Updated 6 September 2018
This website is operated by Cooper Paul, we are a Partnership with Andrew Gibson, Brian Jones and Colin Corrigan as Partners. We have two business locations Abacus House, 14-18 Forest Road, Loughton, Essex, IG10 1DX.
Cooper Paul is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
Contact for privacy questions or concerns
You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.
Collection of personal data
We receive personal data from individuals/businesses when becoming a client of Cooper Paul.
Once an individual/business is a client we collect data relating to that client from HMRC, smart search and public registers (Companies House) to carry out the services as agreed with each individual/business client. Additionally as we operate a payroll service for our clients we collect some personal data on those employed by our clients but only in the requirement of running the payroll for that business/individual.
Cooper Paul Website does not capture and store any personal information about individuals who access our website, except where you voluntarily choose to give us your personal details via email, or by using an electronic form, or enquiring about any of our services. In these circumstances, the personal information that you give us will only be used to provide the information and/or service you have requested.
What Personal data we collect?
We complete engagement letters with our clients for their approval of the collection the following data to operate as our client has instructed.
Personal data collected:-
- Personal Contact details including name, company name, job title, work and mobile telephone numbers, work and personal email and postal address.
- Financial information including taxes, payroll, investment interests, pensions, assets, bank details and/or insolvency records.
- Family and beneficiary details including name and date of birth for insurance and pension planning services.
- CCTV is operated at our Loughton office in the car park only, which may collect images of visitors. Our policy is to automatically overwrite CCTV footage within 30 days.
We may also receive some sensitive personal data during the business relationship we have with our clients and/or also for legal reasons if required:-
- Expense receipts submitted for individual tax or accounting advice that reveal affiliations with trade unions or political opinions.
- Adverse information about potential or existing clients and applicants that may reveal criminal convictions or offences information.
- Information provided to us by our clients in the course of a professional engagement.
Lawful reasons do we have for processing personal data?
We operate within UK law with the use and collection of personal data to operate our business, this includes contractual obligations from our clients, consent from a client providing us personal data and legal obligations and public interests as per regulatory/legal requirements.
Why do we need personal data?
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:-
- Providing professional advice and delivering reports related to our tax, advisory, audit and assurance, pension scheme administration, restructuring, mergers and acquisitions and other professional services. Our services may include reviewing client files for quality assurance purposes, which may involve processing personal data for the relevant client.
- Administering, maintaining and ensuring the security of our information systems, applications and websites.
- Authenticating registered users to certain areas of our sites.
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
- Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.
Sharing your Personal Data with Third Parties?
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the following categories of recipients:-
- Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
- Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
Do we transfer your personal data outside the European Economic Area?
We do not transfer any data outside the European Economic Area.
Your Data protection rights
Your data protection rights are listed below:-
Access - You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Right to erasure – You have the right to contact us in order to remove consent, to correct, or to erase your personal data at any time, where relevant.
Right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to object to processing - You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
Right to data portability - This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.
What about personal data security?
We work hard to ensure that your data is safe guarded whilst in our care, we have technical support in house policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
How long do we retain personal data?
We retain personal data only to provide our services and to work within the legal requirement of the laws, regulations and professional obligations an Accounting firm is subject to. We dispose of personal data via confidential shredding when it is no longer required.
Linking to other Websites