Privacy Policy

Who we are

This is the privacy statement of James Bell & Co, Chartered Accountants

This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by individuals themselves or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person.  James Bell & Co processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.

What personal information we collect

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes.

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to other data subjects concerned, such as family members, regarding its use.

Given the diversity of the services we provide to personal clients, we process many categories of personal data, including as appropriate for the services we are providing:

Contact details;

Business activities;

Family information;

Income, taxation and other financial-related details; and

Investments and other financial interests.

Where we collect personal information from

Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client.

Third party credit reference agencies are used in circumstances where other forms of identifying clients have not been provided.

How we use your personal information

We use personal data for the following purposes:

Providing professional services

We provide a diverse range of professional services.  Some of our services require us to process personal data in order to provide advice and deliverables.  For example, we need to use personal data to provide individual tax advice or pensions advice.

Administering, managing and developing our businesses and services
We process personal data in order to run our business, including:
– managing our relationship with clients;
– developing our businesses and services (such as identifying client needs and improvements in service delivery);
– maintaining and using IT systems;
– administering and managing our website and systems and applications.

Security, quality and risk management activities
We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats.  Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.  We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file.  We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements.  We collect and hold personal data as part of our client engagement and acceptance procedures.  As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).

Providing our clients with information about us and our range of services
With consent or otherwise in accordance with applicable law, we use client contact details to provide information that we think will be of interest about us and our services.  For example, industry updates and insights and other services that may be relevant.

Complying with any requirement of law, regulation or a professional body of which we are a member
As with any provider of professional services, we are subject to legal, regulatory and professional obligations.  We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Who we share your personal information with

We will only share personal data with others when we are legally permitted to do so.

Personal data held by us may be transferred to:

Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Auditors and other professional advisers

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

How long we retain your personal information for

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 7 years.

Your rights

Access to your information – You have the right to request a copy of the personal information about you that we hold.

Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your informationYou have the right to ask us to delete personal information about you where:

You consider that we no longer require the information for the purposes for which it was obtained.

We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.

You have validly objected to our use of your personal information – see Objecting to how we may use your information below.

Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes.  In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data.  Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.

Changes to our privacy statement

We keep this privacy statement under regular review and will place any updates on this website.  Paper copies of the privacy statement may also be obtained by telephoning 01292 288531.

This privacy statement was last updated on 25 April 2018

Contact information and further advice

The Data Controller is:

James Bell & Co

Chartered Accountants

20 Wellington Square

Ayr

KA7 1EZ

Telephone:       01292 288531

Email:              info@jamesbellca.co.uk

Complaints:

We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone – 0303 123 1113 (local rate) or 01625 545 745

Website – https://ico.org.uk/concerns