The policy applies to Egia Financial Limited. Egia Financial Limited, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).
Collecting your personal information
I provide tailored accounting and business advisory Services (as defined in the Letter of Engagement and Terms of Business), which requires the collation and storage of data about a company or individual. That data can include personal information. “Personal information” is information about an identifiable individual, and may include information such as the individual’s name, email address, telephone number, bank account details, taxation details, and accounting and financial information.
I may collect personal information directly from you when you enquire about the Services, or when you use the Services. You can always choose not to provide your personal information to me, but it may mean that I am unable to provide you with the Services.
I may receive personal information from you about others
Through your use of the Services, I may also collect information from you about someone else. If you provide me with personal information about someone else, you must ensure that you are authorised to disclose that information to me and that, without me taking any further steps required by applicable data protection or privacy laws, I may collect, use and disclose such information for the purposes described in this Policy.
This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, my identity, and how to contact me.
Where requested to do so by me, you must also assist me with any requests by the individual to access or update the personal information you have collected from them and provided to me.
I collect, hold, and use your personal information for limited purposes
I collect your personal information so that I can provide you with the Services and any related services you may request. In doing so, I may use the personal information I have collected from you for purposes related to the Services including to:
• verify your identity,
• update and enhance client records,
• administer the service,
• analysis for management purposes,
• notify you of new or changed services offered,
• carry out marketing or training,
• assist with the resolution of issues relating to the service,
• comply with laws and regulations in applicable jurisdictions, and
• communicate with you.
By using the Services, you consent to your personal information being collected, held and used in this way and for any other use you authorise. I will only use your personal information for the purposes described in this Policy or with your express permission.
I can aggregate your non-personally identifiable data
By using the Services, you agree that I can access, aggregate and use non-personally identifiable data I have collected from you. This data will in no way identify you or any other individual.
I may use this aggregated non-personally identifiable data to:
• assist me to better understand how my clients are using my services,
• provide my clients with further information regarding the uses and benefits of my services,
• enhance small business productivity, including by creating useful business insights from that aggregated data and allowing you to benchmark your business’ performance against that aggregated data, and
• otherwise to improve my services.
I take steps to protect your personal information
I am committed to protecting the security of your personal information and I take all reasonable precautions to protect it from unauthorised access, modification or disclosure. Data transferred between you and I will be through a secure online file sharing and storage platform. The security of the platform will be continually monitored. If a change in platform is required to enhance data protection I will make arrangements for the transfer and inform you of this change.
However, the Internet is not in itself a secure environment and I cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment.
I will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where tour personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
I will only use your information where there is a lawful basis
My lawful reason for processing your personal information will be “A contract with the individual”, for example to supply services you have requested. This also includes steps taken at your request before entering into a contract.
I may receive personal data from you for the purposes of money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
My work for you may require me to pass your information to third-party service providers, and other associated organisations for the purposes of completing tasks and providing the Services to you. However, when I use third party service providers, I disclose only the personal information that is necessary to deliver the Services and I have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
I only disclose your Personal Information in limited circumstances
I will only disclose the personal information you have provided to me to entities outside of Egia Financial Limited if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Service.
I will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that I may be required to disclose your personal information without your consent in order to comply with any legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, I will notify you if I am required by law to disclose your personal information.
You may request access to your personal information as well as correction, portability and deletion of this information
It is your responsibility to ensure that the personal information you provide to me is accurate, complete and up-to-date. You have a right to request access to the information I hold about you, or request that I update or correct any personal information I hold about you, by setting out your request in writing and sending it to me at firstname.lastname@example.org.
I will process your request as soon as reasonably practicable, provided I am not otherwise prevented from doing so on legal grounds. If I am unable to meet your request, I will let you know why.
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons I will be able to deny your request is if I can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
It is also your right to receive the personal data which you have given to me, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Should you wish for me to completely delete all information that I hold about you, please send a request to email@example.com.
I will not hold personal information for longer than is necessary
I’ll only keep your personal information for as long as I require it for the purposes of providing you with the Service. However, I may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
You can opt-out of any email communications
I send billing information, product information, Service updates and Service notifications to you via email. I will reframe from communication via email at your request.
You are responsible for transfer of your data to third-party applications
I have a privacy complaints process
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
This policy is reviewed regularly