Privacy Policy

Last Updated: 3rd March 2020

Connock Accounts Limited hereby referred to as “Connock Accounts”, “the business”, “we”, or “us” is a registered company in England and Wales (10477296).

Connock Accounts is bound by the requirements of the General Data Protection Regulation 2018 otherwise known as GDPR. We respect your privacy and we are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data either when you visit our website or if you engage us to provide you with a service. This notice also tells you about your privacy rights and how the law protects you.

Connock Accounts will only collect your personal data for two reasons:

  1. to deliver products or services in which you have engaged us for
  2. to meet our obligations under the law

About this Policy

The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information which may relate to you (“personal data”).

Please read this Policy with care. It provides important information about how we use personal data and explains your statutory rights. This Policy is not intended to override the terms of any contract you have with us, nor rights you might have available under applicable data protection laws.

Privacy Policy

1. Who is responsible for taking care of your data?

Connock Accounts is principally responsible for looking after your personal data (your Data Controller) if you have a contract with us, visit our website, and use our social media sites.

If our client, acting as a Data Controller, has enrolled you to the services provided by us, (for example payroll) you should contact them, as they should provide you with details of Connock Accounts, and our role as a Data Processor).

2. What personal data do we collect?

If you are a private individual and have a contract with us, we will process the following:

  • your contact details including but not limited to your name, address, telephone and fax numbers, email address, a copy of an address ID
  • identity details including but not limited to your date of birth, National Insurance Number, Unique Tax Reference Number, a copy of a photo ID
  • information about your business including but not limited to business type, name and company number, VAT type
  • your financial data including but not limited to your income and sources, taxes and their share, investments, bank account number, tax residency details
  • information relevant to taxation including but not limited to properties, their acquisition and living there, litigations, inheritance
  • we will also process your emails, letters, documents and other written information you provide to us.


If you are a representative of an entity that has a contract with us, we will process the following:

  • your contact details including but not limited to your name, address, telephone and fax numbers, email address
  • identity details including but not limited to your date of birth, National Insurance Number, Unique Tax Reference Number, a copy of an ID
  • information about the entity including but not limited to business name and company number, VAT number,
  • financial data including but not limited to income and sources, taxes and their share, bank account number
  • we will also process your emails, letters, documents and other written information you provide to us.


If you are an employee enrolled in our services by your employer, we will process the following:

  • your contact details including but not limited to your name, address, email address
  • identity details including but not limited to your date of birth, National Insurance Number, Unique Tax Reference Number
  • information about employment including but not limited to your employer details, date when employment started, amount of working days/hours
  • financial data including but not limited to your salary, taxes share, investments to pension funds, bonuses


If you are visiting our website, we will collect your IP address, cookie identifiers, device identifiers, browser type and version, time zone, browser plug-in types and versions, operating system and platform. For further details please check Section 7.

If you are following us and interacting on our social media sites, we will process your name, photos, employment details, messages and comments directed to us.

If you provide us with personal data of someone else, you must ensure that you are authorised to disclose that information. We may collect, use and disclose such information for the purposes described in Section 4. You must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that personal information, Connock Accounts’ identity and how to contact us.

3. When do we collect your personal data?

We will collect information from private individuals and representatives of entities directly when they apply for, use our services and correspond with us by email, phone or otherwise.

We may collect information about them from other sources where we believe this is necessary to manage effective underwriting of the risk associated with a contract and/or helping fight financial crime. These other sources may include public registers and databases managed by credit reference agencies, government agencies such as Her Majesty Revenue and Customs (HMRC), Companies House, and other reputable organisations.

We will collect and/or retrieve information from our website and social media sites users when they visit our website and interact with our social media sites.

4. What do we use your personal data for?

If you are a private individual or a representative of an entity that enters into a contract with us, we will use your personal data to register you for requested services, evaluate the risk of potential fraud or other illegal activities, provide requested financial services, respond to your enquiries and advise you, communicate with you, inform you about relevant news in the sector and keep your certain data in accordance with legal, regulator, tax or accounting requirements.

If you are an employee enrolled in our services by the employer, we will use your personal data to provide requested financial services to your employer.

If you are visiting our website, we will use your personal data to enable the functionality of our website, to analyse what you are interested in on our website and to improve it to ensure that content is presented in the most effective manner for you and for your device.

If use our contact form on our website, email us, or contact us via telephone we will use your personal data in order to communicate with you and respond to any requests or query’s you make.

If you are following us and interacting on our social media sites, we will use your personal data to provide relevant information to you and the audience.

5. Lawful bases for using your personal data

We will make sure that we only use your personal data for the purposes set out in Section 4 where we are satisfied that:

  • our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to provide our services to you);
  • our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (e.g. to retain your documents in compliance with statutory tax, audit and accountancy obligations);
  • you have provided your consent to us using the data in that way;
  • our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (e.g. to evaluate your risk for potential fraud or other illegal activities), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.

6. Who do we share your personal data with?

We work with third parties that help us to manage our business and deliver services. These third parties may from time to time need to have access to your personal data.

The third parties may include:

  • Service Providers, who help manage our IT and back-office systems and other support services and systems.
  • Credit reference agencies and organisations working to prevent fraud in financial services,
  • Our regulators, which may include, Professional Bodies, the Financial Conduct Authority (FCA), Her Majesty Revenue and Customs (HMRC) and Information Commissioner’s Office (ICO), as well as other regulators and law enforcement agencies in the EU and around the world, solicitors and other professional services firms,
  • We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases other insurers. If we were to sell part of our businesses we would need to transfer your personal data to the purchaser of such businesses.

We will only transfer your personal data to companies which are recognised as providing an adequate level of protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.

Your personal data will never be passed on to any other companies or third parties (other than the third-party service providers described above) and will never be added to any third party mailing lists or databases unless you opt in to do so.

7. Cookies

Cookies are small text files that are placed on your computer by our website when you visit it. We use them in order to make our website work or work more efficiently, as well as to provide certain information to us. The table below explains the cookies we use and why.

NamePurpose
__utmb and __utmc Google Analytics – The B and C work together to calculate how long a visit to our website lasts. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes from the last page view/link click on a website, and then it expires.
__utmtGoogle Analytics – It is used to throttle the request rate for the service – limiting the collection of data on high traffic sites. It expires after 10 minutes. The main purpose of this cookie is performance.
__utmzGoogle Analytics – Keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 15,768,000 seconds – or, in 6 months. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. __utmz also lets you edit its length with a simple customization to the Google Analytics Tracking code.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

8. Marketing correspondence

We may use your personal data to send you our newsletter and other marketing correspondence about our services, events and related news in the sector. This may be in the form of email or a letter sent by post.

In most cases, our processing of your personal data for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law) may be based on your consent. You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out links in electronic communications or by contacting us using the details set out in Section 12.

9. How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulator, tax or accounting requirements.

In specific circumstances, we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is securely deleted.

10. Security of your personal data

We are committed to handling your personal data with high standards of information security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to personal data only for those who require it to fulfil their job responsibilities.

11. Your rights

You have a number of rights in relation to your personal data.

You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability. You may also exercise a right to complain to the Information Commissioners Office (ICO). More information about each of these rights can be found by referring to the table set out below.

To exercise your rights you may contact us as set out in Section 12. Please note the following if you wish to exercise these rights:

Access

You can ask us to:

  • confirm whether we are processing your personal data;
  • give you a copy of that data;
  • provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from, to the extent that information has not already been provided to you in this Policy.

Rectification

You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

Erasure

You can ask us to erase your personal data, but only where:

  • Your data is no longer needed for the purposes for which it was collected;
  • You have withdrawn your consent (where the data processing was based on consent);
  • Your objection to the processing of data is deemed to be successful;
  • Your data has been processed unlawfully;
  • Your data has to be erased for compliance with a legal obligation we are subject to.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:

  • For compliance with a legal obligation;
  • For the establishment, exercise or defence of legal claims.

There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.

Restriction

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • Its accuracy is contested and we need to verify it;
  • You think that the processing is unlawful, but you do not want to erase data;
  • Your personal data is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims;
  • You have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where:

  • we have your consent;
  • we need to establish, exercise or defend legal claims;
  • we have to protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where:

  • The processing is based on your consent or on the performance of a contract with you;
  • The processing is carried out by automated means;
  • The processing is based on your consent or on the performance of a contract with you;

Objection

You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area.  

We may redact data transfer agreements or related documents for reasons of commercial sensitivity.

Your Identity

We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request in respect of such records.

Fees

We will not ask for a fee to exercise any of your rights in relation to your personal data unless your request for access to information is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.

Timescales

We will aim to respond to your request within one month unless it is particularly complicated or you have made several requests in which case we aim to respond within three months.

We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.

Third-Party Rights

We may refuse to fulfil your request where it would adversely affect the rights and freedoms of other data subjects.

12. Contact and complaints

The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is Connock Accounts who can be contacted in the following ways:


If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible.

You also have a right to lodge a complaint with the Information Commissioner’s Office at any time.