The General Data Protection Regulation (GDPR) imposes specific legal obligations in connection with the processing of personal data. The Data Protection Act 2018 (DPA 2018) sets out the framework for delivering data protection law and specifies how the GDPR applies in the UK.
This privacy notice provides information on how we collect and process your personal data when you use our website or are in contact with us about the accountancy services we provide (whether by telephone, email, face-to-face, or via the form on our website).
Affinitas is a data controller, and we are responsible for your personal data (hereafter referred to as "we", "us" or "our").
Our full contact details are:
Name: |
Catrina Stark |
Phone number: |
07926 548711 |
Email address: |
catrina@affinitascommunications.co.uk |
We may collect and process the following information about you:
If you do not wish us to collect any of the personal information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information, or of providing partial or incomplete information, and the effect this may have on our ability to deliver our services.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Given the nature of the services we sell, it is extremely unlikely that we will require to collect any sensitive data about you. Sensitive data is personal information that includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Where we do require to process such sensitive data to provide services to you, we will notify you in advance and will request your express consent in writing to process such sensitive data.
We do not carry out automated decision making or any type of automated profiling.
We will only use your personal data for the purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this, please email catrina@affinitascommunications.co.uk. If we need to use your details for an unrelated new purpose, we will let you know and explain the legal grounds for processing.
We intend to process your personal data for the following purposes:
Activity or purpose of processing |
Type of Data Processed |
What is our Legal Ground for doing this? |
---|---|---|
Registering you as a client or a service user |
Your identity and contact details |
|
Maintaining our relationship with you |
Your identity and contact and profile details |
|
Ensuring that content from our website is relevant to you and is presented most effectively for you including seeking your views on our products and services |
Your identity, contact, profile and technical details |
|
Processing or delivering our services including managing your contract |
Your identity, contact, financial and transaction details |
|
Payment for services |
Your identity, contact, financial and transaction details |
|
Credit verification, fraud detection, and legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) |
Your identity, financial and transaction details |
|
Administration of our website and business (including webhosting and support) |
Your identity, contact and technical data |
|
Handling customer enquiries in real-time |
Your identity, contact and technical data |
|
To make suggestions that may be of interest to you such as new, enhanced, or related services or products and advise you on service/security or technical issues that may affect you |
Your identity, contact, profile and technical data |
|
To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings |
Your identity, contact, financial and transaction data |
|
We will retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for legal or reporting purposes. Namely:
We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy notice. We may share your personal data with the parties set out below.
If the law allows or requires us to do so, we may share your personal data with:
All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties, we will take all reasonable steps to ensure that they are GDPR compliant and in particular that:-
We may collect information about your computer, including where available your I.P. address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual. Where we use third-party providers, such as Matamo or Google Analytics, although these third-party services record data such as your geographical location, device, browser and operation system none of this information identifies you to us. We do not make and do not allow these third-party services to make any attempt to find out the identities of anyone who visits our website.
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.
Besides the analytics cookies described above, this website uses essential cookies only.
We use tracking technology to understand how you interact with content in our emails. This tracking technology allows us to know if the email has been opened and if so, how many times, which links have been clicked on and whether or not you have shared our content to social media.
Our lawful ground for processing your personal data to send you marketing communications is either your consent or our legitimate interest.
Under the Privacy and Electronic Communications Regulation (PECR), we may send you marketing communications (i.e. information on services and products that we may provide) if:-
If you have opted out of marketing, we will not send you any future marketing without your consent.
Under PECR, if you are a limited company, we may send you marketing emails without your consent, but you can still opt-out of receiving such emails from us at any time.
Each time we market to you, we will always give you the right to opt-out of any future marketing but would point out that you have the right at any time to ask us not to market to you by emailing us at catrina@affinitascommunications.co.uk rather than waiting on a specific opt-out.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure or loss of or damage to your personal information, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you. These include robust procedures for dealing with breaches including incident reporting and notifying the Information Commissioner, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.
Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.
Countries outside of the EEA do not always have similar levels of protection for personal data as those inside the EEA. The law provides that transfers of personal data outside of the EEA is only permitted where that country has adequate safeguards in place for the protection of personal data. Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the EEA or may use processors who are based overseas.
Where we use cloud-based services or third-party providers of such services, and in either or both circumstances the data is processed outside of the EEA, that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to our own and in particular, one of the following permitted safeguards applies:
If none of these safeguards exists, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual, you are free to withdraw this consent at any time.
Your individual rights can be exercised in relation to the information we hold about you. These rights are:-
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact catrina@affinitascommunications.co.uk if you wish to make a request.
As outlined above, you have the right to request access to your personal data that we hold. Such requests are known as Subject Access Requests (SARs).
Any request requires to be in writing and if we do hold any personal information about you, we will:
We will respond to SARs within one month. To do so, we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex, we may take longer than 30 days but shall keep you advised as to progress should this be the case.
If you believe that any information we hold about you is incorrect or incomplete, email catrina@affinitascommunications.co.uk and the information will be corrected without delay.
We would prefer to resolve any issues or concerns you may have directly with you. If you feel you are unable to resolve matters by contacting us directly, or you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the Information Commissioner who is the statutory body that oversees data protection law in the U.K. They can be contacted through www.ico.org.uk.
We keep our privacy notice under review.
This privacy notice was last updated on 06-09-2021.