Jackson Stephen takes your privacy seriously and is committed to protecting your personal information.
This privacy statement sets out how we obtain, store and use your personal information when you use or interact with our website, www.jacksonstephen.co.uk, or where we otherwise obtain or collect your personal information. The effective date of this privacy statement is 16 April 2018.
Who are ‘we’?
In this statement, whenever you see the words “we”, “us” or “our”, we mean Jackson Stephen LLP and Jackson Stephen Accountants & Business Advisers Limited. Further details about us may be found in our Terms & Conditions. You can contact us by writing to our office address or sending an email to email@example.com.
Personal information we collect or obtain about you
If you are our client, we collect personal data about you for the following purposes:
- To provide services to you under our contract of engagement with you
- To fulfil any legal obligations to HMRC and other third parties arising from the services
- For anti-money laundering and fraud prevention purposes
- For record keeping purposes
- To track your activity on our website and our social media platforms
- To personalise and tailor any information communications and event invitations that we may send you
- To tell you about other services we have a legitimate interest in offering you.
When we provide you with services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, email address, telephone number and payment information. Any personal information that you provide to us may be used to personalise and improve your experience on our website and provide services you request from us.
We collect personal data about our employees and candidates applying for specific employment roles for the following purposes:
- To fulfil our obligations under your employment contract and / or training contract
- To fulfil our legal obligations to HMRC and other third parties arising from the contract
- To process your application for an employment role advertised by us.
We may, for example, keep a record of your name, date of birth, sex, education and qualifications, work experience, national insurance number, tax code, details of any known disability and emergency contact details. We may also keep details of your employment history with us, employment terms and conditions, any accidents connected with work, any training taken and any disciplinary action.
We may collect personal information about other individuals using our website or otherwise contacting us for the following purposes:
- To deal with your enquiry
- To provide and tailor any information communications and event invitations that we may send you
- To evaluate your suitability for any employment opportunities that we have in the future.
We are only able to process this personal information if you consent to the processing (opt-in). You can opt-out or request that your personal information is deleted from our system at any time by emailing us at firstname.lastname@example.org.
If you opt-in, the types of information communications you may receive include:
- Our iNews bulletins
- Our Newsletters
- Information about the services we offer
Sensitive personal data relating to employment or applications for employment
‘Sensitive personal data’ is information about racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring your explicit consent.
We will process data about your health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without your knowledge and, where necessary, consent.
We will process data about, but not limited to, your racial and ethnic origin or religious beliefs only where you have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions. Data about any criminal convictions will be held as necessary.
Accuracy of information we have collected about you
We will do our best to accurately record the personal information we collect about you. We will not be responsible for updating that information if it changes. If you tell us that the personal information we hold on you is incorrect, we will do our best to amend it. Contact email@example.com to request that your personal information is amended.
Providing your personal information to third parties
In order to provide our services to you or otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations (“data processors”) to carry out some of the data processing on our behalf. These may include for example: client payroll and pensions organisations, our accounts and tax solutions platforms (including ‘Xero’), our employee payroll processor and our anti-money laundering identity verification tool. These organisations may provide cloud storage which is hosted both in and outside of the European Union (“EU”).
We may also share your data with third parties:
- If we are under a legal or regulatory duty to do so
- If it is necessary to do so to enforce our contractual rights
- To lawfully assist the police or security services with the prevention and detection of a crime or terrorist activity
- Where such disclosure is necessary to protect the safety or security of any person
- Where otherwise permitted under applicable law.
Security of information
We take the security of your personal information seriously.
We have security procedures in place to protect our paper-based systems and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what may be made of the personal information contained within them.
When we provide your personal information to data processors, we ensure they provide sufficient guarantees that the requirements of data protection will be met and your rights protected. For any cloud service provider based outside of the EU, we obtain a compliance statement confirming in writing that any data transferred out of the EU to or by the cloud storage provider is in line with EU data protection equivalence rules.
Retention of your personal information
We will retain your personal information for as long as it is reasonably necessary for us to keep it in accordance with applicable law. Information which we required consent to collect and process will be retained until you withdraw consent, except for employment related information which will be retained for 12 months.
Erasure of your personal information (your ‘right to be forgotten’)
You can request us to erase your personal data where we have no compelling reason for its continued processing. To make an erasure request, contact firstname.lastname@example.org.
Complaints about how we deal with your personal data
If you are unhappy with how we are dealing with your personal data, please contact our managing partner Diane Brennan to discuss your concerns at email@example.com.
If you are dissatisfied with how we deal with your concerns, you can complain to our supervisory authority for data protection, The Information Commissioner’s Office (ICO). ICO’s contact details are: https://ico.org.uk/.