Overview

DRG Accountants and its affiliates (“DRG”, “we”, “us” or “our”) are committed to maintaining meaningful privacy protections for all individuals who interact with DRG. This Privacy Notice describes ‘s practices with respect to your personal information, including the types of information we collect, how we use and share that information, and your choices.  

The Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) require organisations that process personal data to meet certain legal obligations. We are a data controller within the meaning of the Act, and we process personal data.

We are committed to complying with the requirements of the DPA and GDPR. As a result, we confirm that personal information we process will only be held (or otherwise processed) to the extent necessary in order to provide the agreed professional services and for any other purpose specifically agreed.

Collection of information and categories of sources

We are entering into a contract with you and will be processing data to fulfil our contractual obligations. To provide the agreed services, we need to collect, retain, and process personal data about you. This data is needed to:

  • Take you on and retain you as a client according to the provisions of UK laws and professional regulations (e.g., anti-money laundering requirements)
  • Prepare and file accounts and tax returns
  • Provide advice on tax and national insurance liabilities
  • Provide ad hoc advice  


If the information required is not provided, we may not be able to provide the required services which would trigger the disengagement provisions in the terms and conditions.

The personal data that we will collect, and process will include:  Names and addresses

  • Email addresses
  • Telephone numbers
  • Information held by HMRC
  • Where relevant, information required to prepare tax returns
  • Where relevant, information required to prepare your accounts
  • Correspondence between us

Categories of sources

We collect information that is supplied about you from:

  • You
  • A spouse/partner
  • HMRC
  • Your organisation
  • Electronic ID verification providers
  • Other third parties (e.g., banks, investment managers etc) as authorised by you


Use of information and legal bases for processing

We may use information we hold about you:

  • To provide services under the contract in force between us
  • To contact you about other services we provide which may be of interest to you if you have consented to us doing so
  • To meet other legal and regulatory requirements
  • For other legitimate interests

 

We will retain records based on our retention policy so that we can defend ourselves against potential legal claims or disciplinary action which can be brought within statutory time limits.

We may also use information from other people or organisations when carrying out these activities.

There is no automated decision-making involved in the use of your information.

Where we use subcontractors, they will comply with General Data Protection Regulation (GDPR) requirements.

Your information may from time to time be transferred and/or processed outside the EEA. This will only be done where we have confirmed that the country to which your data has been transferred provides a level of personal data protection comparable to that provided in European law.

Legal bases for processing

Personal data may be processed on a contract basis under the engagement letter and Schedule of Services.

Personal data may be processed on a consent basis when meeting clients’ wider expectations of our professional relationship.

Personal data may be processed on the legal obligations and/or public interest bases to comply with legal requirements.

Personal data may be processed to further our legitimate interests.

Information sharing and disclosure

For us to provide the agreed services, we may provide personal data about you to:

  • HMRC
  • Other third parties you require us to correspond with (for example, finance providers, pension providers (including auto-enrolment) and investment brokers)
  • Subcontractors who are bound by the same professional and ethical obligations as the principals and employees of the Limited Liability Partnership
  • Tax insurance providers
  • Professional indemnity insurers
  • Our Anti Money Laundering supervisors the Institute of Chartered Accountants in England and Wales (ICAEW) or an external reviewer in relation to quality assurance

 

We need to give information to these other parties to fulfil our contractual obligations to you and therefore it is not possible to opt out of the provision of information to these parties. If you ask us not to provide information we may need to cease to act.

If the law allows or requires during the period of our contractual arrangements or after we have ceased to act, we may give information about you to:

  • The police and law enforcement agencies
  • Courts and tribunals
  • The Information Commissioner’s Office (ICO)  


In addition, after we have ceased to act, we may give information about you to:

  • Our professional indemnity insurers or legal advisers where we need to defend ourselves against a claim
  • Our professional disciplinary body where a complaint has been made against us in order to defend ourselves against a claim
  • Your new advisers or other third parties you ask us to give information to

Data security

We have put in place appropriate and proportionate security measures to address the risk of personal data being lost, used, altered, or accessed in an unauthorised way. We limit access to personal data to those who have a business need to access it, and who will only process the personal data on our instructions.

Nevertheless, no data transmission over the internet, or any other network, can ever be regarded as wholly secure, and we have in place measures to deal with any suspected breach of data security. Those measures include policies and procedures, which are periodically reviewed to ensure they are effective and fit for purpose.

Data retention

When acting as a data controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all records relating to you as follows:

  • Where tax returns and accounts have been prepared it is our policy to retain information for seven years from the end of the tax year to which the information relates
  • Where ad hoc advisory work has been undertaken it is our policy to retain information for seven years from the date the business relationship ceased
  • Where we have an ongoing client relationship, permanent information (the data supplied by you and others which is needed for more than one year’s tax and accounts compliance) including, for example, capital gains base costs and claims and elections submitted to HMRC, are retained throughout the period of the relationship but will be deleted seven years after the end of the business relationship unless we are asked to retain it for a longer period by our clients
  • Under the Money Laundering Regulations (MLR 2017) personal data must normally be destroyed within specified time limits but where contractual agreement is in place this is taken as agreement under Regulation 40 (5) MLR 2017 to retain records for the longer period of seven years

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the Privacy Notice applicable to the website in question.

Your rights

To exercise any rights you have, you can submit a request at privacy@flb.co.uk.

You may have the following rights in relation to your personal information:

  • Right to access. Requests to see records and other related information that the firm holds about you are known as ‘subject access requests’ (SAR). The law allows us to refuse your request for information in certain circumstances – for example, if you have previously made a similar request and there has been little or no change to the data since the original request. The law also allows us to withhold information where, for example, release would be likely to:
    • prejudice the prevention or detection of crime
    • prejudice the apprehension (arrest) or prosecution of offenders
    • prejudice the assessment or collection of any tax or duty
    • reveal the identity of another person, or information about them.


Where we are unable to consent to your request, we will set out the reasons in writing. Additionally, you can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to do this. This is usually a letter signed by you stating that you authorise the person concerned to write to us for information about you, and/or receive our reply.

  • Right to rectification. Should information you have previously supplied to us be incorrect, please inform us immediately so we can update and amend the information we hold.
  • Right to erasure. In certain circumstances it is possible for you to request us to erase your records and further information is available on the ICO website (www.ico.org.uk). If you would like your records to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure and if applicable we will supply you with the reasons for refusing your request.
  • Right to restrict processing and right to object. In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. For further information refer to the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can take the appropriate action.
  • Withdrawal of consent. Where you have consented for us to contact you with details of other services we provide, we may continue to process your details of other services we provide at any time during the performance of the contract or thereafter. We will then cease to process your data but only data and contact you for that purpose after our contractual relationship ends. You may withdraw consent for the firm to contact you in relation to in connection with contacting you with details of other services we provide. Note that the withdrawal of consent does not make the other bases on which we are processing your data unlawful. We will therefore continue to process your data under the terms of our contract and for other reasons setout in this privacy notice.
  • Right to data portability. You may be able to request your personal data in a format which enables it to be provided to another organisation. We will respond to any requests made without undue delay and within one month. We may extend the period by a further two months where the request is complex, or a number of requests are received but we will inform you within one month of the receipt of the request and explain why the extension is necessary. The right to data portability only applies:
    • to personal data an individual has provided to a controller.
    • where the processing is based on the individual’s consent or for the performance of a contract; and
    • when processing is carried out by automated means

Complaints

If you have any questions, concerns, or complaints about this Privacy Notice please feel free to contact our DPO by email at privacy@flb.co.uk.   

If you are dissatisfied with the response, then you can refer to the ICO. 

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF