1. How we process personal data
For people who contact us through our website:
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal data will become part of your file with us. If you do not become a client, we will delete your personal data 3 months after your last contact with us.
For people whose information we received from one of our clients:
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of 7 years because we believe we have a legal responsibility to retain it for this period.
2. Who we share data with
We share your personal data with our IT service providers, including Techsure, Sage, CaseWare, Relate and Ardbrook. These providers are not permitted to use this data, except on our behalf. We may share your personal data with advisers who are subject to rules of confidentiality. We may also be obliged to provide access to your personal data to regulators, including our professional body.
If we received your personal data from one of our clients, then we also share your personal data with that client.
We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.
3. Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
4. Your rights
You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:
• Right to access - you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure - you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
• Right to restrict or object to processing - you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• Right to data portability - you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.
•Right to withdraw consent - if we are processing personal data based on your consent, you may withdraw that consent at any time.
In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at firstname.lastname@example.org or by post at 84 Northumberland Road, Ballsbridge, Dublin 4. You also have the right to lodge a complaint with the Data Protection Commission, whose contact details are as follows:
Data Protection Commission
Telephone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757
Email email@example.com ]