Privacy Policy

DATA PROTECTION POLICY & PRIVACY NOTICE

SECTION ONE – DATA PROTECTION POLICY

Evans and Evans Accountants and Tax Specialists , Registered Company 6452975

24a St Radigunds Road, Dover Kent, CT17 0JY

The provision of accountancy, bookkeeping, PAYE and specialist tax planning and advice services.

For any queries regarding the content of this Policy Document and Privacy Notice, or any requests to access data held, please contact Adrian Evans, 01304 449043, adrian@eeaccounts.co.uk>

Evans and Evans Accountants and Tax Specialists are registered with the Information Commissioner’s Office, reference Z1455177

Understanding our Obligations

Evans & Evans have assessed and documented all processing activities conducted regularly, those exposing data to a high-risk and any sensitive personal data.  These activities have been justified using the Legal Bases and Special Conditions provided in the Regulations and written into a Privacy Notice, please see Section Two of this document.  The Privacy Notice is also available to all Interested Parties on our website, and upon request.


Data Subject Access Rights

Individuals have the right to request details of any personal information that we may hold on you, and you have increased rights regarding our use of that information, including;

  • The right to request rectification of information that is inaccurate or out of date

  • The right to erasure of your information (also known as “the right to be forgotten”)

  • The right to restrict the way in which we are dealing with and using your information

  • The right to request that your information be provided to you in a format that is secure and suitable for re-use (also known as “the right to portability”)

Evans & Evans acknowledges that any person may ask if any information is held containing their personal data.  We will respond to written requests as soon as possible, not taking any longer than 30 days to provide copies of any data held.  The company shall correct any errors if requested and agrees to delete records where this is permitted under the Legal Basis.

Review of Data Protection Policy and Privacy Notice

Data Protection is a standing agenda item at our Management and Team Meetings and the Directors Board Meeting; this includes a review of the Data Protection Impact Assessment and Privacy Notice for relevance and accuracy.  The documents, and this policy document, shall be reviewed in full at least annually.

Security Details

Every effort is made to manage the personal information held by Evans & Evans in a responsible and secure manner.  To this end, all network equipment is encrypted, and password protected.  The servers are located in a locked room with limited key-holders.  Staff using mobile phones to access business information, including emails, are asked to add PIN or Fingerprint security, and ensure that the operating system updates are downloaded when available.

Hard copy client and personnel files are kept in a locked cabinet in a locked office with limited key-holders.  


Breach Response

In the event of a breach, such as a break-in, loss or theft of a laptop or phone, all staff and current clients will be made aware.  If there is a serious risk of personal data being misused, then all contacts will be informed, and the incident reported to the Information Commissioner’s Office within three days of the breach being discovered; we will then take guidance on further action from the ICO.


Consent Management

Where Evans & Evans has an individual’s consent to send promotional material, by post or email, we will make it as easy to withdraw that consent as it was to give it.  Consents will be refreshed every two years.