Aiteo Consulting - GDPR Compliance

Your privacy is important to us

Introduction

The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.

Aiteo Consulting Limited is a data controller within the meaning of the GDPR and we process personal data. The firm is registered as a data controller with the Information Commissioner’s Office (registration reference ZA146202).

Our associated privacy policy is available on our website here: www.aiteoconsulting.co.uk/privacy-policy

GDPR legislation requires us to use a number of tests to identify the lawful basis for processing the personal data that we hold. Our work usually falls within four lawful basis tests for our processes within the firm and these are noted below.

 

1. Legal Obligation

We rely on this lawful basis to process personal data to comply with a common law or statutory obligation. This includes the following key processes within our organisation:

  • customer onboarding (“Know Your Customer” or “KYC”)
  • acting as a customer’s agent with HMRC
  • submitting money laundering reports to the relevant authorities
  • payroll processing
  • preparation of company statutory accounts
  • sole trader accounting
  • personal tax returns
  • corporation tax returns

It should be noted that the use of this lawful basis extends to retaining key financial records in line with statutory minimums. Due to the nature of this lawful basis, a data subject cannot request personal data to be erased in advance of the expiration of such statutory minimums.

 

2. Contract

We rely on this lawful basis to the when we need to process personal data to fulfil our contractual obligations to customers or to carry out a process which we have been asked to do before entering into a contract. This includes the following key processes within our organisation:

  • preparing a quote or estimate for work
  • delivering elements of any contract relating to personal or business service provision which is not by definition included under the lawful basis of ‘Legal Obligation’.

It should be noted that if the data subject objects to the processing of their data under the lawful basis of ‘Contract’, it is highly likely that we will have to cease acting for them.

 

3. Legitimate Interests

We rely on this lawful basis when the processing is not required by law but is of a clear benefit to you or others; in particular, we use this basis when there is a limited privacy impact on the individual; when the individual should reasonably expect us to use their data in that way; and we cannot, or do not want to, give the individual full up-front control (ie consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.

In summary, we use this lawful basis where there is either a minimal impact on the individual or else there is a compelling justification for the processing.

Examples of how this lawful basis is used in our firm include:

  • sending a periodic newsletter to customers
  • circulating news of developments in accounting, tax or industry which are relevant to the recipient
  • highlighting additional or complementary services to existing customers which may be of interest

Data subjects may request for their data to cease to be used in this way at any time. This is most easily achieved by clicking the ‘unsubscribe’ link in every email which is sent under this basis.

 

4. Consent

The fourth and final lawful basis we most commonly use is ‘Consent’. Under such circumstances, data subjects provide their data willingly, with genuine consent, and understand the purposes for which this data is used. As examples, consent may be sought in the following ways:

  • through a positive and separate opt-in during the customer onboarding process
  • invitations to subscribe to our mailing list via website pop-ups or subscription forms
  • lead-building forms on social media such as LinkedIn, Twitter, Facebook, or other similar platforms
  • pop-ups or banner web advertisements

Examples of how this lawful basis is used in our firm include:

  • sending a periodic newsletter to members of our email list
  • circulating news of developments in accounting, tax or industry which are relevant to the recipient
  • highlighting new, additional or complementary services to list members which may be of interest
  • sending special promotions and offers

Data subjects may request for their data to cease to be used in this way at any time. This is most easily achieved by clicking the ‘unsubscribe’ link in every email which is sent under this basis.

 

End Notes

This note should be read in conjunction with our privacy policy: www.aiteoconsulting.co.uk/privacy-policy

If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to: support@aiteoconsulting.co.uk.

If you are not happy with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).