R S Bookkeeping & Accounts - Privacy Policy

 

My Privacy Notice below explains:

  • (1) The personal information I collect;
  • (2) Why I process your personal information;
  • (3) When and why I will disclose your personal information to HMRC:
  • (4) The rights and choices you have when it comes to your personal information;
  • (5) The steps I take to ensure your information is kept secure and confidential;
  • (6) How long I will hold your information for; and
  • (7) How to contact me.

1. The Personal information I collect

  • When you register for my services as a bookkeeper and accountant you must provide me with your name, address, mobile no, and email address, date of birth, national insurance no and unique taxpayers reference.
  • When you register for my services as a payroll provider you must provide me with all of the above and your marital status and your employment status and income. Also I will need your Tax Office Reference No and your Employer  Reference No.
  • There is further information about your personal circumstances I may ask for so that I can complete all relevant sections of your tax return.                                                                       

2. Why I process your personal information

  • I require your contact details so that I can correspond with you at ease. If you have a preference of email or telephone please advise.  Emails suit me as I can print off and keep a record of our conversation.
  • The provision of your unique NI and Tax Reference Nos is because they are required on your payroll or tax return.  They are also required when I am speaking to HMRC on your behalf to confirm my identity and your identity.  They also confirm your age in relation to minimum wages, National Insurance Category and Status.
  • The provision of your marital status and employment status are required for your payroll as they make up information required by HMRC to complete the tax year with all your income - giving the correct year to date information. Married people are treated differently to single people for some tax reasons or allowances.
  • The provision of your bank, bank account name, sort code and account no, and your bank statements in order that I may reconcile your bank, or to see your income and expenditure as it relates to your business.  Also, if you are due a repayment, HMRC can send you the refund directly into your bank.

3.  When and why I will disclose your personal information to HMRC

  • I will only liaise with HMRC on your behalf because you have set me up as your agent using form 64-8.  They will ask for confirmation of my details and your details so they can speak with me.  Normally I do not need to speak to them but if there is a query I would rather get it right than search on google, so I speak to the “horses mouth” and make a note of the name and date.  All conversations are recorded.
  • I do not discuss your information with anyone else, and I mean anyone.

 

4. The rights and choices you have when it comes to your personal information.

  • At any time, you can come and see what I hold of yours in my home office.  I also offer a support service if you want to be trained to do your own tax return, sitting alongside you to answer any questions that throw you.

5. The steps I take to ensure that your information is kept secure and confidential

  • Please see my Privacy Policy

6. How long I will keep your information for

  • I follow HMRC guidelines and keep your information for 6 years from the January following the year reported on.   Therefore for 2017-2018 I will destroy records in 2025.

7. How to contact me

  • I want to be accessible to my clients.  Please call me, text me or Whatsapp me, whichever is cheapest and I will get back to you.  I work between 10 am and 6pm Monday to Wednesday and do visits and research on Thursdays or Fridays.  Friday is generally my day off but I am flexible.
  • I check my emails regularly throughout the day.  This is my preferred method of communication and I often pdf emails and put in your encrypted folder on my computer.

My email address is 07772723963

My website is www.rsbookkeepingandaccounts.co.uk

I have a Facebook Page “rsbookkeeping&accounts”

 

 

The following are the criteria to assess and carry out in accordance with the new GDPR Data Protection Regulations 25.5.18

 

  1. Assess the Risk

I will review personal data and assess all processes involved that require me to collect, store, use and dispose of personal data

I will treat all data as valuable, sensitive, confidential

I will continue to store all data on index cards, in a book, in hard files and on the computer in folders – however:

I will password protect my computer, and the files will be encrypted

Files are stored in a lockable filing cabinet upstairs away from other clients

Payroll information is held on HMRC Basic Payroll Tools which is a cloud-based payroll

Pension information is held on Nest Pension Website, password protected

 

  1. Obsolete Data

I keep client data for 6 years in accordance with HMRC rules

Any unnecessary paperwork is shredded

Clients are able to access their data and check what I hold if they require

 

  1. Cyber Essentials

Encryption of files on my desktop computer is updating new files continuously

I will set my computer to clean temporary internet files and empty recycle bin regularly

I will update my Anti-Virus and Security System - I am currently using BT Net Protect Plus and Windows Defender which update and perform regular scans automatically.

This should stop breaches happening.

I will remove all old software that is obsolete

I will remove default passwords which can be well known to attackers

I will enforce strong passwords and limit the number of failed log in attempts

I will enforce regular password changes

I will act on any alerts from anti-virus scans immediately

 

  1. Who has access to data?

I am the only member of staff of R S Bookkeeping & Accounts at present.I treat all information as sensitive and with confidentiality.I discuss my clients’ data only with HMRC and only when clients have given me permission to, as their agent

 

  1. Secure your data on the move and in the office (home)

I am aware that devices like mobile phones and laptops can be stolen

I do not use a laptop or ipad and therefore do not transport data via these devices

I do not use USB devices to store information and therefore these cannot be mislaid.

I don’t use untrusted devices to connect to my network

I store data in a metal locked filing cabinet in a room upstairs

Clients folders are kept locked in the boot of my car on a journey to visit them and not viewable to passers by

All post is marked Private & Confidential and is hand delivered or posted “signed for”.

 

  1. Back Up Data

Loss of data by fire is a breach of the Data Protection Act

I recognise I need a robust back up strategy to protect against disasters, but also against ransomware

All data is backed up to a Dropbox which can be accessed from elsewhere.

 

  1. Train my staff

I currently do not have any staff.

Should I take on any staff I will make sure I or they don’t send an email to the wrong recipient.

I will make sure I or they will not open an email attachment containing malware

I or they will be taught to recognise threats such as phishing emails

I will read security bulletins or newsletters from HMRC and ICO.

 

  1. Ongoing

I will address risks consistently and document the controls I have in place, and identify where improvements are needed

I will correctly use the security I already have

I will make sure I am compliant with industry guidance and legal requirements

I will minimise the data I hold and regularly shred any data superseded unless it is a record that needs to be held for 6 years

I will run an annual check on clients’ details to see if what I have is correct or out of date

 

     19th May 2018