Home » Privacy Policy

Privacy Policy

The Richards Sandy Partnership is committed to respecting our clients’ privacy, protecting your information from misuse or unauthorised disclosure and complying with privacy laws. The Richards Sandy Partnership values its reputation and aims to maintain high ethical standards in the conduct of our business affairs.

This client privacy notice explains how we use any personal information we collect from you when you enter into a contractual agreement with us to provide accountancy services.

Business Summary

We process personal information to enable us to provide accounting, auditing and related services, to maintain our own accounts and records and to support and manage our employees. Specifically:

Bookkeeping
VAT filing
Management accounts
Periodic accounts reviews
Preparation and filing of annual accounts
Preparation and filing of annual tax returns
Company secretarial services
Payroll processing
Company pension processing
Profit improvement consultancy
Personal and business tax planning
Business start-up advice
Business disposals
Business retirement strategies
Probate services

The Richards Sandy Partnership employs between 30 and 35 staff in Worcester.

Data Controller Details

Email Address: enquiries@richards-sandy.com
Telephone Number: 01905 611 666
Postal Address:

Thorneloe House

25 Barbourne Road

Worcester

Worcestershire

WR1 1RU

Data Protection Officer

Name: Dan Jackson
Email Address: dan@richards-sandy.com
Telephone Number: 01905 611 666

Data We Collect When We Enter Into A Client Agreement

This client privacy notice relates to our use of any personal information we collect from you during the setting up and agreement of accountancy services i.e. the commencement of a contract. Data collected:

Name
Email Address
Telephone Number
Postal Address
Employer
UTR
NI Number
Earning Records
Bank Account Details
Pension Details
Other Investment Details
ID documentation
Date of birth
Spouse’s name and date of birth
Marital status
Names and dates of birth of children

We collect personal data purely for performance of a contract.

We will not collect any information about you that is not required for the performance of a contract.

All of the information we collect is required for the performance of a contract.

The requirement to collect this data is absolute. If we do not collect this data we cannot perform a contract. You have the right to terminate a contract provided the notice period in the agreement is upheld. We have a legal obligation to retain personal data pursuant to a contract for presentation to HMRC, for the duration set out below.

Why We Collect Personal Data

We collect information about you purely to perform a contract. We also use it for business, regulatory and legal purposes, such as:

Dealing with any requests you make or questions you submit
Providing references to third parties with your express consent
Getting in touch if we need to tell you about something, like a change to our policies or issues with a service

Who Processes The Data We Collect (Who Are The Recipients Of Your Data?)

We will store and process your data following industry best practice and security. We will take all reasonable steps to ensure that there are appropriate arrangements in place that include provisions covering the appropriate secure transfer, handling and processing of the personal information by other entities and third parties. The majority of that processing takes place at The Richards Sandy Partnership in Worcester in the UK. Where processing takes place by one of our trusted data processors, we ensure that our contracts with those 3^rd parties contain the appropriate GDPR model clauses and that all our 3^rd parties are also compliant with the GDPR. This affords your data the same protection away from our organisation as it does within it. The data we collect through our services may be processed by one or more of the following:

TechTeam (UK) Limited

Where We Might Send Your Personal Data (Geographically)

We process data within the EEA and countries deemed by the European Union as having adequate safeguards for protecting personal data. These countries are recognised by the EU as having suitable safeguards for the rights and freedoms of individuals and recourse processes by which data subjects can exercise their rights. We will only consider transferring your data outside of the EU where the transfer is:

Made with your explicit informed consent
Necessary for the performance of a contract between you and this organisation or for pre-contractual steps we need to take at your request
Necessary for the performance of a contract made in your interest between this organisation and another person
Necessary for important reasons of public interest
Necessary for the establishment, exercise or defence of legal claims
Necessary to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent

Made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register)

How Long Do We Keep Your Data?

The data referenced above:

Is kept for as long as you remain contracted to our services
For six years plus the current year if you cease to be contracted to our services

Your Rights As An Individual In Respect Of The Data We Hold

We respect the rights and freedoms of individuals and as such we would like to make you aware of the following. You have the right to:

Request access to your data
Request rectification of your data where there are errors or inaccuracies or the data is not current
Request that the data we hold is removed entirely from our systems
Request us to restrict processing of your data
Object to our processing of your data
Request your data in a format that is commonly used/accepted
Send your data to another controller
Withdraw consent already provided at any time

The right to have data removed is only applicable where it does not conflict with our legal and regulatory requirements to keep certain records according to the data retention period.

You also have the right to complain to this organisation.

To exercise your rights above please contact the Data Protection Officer or Data Controller via any of the channels provided.

You also have the right to lodge a complaint with a supervisory authority. In this instance the ICO and their contact details are as follows:

https://ico.org.uk/concerns/handling/ or call the ICO on 0303 123 1113.

Quick Links for exercising your rights :

DPO email Address: dan@richards-sandy.com
DPO phone number: 01905 611 666
Controller email address: enquiries@richards-sandy.com
Controller phone number: 01905 611 666

Data Sources – Where Did You Get My Data?

Any and all data we collect is collected directly from you, the individual.

We may collect further information from publicly available sources such as the Companies House register if we have a legitimate interest to be able to access those sources legally.

Do We Have A Statutory Or Legal Right To Hold This Data?

We have a statutory and/or legal right to hold the data you provide.

See: Your Rights As An Individual In Respect Of The Data We Hold.

Automated Decision Making, Profiling, And What That Means For You

Any and all data we collect is not subject to any automated decision making. We do not profile you using your data. Any actions taken by us or our systems are as a direct result of explicit requests or consents you have chosen.

There are no foreseeable consequences of any significance in respect of providing the data or being removed from the records, except that we will not be able to contact you.

Service	Name	Purpose	Expires
	PHPSESSID	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between site applications to enable them to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
	nc_status	This cookie is used to optimise website traffic and distribution of services.	1 day
	nc_sid	This cookie is used to optimise website traffic and distribution of services.	Expires on browser close
	cookie_analytics	This cookie is used to define the option to enable or disable analytic and marketing cookies used for the website.	1 month
	ow_ac	This cookie is used to define whether cookiebar is displayed or not.	1 month
WordPress	wordpress_sec	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between content management system called WordPress to enable it to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
WordPress	wordpress_logged_in_xxxx	Creates a session of the user currently logged into the website through the WordPress login page. This expires upon browser close.	Expires on browser close
WordPress	wp-settings-x	Wordpress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	wp-settings-time-x	Wordpress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	_icl_current_language	This cookie allows the built in WordPress Multilanguage plugin, to store the user’s current language. This is critical for allowing the site to function properly.	1 day
WordFence	wfwaf-authcookie-(hash)	This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded. This cookie will only be applied for users who have logged into the website.	Expires on browser close
Litespeed	_lscache_vary	This cookie allows Litespeed to store the user’s login status, the role of current user and if it has admin bar showing or not.	2 days
Litespeed	ls_smartpush	This cookie allows Litespeed to store server settings to help with performance.	2 days

Name	Purpose	Expires
_ga	This helps us count how many people visit by tracking if you’ve visited before.	2 years
_gid	This helps us count how many people visit by tracking if you’ve visited before.	24 hours
_gat_irisOpenWebsite	This helps IRIS Software Group, the developer of the website, to monitor site performance for . The data collected is anonymous and is only used for analysing website performance overall.	24 hours
_gat	This is used for managing the rate at which page view requests are made.	Expires on browser close