Privacy Statement – Mark Toma & Co Ltd
Who we are
This is the privacy statement of Mark Toma & Co Ltd, a company registered in Scotland (SC319795). Our registered offices are at 48 Nithsdale Road, Glasgow G41 2AN.
This privacy statement explains how we collect and use personal information about our clients. It is a requirement that we have this privacy statement in order to comply with the current Data Protection Law (“GDPR”). Our firm is an independent controller within that legislation.
What personal information we collect
In the course of providing our services to you, or in compliance with regulatory or legal requirements, we may collect a broad range of personal data from you and others. This may include your name, address, date of birth, marital status, business, financial information, tax information and any other information which is relevant to the performance of our services which we provide. Our services are provided in accordance with our engagement terms. Your information will be collected, stored and used in accordance with this privacy statement and our engagement terms.
Where we collect personal information from
We will collect data from:
- Employees who work for you and any of your businesses.
- HM Revenue & Customs and other regulatory bodies.
- Other entities which whom you have connections relevant to the services we provide
- Any person or entity nominated by you (e.g. family or third party companies or business which may hold information we require and which you consent to).
How we use your personal information
We use your information to:
- Deliver services and meet legal responsibilities, e.g. your tax return, accounts and advice.
- Verify your identity and your home address as may be required in law or by the Institutes with whom we are affiliated for regulatory purposes.
- Communicate by post, email, telephone or other means with you as necessary and with HMRC or other third parties as required in the course of our services.
- Understand needs and how they may be met.
- Maintain records, e.g. retention of records as required by the professional bodies who regulate our work.
- Process financial transactions on your behalf.
- Allow carefully selected third parties to process financial transactions and perform services on our behalf
- Prevent and detect crime, fraud or corruption where required in law or by the Institutes who regulate our work.
- Deal with any complaints or action against this firm by you or other parties in relation to the work we have performed for you.
- To provide updates to you and to tell you about our services, events we may be holding or changes in how we do business or technical updates.
Who we share your personal information with
We may share your personal information with:
- Any third party with whom you authorise us to disclose information.
- HMRC where necessary for the performance of our services.
- The National Criminal Intelligence Service (or other similar Government bodies) where legally bound to do so or where our regulatory bodies require such sharing.
- Any professional body who regulates our work such as (but not exclusively) The Institute of Chartered Accountants of Scotland, The Chartered Institute of Taxation and The Financial Conduct Authority, e.g. where in the course of our work such disclosure is appropriate or required by these bodies.
- Our Professional Indemnity Insurance policy providers and their brokers where necessary in order to procure the required insurance for our services.
- Any other relevant party where such information requires to be shared to obtain a policy or to provide a service to you or as required for work authorised and regulated by the Financial Conduct Authority, e.g. Insurance and Pension providers, and as regulated by our professional bodies.
- Other advisers where necessary for the provision of our engaged services.
- Third parties who process financial transactions to allow them to perform services on our behalf
Provision of personal data to third parties
We will only share personal data with third parties where we are legally permitted to do so. We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties. Where we transfer personal data to third parties, we will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.
We may provide personal data to:
- Third parties involved in the performance of services – we may also share personal data to third party organisations who assist us in providing services to clients or are otherwise involved in the services we provide to clients.
- Third parties who provide IT services, data processing or functionality – like many professional service providers, we use third party providers to support our business and the provision of services to our clients, such as cloud based software providers, web hosting/management providers, data analysis providers, and data back-up and security/storage providers. We may transfer personal data to such third parties.
- Auditors and advisers – we may transfer personal data to our auditors and advisers as required by law or as reasonably required in the management of our business.
In the event we do share your information with third parties in accordance with the paragraphs above we will only share such personal data or information as is strictly required for the specific purposes and we shall take reasonable steps to ensure that the recipient shall process the disclosed personal data in accordance with these provisions.
International transfers of personal data
In the course of running our business and providing services to clients we may transfer personal data to third parties located in other countries, including countries outside the EEA. Where we transfer personal data to a country not determined by the European Commission to provide an adequate level of protection for personal data, we will only do so under a form of agreement approved by the European Commission
How we use your information to make automated decisions
We do not currently make any automated decisions but in the event that we do have such circumstance the data will be used in accordance with this document.
If you do not provide your personal information
If you do not agree to provide personal information to this firm we shall be unable to provide you with the services offered in terms of any engagement letter. Further, failure to provide tax related information may cause us to fail to meet any agreed obligations in respect of filing returns etc. and may also be relevant to any considerations this firm has in terms of regulatory requirements to detect crime.
How long we retain your personal information for
We generally hold your personal information for at least 6 years. We may hold such information in our physical filing system or using digital archives or our servers or secure Cloud data storage as is typical for firms regulated in our way. We may hold your information for a longer period than 6 years where we feel this is appropriate, e.g. in relation to Capital Gains Tax transactions where historic information may be usefully held permanently
How we protect your information
We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review such measures with the objective of ensuring their continuing effectiveness. The Privacy Statement was last updated on 23 May 2018.
Access to your information
You have the right to request a copy of the personal which we hold.
Correcting your information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information
You have the right to ask us to delete personal information we hold about you where:
- you consider we no long require the information for the purposes for which it was obtained;
- we are using that information with your consent and you have withdrawn your consent (see “withdrawing your consent” section below);
- you have validly objected to our use of your personal information (see “objecting to how we may use your information” section below);
- Our use of your personal information is contrary to law or other legal obligations.
Objecting to how we may use your information
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless thee are overriding legitimate grounds to continue.
Restricting how we may use your information
In some cases you may ask us to restrict how we use your personal information. This right may apply, for example, where we are checking the accuracy of the personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right may also apply where this is no longer a basis for using your personal information but you do not want us to delete the data. Where this right to is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purposes for which consent was given.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement are available from our office at 48 Nithsdale Road, Glasgow G41 2AN.
Contact information and further advice
Our Data Protection Officer is Mr Mark Toma at Mark Toma & Co, Chartered Accountants, 48 Nithsdale Road, Glasgow G41 2AN. Our Data Protection Officer is happy to help with further information and advice.
We seek to resolve directly all complaints about how we handle personal information with you. However, you also have the right to lodge a complaint with the Information Commissioners Office, whose details are as follows:-
Information Commissioner’s Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745