01582 250 345
Client login Contact

Our Privacy Policy

Our firm: is Delphini Accounting Tax & Advisory LLP, registered with Companies House under registration OC452442, and with the ICO under registration ZB717678. 

What is the Purpose of this Privacy Notice?

To inform you about how and why your personal data is used so that we are as transparent as possible, and to ensure that you are aware of your rights under data protection legislation.

If you have any questions, or you think something is missing or unclear, let us know by getting in touch at info@delphiniaccouning.co.uk.

What is “Personal Data”?

When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on.

If you can’t be identified as an individual (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply. 

What is the Personal Data Legislation?

The General Data Protection Regulation (GDPR) provides rights to individuals regarding the collection, storage and use of their personal data.

The GDPR is further supported by the requirements of the Privacy & Electronic Communications Regulations (PECR).

Both are enacted into UK Law & this Privacy Notice is continuously updated to take account of any new requirements under GDPR & PECR.

The legislation requires that everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.

They must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information as set out under Article 9 of the GDPR and include:

“racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

We do not collect any special category of personal data, as defined by the GDPR, except if you are a staff member. If you apply for a vacancy within our firm but are not successful, we will delete your personal information including any special categories in line with our retention policy.

What is a Lawful Basis?

Under Article 6.1 of the UK GDPR, there must be a valid lawful basis in order to process personal data & when it is necessary for a specific purpose.

Lawful basis falls into six categories, each as important as each other & include:

  1. Consent: clearly given by the individual for their personal data to be processed for a specific purpose. Consent can be withdrawn at anytime.
  2. Contract: in place with the individual & the processing is necessary for it to be fulfilled, or because they have asked for specific steps to be undertaken before entering into a contract.
  3. Legal obligation: requires the processing to comply with the law (not including contractual obligations).
  4. Vital interests: is necessary for the data processing to protect someone’s life.
  5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: of the firm or a third-party requires the processing of the personal data, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

What Are Your Rights?

Under the Data Protection Act 2018 your main rights are to firstly find out what personal data is being collected & processed, how, why & for what purpose it is being used & stored.

Your rights also include:

  • For that data to be collected & processed:
  • Lawfully – for legitimate purpose;
  • Fairly – for no other purpose; and
  • Transparently – ensuring all those for who it has personal data are informed about the processing activities of their personal data.
  • For the systems in place to collect & process your data to contain privacy by design.
  • For there to be a Data Controller responsible and accountable for protecting your data, and GDPR requirements are respected, even if processing is being done by a third party. This means controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same firm.
  • For there to be clearly defined & actioned data storage, use, limitation of purpose, data and storage policies which can be evidenced.
  • To ask us to rectify any inaccurate information we may inadvertently hold, and restrict us from using it, until things are corrected.
  • To have data erased.
  • To stop or restrict the processing of your data.
  • To make data subject requests on your personal data & for the Data Controller to firstly ensure you are who you say you are, and then be responded to in a timely manner of 30 days.
  • To be informed of all data breaches within 72 hours of discovery & for it to be formally reported to the Data Controller in line with the firms Data Security & Protection Policy.
  • For the firm to conduct a Data Protection Impact Assessment to estimate the impact if a significant change is introduced in the processing of personal data, such as a new or changed process, service, data being collected etc.
  • For all employees or third parties of the firm acting in a capacity as an employee or contractor, to have awareness of the GDPR, PCRE & the firms policies supporting personal data & to receive regular relevant training.

What Personal Data do we Collect & Process?

As our Client, we will hold the following information about you:

  • Your full name and contact information, including your place of work & private residence.
  • Your date of birth, Nationality, National Insurance (NI) Number and Unique Tax Reference (UTR).
  • Your streams & sources of income whether through a sole trade or partnership business, employment, pension, investment or some form of government funding.
  • Information about your business activities including with whom you trade.
  • The names & business contact information of those within your organisation with whom we need to work.
  • Information and documentation relating to your business gathered from yourself, websites, HM Revenue & Customs, Companies House, LinkedIn, Instagram, Facebook (Meta) & the ICO.
  • Information and documentation about your matters or enquiries, including communications with you.
  • There will sometimes be Teams & Zoom meetings recorded, summarised and transcribed by Fathom – but only if the sessions recorded as mutually agreed.
  • Billing and payment information.

 

As a Potential Client, we will hold the following:

  • Your name & contact information.
  • Information relating to any queries, including business information you have provided to allow us to discuss how we may best be able to work with you.
  • Information and documentation relating to your business gathered from yourself, websites, Companies House, LinkedIn Instagram, Facebook (Meta) & the ICO.
  • There will sometimes be a Teams or Zoom meeting recorded, summarised and transcribed by Fathom – but only if the session recorded was mutually agreed.

As an Associate or Third-Party Consultant, we hold the following:

  • Your name, contact and billing information.
  • Information about the type of project you prefer to work on.
  • Your availability.
  • Information and documentation relating to your business gathered from yourself, websites, Companies House, LinkedIn Instagram, Facebook (Meta) & the ICO.

Why Do We Hold Your Personal Data & What is it Used for?

Legal Obligations: we use your personal data to meet ours & your legal obligations with HM Revenue & Customs, Companies House, our Governing Regulator the Institute of Chartered Accountants in England & Wales (ICAEW) (Lawful basis Art 6.1i Legal – We have a Legal requirement to ensure we adhere to all relevant laws & regulations related to our services).

Our Contract & Working Relationship with you: we use your personal data to fully provide our best possible services & advice to you. We will add your contact details to our internal email address book so we may send contracts, invoices, as well as to keep in contact throughout our relationship (Lawful basis Art 6.1h Contract – We have a Contractual obligation – to fulfil our agreed service with you ).

Relevant News & Marketing: We will also use your email address to send occasional news & direct marketing to prospective and existing clients (Lawful basis Art 6.1l legitimate Interest – We have a Legitimate Interest to make you aware of events & activities taking place which may be of relevance or impact your business or industry).

Prospective Clients, Associates or Third-Party Consultants: If we have met at a networking event, have asked for support on internet forums, or you have contacted us via our website, and we feel that you could be a suitable client, we will perform due diligence checks to ensure that we would be a compatible company for you. The information from these checks is used to contact you to explore business opportunities with us (Lawful basis Art 6.1l Legitimate Interest – We have a Legitimate Interest to perform basic due diligence on prospective clients, and to market our services to other organisations).

If at any time, you want to stop receiving new or marketing emails from us, simply let us know by responding to an email, and we will stop.

We will only keep the minimum amount of information we can about you & delete your data when it is no longer needed for the things we used it for.

Who Do We Share Your Data With?

We only share your detail with third parties who ensure we are able to perform & provide our services & to meet our legal obligations we collect data on your behalf from, & share your data with, the following third parties:

We will not transfer your personal data to any other third party without your permission.

For a list of who these third parties are please contact our Data Controller.

Exceptions: There are some exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We’ve never done this, but we want to keep this option open to us. (Lawful basis Art 6.1.f. We have a legitimate interest to pursue money owed to us).
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. (Lawful basis Art 6.1.c. Legal obligation)

Overseas Transfer of Information

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing needs it (for example, where we are emailing someone who is based outside the EEA to support your business needs, or because you have chosen to use an email or other communications service which routes data outside the EEA).

Occasionally, we may work on your matters when we are outside the EEA (for example, when on business or even if we are on holiday) — if this might be a problem for you, please let us know, and we can discuss.

Companies House, our website, LinkedIn, Instagram, Facebook (Meta) & the ICO & does not apply to these third-party websites and third-party service providers.

What You Need to Know About Our Website

Our website is hosted by Go Daddy Inc. (registered company number 09033201 in England and Wales),

It is being built by Professional Insight Marketing Ltd trading as JE Consulting (Company number 05883501 registered in England & Wales)

Third Party Websites & Service Providers

When using a link or refence from our website to another website or you request a service from a third party, our Policy no longer applies & you will be subject to that website’s or third-party service provider’s own rules & policies. We do not monitor, control, or endorse the Information collection or privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you deal with & to contact them if you have any questions about their respective privacy policies and practices.

How Do We Keep Your Data Secure?

To maintain the security of your Personal Data, we implement technical and organisational measures that are appropriate to the risks associated with the loss / illegal Processing of your Personal Data. We take security very seriously and we are a Cyber Essentials accredited company. Your Personal Data is stored in our cloud-based infrastructure.

How Long Do We Keep Your Information?

Clients: the duration of the relationship, plus 6 years for clients as required by HM Revenue & Customs.

Prospective Clients: 1 year from the last meaningful contact unless you have asked us to add your information to a suppression list. If you have requested suppression, we will keep the bare minimum so that we can be sure not to re-add you to any marketing lists.

Associates & Third Parties’: the duration of the relationship.

How Do You Contact Us?

Our Registered Office Address is:

85 Great Portland Street
First Floor
London
W1W 7LT

Our Data Controller: is Lyn Oaten & may be contacted on info@delphiniaccounting.co.uk  if you wish to ask any questions or exercise any of your rights.

 

We are a member of the UK’s supervisory authority the Information Commissioner’s Office (ICO). Should you feel it necessary to lodge a complaint about our processing of your personal data, you can do so at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk 

 

This Privacy Notice isn’t here to be agreed to, signed, consented to or otherwise – and it definitely doesn’t form any part of Ts&Cs.

Thank you for taking the time to read about how we use your information. If you have any questions, please contact us on info@delphiniaccounting.co.uk.

03.01.25