compile aggregate information about the areas of our website that are visited most frequently and to track our own advertising. This information is used to enhance the content of our website, make your use of the website easier and to aid us in, and inform us of, the success of our own advertising elsewhere on the internet. We regard these cookies as minimally intrusive in terms of privacy.

Most web browser settings are set for you to accept both our own cookies and third party cookies. However, you are able to adjust those settings to manage which cookies you accept or reject. You may also use these settings to manually delete all cookies currently stored on your computer at any point. Doing so however will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites. We recommend that, for the highest functionality of our website, you accept both our own cookies and third party cookies, however if you wish to reject our own cookies you can configure your browser to do so.

Social Buttons – In order to implement the Social Media Buttons including Twitter, Facebook and Google+, and connect them to the relevant social networks and external sites, there are scripts running on our site from domains outside our control. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on our site. If you click on any of these buttons, these sites will be registering that action and may use that information. Please check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.