AGL Associates (WM) Limited - Chartered Certified Accountants - Data Protection Policy

Introduction:

The General Data Protection Regulations (GDPR) (2018) requires the Company to be open about the information that it holds on you and uses. The Company policy is to respect the privacy of clients and their employees and to maintain compliance with the General Data Protection Regulations (GDPR). Personal data related to clients and their employees will be protected. All employees and sub- contractors of the business are asked to sign a confidentially clause. The company will, if required, sign a separate confidentiality agreement if the client deems it necessary. You are entitled to audit the business to ensure we comply with the GDPR. Please contact the Data Protection Officer in writing. You have the right to withdraw your consent to processing of data. Please contact the Data Protection Officer in writing. This policy complies with the General Data Protection Regulations May 2018.

Data Protection Officer:

The Company Data Protection Officer is the Managing Director. Any queries or complaints should be addressed to him.

Data:

The company will need to collect personal data and business data (including employee data if you use our payroll service) from you upon engagement of services. We require this data in order for us to:

• contact you if required

• carry out the work you have contracted us to do

• comply with regulatory requirements

• comply with RTI requirements

We ask that you provide ID to comply with our responsibilities under money laundering legislation. We also carry out money laundering checks to fulfil our responsibilities, using Experian. The above data is scanned electronically and hard copies are not retained by the business. All paper copies are disposed of securely. If you provide us with your accounting books, receipts, paperwork etc. during the /period of processing we will store your documents in a secure locked office. Once we have processed the documents, they will be returned to you - no hard copies are retained by the business. We may need to scan in copies of certain documents to our client electronic files.

Electronic Copies:

All of your data is stored on our client files, on our server which is a hosted in a UK Data centre with anti virus and backed up via Onvio Servers. We also store data on our web based systems, we use to process your accounts. Our computer systems are password protected and all staff have to change their passwords on a regular basis. Data is accessible by the Managing Director via a mobile phone, which is finger print secured and each application has a two -point authentication. The company use a UK Data Centre to back up all of the data.

Payroll Services:

If you choose to use our payroll service, your employee’s details will be collected and added to our web based software. The information we request: Name, address, date of birth, national insurance number, telephone numbers, P45, bank details. The reason we require this data is to process the payroll on your behalf and to comply with our RTI responsibilities. If an employee leaves your employment, they will be deleted from our web based software, from a processing point of view. Employees records will be permanently deleted after 7 years.

Emails:

If you choose to use our payroll service, payslips will be emailed to you and your employees. The emails are password protected and we advise that once you open them you advise your employees that they delete and save the payslip or print them for their records.

Pensions:

If you choose to use our payroll service, we will have to liaise with your pension provider. Your employee’s data will be securely uploaded to your chosen pension provider via a secure web based login. You should request a copy of your pension providers Data Protection Policy directly.

Third party:

The company do not pass your data onto any third party, other than the HRMC, Companies House and pension providers for those clients who have chosen this service. If the client requests the data to be passed onto a third party (i.e. bank loans/mortgages) paperwork should be given to the MD giving your with explicit consent for us to contact the third party.

Newsletters and information:

As part of our service to clients, we may from time to time issue newsletters, information and service offers via email. As part of your engagement with the company, you have signed to give your explicit consent to receive these emails. If at any time you do not wish to receive these type of emails, then please contact the Data Protection Officer and we will remove you from our listing.

Transparency and Choice:

You may at any time contact the company and ask what information we hold on your Company and its employees. You may ask us to update this information if it is incorrect, which we will strive to do as quickly as possible. You may ask for any company and employee data to be deleted and requests should be made in writing to the Data Protection Officer.

What to do if you would like you or your employee’s data erased:

Please write to the Data Protection Officer if you wish for data to be erased. However, there may be circumstances where we are unable to do this (to fulfil our legal responsibilities).

Information Security:

All data is password protected and only accessible by authorised company staff. The company take appropriate cyber precautions.

Changes: