Privacy & Cookie Notice

1. Introduction

In compliance with UK and European data protection regulations, this privacy policy explains what personal information we collect from you when you visit our website, are a recipient of our services, are an employee (or prospective or former) or are a supplier.

Broadwing Accountancy is committed to processing personal information about its clients, employees and suppliers in ways that comply with its legal and regulatory obligations, and to being clear with client’s, employees, and suppliers about what it does with their personal information.

Regardless of whether you are a client, an employee, or a supplier, we are custodians of your data. We are committed to maintaining the confidentiality, integrity and availability of your data. The following sections outline our approach to keeping your information safe. We want to help you make informed decisions, so please take a few moments to read this policy.

2. Who are we?

We are Broadwing Accountancy Services. Working with individuals, SMEs and global businesses and with hundreds of years of combined experience, we can help with personal tax advice, day to day bookkeeping and all aspects of business accounting and finance. We provide the following services to our clients and will process personal data in order to deliver these services:

  • Financial Statements and Corporation Tax
  • HNWI Tax Planning
  • Outsourced Accounting
  • Payroll
  • Business Advisory and Special Projects
  • Company Secretarial Support and Admin Services

Alternatively, you may be an employee, former employee or have applied for a role with us or be a supplier to us. In each of these cases we will process your data.

We’ve provided more detail in the sections below on how we use and manage your information.

In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Broadwing Accountancy’, we’re referring to Broadwing Accountancy Services Ltd., company number 09552297. Our ICO registration number is ZA185922.

If you have any questions relating to this privacy policy or how we use your personal data, please send them to [email protected] or post them to the Compliance Team, Unit 2A Rickyard Barn, Blisworth Hill Farm Business Park, Stoke Road, Blisworth, Northampton, NN7 3DB or by telephone at 01604 328328.

This privacy notice tells you what to expect us to do with your personal information.

3. Data Controller or Data Processors?

Where personal data is provided to Broadwing Accountancy Services Limited directly or by a third party on behalf of a client during an engagement (Client Personal Data) the client is the data controller and we act as a data processor (for example, when processing payroll). Where we are a data processor, we have a separate contract in place with the data controller (our Client) which governs our responsibilities in respect of our processing.

If you do not have a direct contract with Broadwing Accountancy, and you do have a direct relationship with one of our clients (e.g. as an employee of the business client, or as a client of that business), then you should review their data privacy information and contact them in the first instance. It is likely that they are the Data Controller and will be best placed to help you. The contact information is typically contained in their privacy policy, which is usually provided on their website.

In respect of Personal Data that we include in accounts, reports and other work products we may prepare, Broadwing Accountancy Services Limited is a Data Controller within the meaning of the GDPR. For employee (current, former or applicants) or suppliers, we are the Data Controller.

4. The purpose for which we process personal data.

4.1 If you are a client:

We will only market further services from Broadwing to you where you have consented to us to do so. We will not pass your details onto any other person, company or organisation for the purposes of marketing unless you give us explicit consent.

We will collect the following information from you:

  • Unique Information: Data that allows us to identify you eg. name, marital status, address, date of birth, gender, email address, telephone number
  • Financial information: this is information relating to your salary, details of other income, national insurance number, tax information, pension details, bank account details, credit card information. For payroll processing, we will also collect details related to benefits and other payments for example (but not limited to) maternity, statutory sick payment, Child maintenance, repayments of student loans etc.
  • Administrative information: details of how to invoice you such as billing address and other contact information
  • Other information: this could include details about other payments to / from your employee, credit reference information

We process personal data for the following purposes:

  • to enable us to supply professional services to you as our client.
  • to fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and
  • Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”))
  • to comply with professional obligations to which we are subject as a member of the Association of Chartered Certified Accountants
  • to use in the investigation and/or defence of potential complaints, disciplinary proceedings, and legal proceedings
  • to enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
  • to contact you about other services we provide which may be of interest to you if you have consented to us doing so.

4.1.1 The legal bases for our processing of personal data.

Our intended processing of personal data has the following legal bases:

  • at the time you instructed us to act, you have signed a contract that allows us to process your personal data for the purposes listed above.
  • the processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2017)
  • the processing is necessary for the purposes of the following legitimate interests which we pursue: e.g. investigating/defending legal claims; conducting fraud checks, providing you with details of new products or services that we believe that you will be interested in.

It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.

4.2 If you are an Employee (or former Employee)

If you are an employee or former employee at Broadwing Accountancy and would like to understand more about how your data is processed, then please refer to the Employee Privacy Handbook. This document provides further details on how your information is collected, used and retained. If you would like a copy, then please contact us at the address above.

4.3 If you are a prospective Employee:

If you have applied for a role with Broadwing Accountancy, we need to process certain information about you. We only ask for details that will genuinely help us to consider you for a role, such as:

  • Name.
  • Contact details including telephone numbers, email address and postal address.
  • CV / Work History.
  • Work preferences including role, salary.
  • Publicly available information, or information provided by you, in relation to professional history, educational background, employment history, skills and experience, professional certifications and affiliations, educational and professional qualifications

With your permission, we may ask you to provide information relating to your gender, ethnicity, sexual orientation, disability, religion, and belief. By collecting and analysing equality and diversity data, we can ensure our recruitment practices are providing fair access and opportunities for all, and that we are able to meet our obligations under the Equality Act 2010.

We will store your personal data in our HR files for 3 months from the date of your initial application/submission. After the 3 months has expired, your data will be deleted from our records except in circumstances where you are part of a live application process, or you have asked to be considered for future opportunities at Broadwing Accountancy. In these instances, the retention period will be extended by a further 3 months. You have the right to delete your personal information at any time.

More information is available in our Employee Privacy Handbook. If you would like a copy of this, please contact us at the address above.

4.4 If you are a Supplier:

If you are a supplier to Broadwing Accountancy, then we will hold information that allows us to administer our contract with you. This will include contact details such as your email address, a contact telephone number and banking details to ensure that we can pay you for the goods or services that we receive.

4.5 If you are Prospective Broadwing Accountancy Client:

We maintain a marketing database of prospective and current Client data where consent has been given, and not withdrawn or expired, or where we have reason to believe there is legitimate business interest in us keeping potential prospects and existing Clients informed of our company, products, and services.

This information can be collected directly from our website when a visitor signs up to hear more about our products and services, or from other publicly available sources such as LinkedIn, or from referrals or from events that we may attend or host.

5. Our approach to the processing of data

Regardless of whether you are a client, an employee, or a supplier, we are custodians of your data. We are committed to maintaining the confidentiality, integrity and availability of your data. The following sections outline our approach to keeping your information safe.

5.1 Persons/organisations with whom we may share personal data

We may disclose your information to other third parties we engage to enable us to provide services to you. We use third parties to help us host our infrastructure and applications, communicate with clients, power our emails, support our business office activities as we believe they are the best in their field at what they do. An example of our third-party providers includes Microsoft and Xero. Any personal data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

A list of current sub-processor categories is available to parties with whom we either have contracts or are in discussions with. If you would like more details of these 3rd parties, then please contact us as outlined above.

5.2 Other 3rd parties:

We may share your personal data with:

  • HMRC
  • any third parties with whom you require or permit us to correspond.
  • subcontractors
  • an alternate appointed by us in the event of incapacity or death.
  • tax insurance providers
  • professional indemnity insurers
  • our professional body (the Association of Chartered Certified Accountants) and/or the Office of Professional Body Anti Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”).

We may need to share your personal data with the third parties identified above to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.

6. Transfers of personal data outside the UK

In common with other professional service providers, we use organisations located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers are located.

We will neither transfer nor process personal data outside the UK, nor will we permit personal data to be so transferred or processed by a third party, unless it is under one of the following conditions:

  • With your consent;
  • the territory into which the data are being transferred has an adequacy decision issued by the European Commission (under EU GDPR) or an adequacy regulation made under DPA2018 section 17A by the Secretary of State (under UK GDPR);
  • the transfer is made under the unaltered terms of the standard contractual clauses issued by the European Commission (under EU GDPR) or the Secretary of State (under UK GDPR);
  • the transfer is made under the provision of binding corporate rules which have been approved and certified by the European Commission (under EU GDPR) or the Commissioner (under UK GDPR);
  • the transfer is made in accordance with one of the exemptions set out in GDPR Article 49.

6.1 International Transfers to United States of America

Some of our processors, such as Microsoft, are ultimately US-owned, but our contracts are with their UK or EU entities, subject to UK GDPR and EU GDPR legislation respectively. Some of our processors who host personal data in the United States of America comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.

7. Retention of personal data

Data processed by Broadwing Accountancy is subject to data retention policy and processes which, where practicable, minimize the retention of data. We retain your data to comply with contractual, legislative, and regulatory obligations.

7.1 Client and Supplier information

  • When acting as a Data Controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all our records relating to you as follows:
  • where tax returns have been prepared it is our policy to retain information for 7 years from the end of the tax year to which the information relates
  • where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship but will be deleted 7 years after the end of the business relationship unless you as our client ask us to retain it for a longer period.

Our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.

You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us.

7.2 Companies, LLPs and other corporate entities

  • Six years from the end of the accounting period.

Where we act as a data processor as defined in DPA 2018, we will delete or return all personal data to the data controller as agreed with the controller monthly/annually/at the termination of the contract.

7.3 Individuals, trustees and partnerships

  • with trading or rental income: five years and 10 months after the end of the tax year
  • otherwise: 22 months after the end of the tax year.

8. Data Security

We have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have been certified to the Cyber Essentials scheme since 2020. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and who receive regular training on cyber security and data privacy. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have procedures in place to identify, manage and respond to suspected personal data breach. In the event of a breach, we will notify you and the ICO of a breach where we are legally required to do so.

9. Your Data Protection Rights

Under the data protection law, you have rights as follows. If you would like to exercise your rights, then please contact us as detailed above. We may ask you for additional information to verify your identity.

We will endeavour to respond to any requests made to us without undue delay and within one month. We may extend the period by a further two months where the request is complex, or several requests are received but we will inform you within one month of the receipt of the request and explain why the extension is necessary.

Where we act for as a data processor (e.g. by processing payroll), you will need to contact the Data Controller using the information contained in their privacy policy.

9.1 Requesting personal data that we hold about you (subject access requests)

You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).

To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information.

The legislation requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).

We typically will not charge you for replying to a SAR.

You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.

9.2 Putting things right (the right to rectification)

You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.

9.3 Deleting your records (the right to erasure)

In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.

9.4 The right to restrict processing and the right to object

In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or object to processing so that we can consider what action, if any, is appropriate.

9.5 Obtaining and reusing personal data (the right to data portability)

In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website (www.ico.org.uk).

9.6 Withdrawal of consent

Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.

Please note:

  • the withdrawal of consent does not affect the lawfulness of earlier processing.
  • if you withdraw your consent, we may not be able to continue to provide services to you.
  • even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).

9.7 Automated Decision-making

We do not intend to use automated decision-making in relation to your personal data.

10. Marketing and Website activities

Broadwing Accountancy does not sell, trade, or rent your information, and does not give or distribute it to any third parties except as described above.

If Broadwing Accountancy are marketing or contacting you directly, whether by email, telephone call or post, and you wish to be removed from our marketing database, then please contact us at the details above.

Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

10.1 Newsletters

We may send you marketing emails, letting you know about our news, offers and new services that we think may be of interest to you. However, we understand that needs and requirements may change, and you may opt out later by writing to us at or by selecting ‘unsubscribe’ in the email link. We will not send you information if you’ve asked us not to. You have a right at any time to stop us from contacting you for marketing purposes.

10.2 Cookies and Similar Technologies:

The Broadwing Accountancy website use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session id), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. In simple terms, there are two types of cookies:

  • Functional cookies are cookies that ensure the proper functioning of the website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission.
  • Non-functional cookies are cookies that can be set for statistical, social, targeting, and commercial purposes. Installation of these cookies on your devices requires your permission and will only be applied once your permission has been provided via the cookie banner. Broadwing Accountancy currently does not use non-functional cookies.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated
July 2024

We are dedicated to helping businesses and individuals navigate the complex world of tax and accounting

Linkedin

Broadwing Accountancy Limited is Regulated by the Association of Certified Chartered Accountants (ACCA).

We are dedicated to helping businesses and individuals navigate the complex world of tax and accounting

Broadwing Accountancy Limited is Regulated by the Association of Certified Chartered Accountants (ACCA).