The EU Cookie Law
A cookie is a small piece of data sent from web sites you visit – such as this one – and stored in your web browser. The EU Cookie Law states that, with some exceptions, web sites must not now create and set such cookies without your explicit permission first. In the spirit of working towards compliance we would like you to know the following.
Our web publishing software predates the EU Cookie Law and sets 3 cookies in your browser as part of its default behaviour. No information that identifies you personally is collected. The names and functions of these cookies are as follows:
This cookie records the date and time of your last visit, which will be today. Although it is set for all visitors it only supports functions for registered users. It will expire automatically in a year.
This cookie records the date and time of your last visit to our site prior to today. If this is your first visit, the date and time set will be as per exp_last_visit. It will expire automatically in a year.
This cookie is more benign than it sounds. It merely records up to the last 5 pages you have visited on our site so that page redirection can be handled where appropriate. It will expire automatically when you quit your browser.
We regret that we cannot prevent these cookies from being set by default without compromising the function of our publishing system. We will ensure that our next publishing system is fully compliant.
In addition to the above, our use of Google Analytics sets the following cookies:
See Google’s explanation (for a technical audience) of how these are used.
Most browsers allow you to refuse to accept cookies.
- In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
- In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.
If you wish to discuss this issue further, please contact us.
ZENON TAX LIMITED – PRIVACY NOTICE
- PURPOSE OF THIS NOTICE Zenon Tax Limited is committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act (1998) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Data Protection Legislation says that the personal information we hold about you must be: • used lawfully, fairly and in a transparent way; • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes; • relevant to the purposes we have told you about and limited only to those purposes; • accurate and kept up to date; • kept only as long as necessary for the purposes we have told you about; and • kept securely
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
- ABOUT US Zenon Tax Limited is an accountancy and tax advisory firm. We are registered in England and Wales as a company under number 06562418 and our registered office is at 51 The Stream, Ditton, Aylesford, Kent ME20 6AG.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
We have appointed a Head of Privacy. Our Head of Privacy is our data protection point of contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our data protection point of contact you can do so using the contact details noted at paragraph 12 (Contact Us), below.
- HOW WE MAY COLLECT YOUR PERSONAL DATA We obtain personal data about you in various ways, for example:
Contract information and other correspondence When you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract, such as your name, contact details, contract details, and correspondence with us about the contract. We need certain information to carry out our contract with you and you must provide this in order to enter into the contract. If you do not, we may be unable to carry out our contract with you. Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us will include personal information (such as names and contact details). This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation. We may also collect details from call information, such as phone numbers, time and duration of calls. Please note that if we record your calls to or from us, we will inform you of this.
We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your organisation’s) account and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Employee information If you work for one of our clients, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
Information received from third parties We may also receive information about you from third party sources, such as:
• Our service providers. We sometimes work closely with third parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide us with information about you, to be used as set out above. • Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information we will hold and use the information you provided to them or which they otherwise held about you, in accordance with this privacy notice. • Publicly available sources. We may obtain information from publicly available sources such as Companies House or LinkedIn. • Credit information. We may also collect credit information on you from third party credit reference agencies.
Information collected at our premises We collect information about visitors to our premises. We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident. We operate CCTV at our premises which may record you and your activities. We display notices to make it clear which areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes. We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and visitor safety, and administering parking.
Special categories of data We typically do not collect sensitive or special categories of personal data about individuals. When we do need to process sensitive personal data, it is with the consent of the individual unless it is obtained indirectly for legitimate purposes. For example: • Personal identification documents that may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants. • Information provided to us by our clients in the course of a professional engagement. Where we collect “special categories” of particularly sensitive personal information this information, we retain this for 7 years.
Marketing We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our services in which you might be interested. We may collect this directly from you, or through a third party.
If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so. You always have the right to “opt out” of receiving our marketing. You can exercise the right at any time by contacting us. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications do not include direct marketing. If you are an existing client or are acting as a business we may use your contact details as necessary for our legitimate interest in marketing to you and maintaining a list of potential clients. If you are not an existing client and are not acting as a business, we will only contact you for marketing purposes with your consent (whether we have collected your details directly from you or through a third party).
We never share your name or contact details with third parties for marketing purposes.
Website information We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Notice on our website (www.zenontax.co.uk/terms-and-conditions/). Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Job applicants We will collect and hold information on job applicants, including information you provide to us in your application, or information provided to us by recruitment agencies, as well as information on you from any referees you provide. We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations and rights. If you are successful in your application, your information will be used and kept in accordance with our internal privacy notice. If you currently work for us, or used to work for us, you can request a copy of this from us. If you are not successful in your application, your information will be held in accordance with our firm’s retention policy. You must provide certain information (such as your name, contact details, professional and educational history) for us to consider your application fully. If you have not provided all of this information, we may contact you to ask for it. If you do not wish to provide this information, we may not be able to properly consider your application. If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information. If you are listed as an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that worker. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that worker, and for our legitimate interests in administering our relationship with that worker. Your information will be kept until it is updated by that worker, or we no longer need emergency contact details for that worker after they have stopped working for us.
Legal claims Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
4. THE KIND OF INFORMATION WE HOLD ABOUT YOU The information we hold about you may include the following:
• your personal details (such as your name, address, other contact details, National Insurance Number, Unique Taxpayer Reference number); • details of contact we have had with you in relation to the provision, or the proposed provision, of our services; • details of any services you have received from us; • our correspondence and communications with you; • information about any complaints and enquiries you make to us; • information we receive from other sources, such as publicly available information.
- HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU We may process your personal data for purposes necessary for the performance of our contract with you or your employer or our clients, and to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests or those of a third party provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.
We may process your personal data if we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Situations in which we will use your personal data We may use your personal data in order to:
• carry out our obligations arising from any agreements entered into between you or your employer or our clients and us (which will most usually be for the provision of our services); • carry out our obligations arising from any agreements entered into between our clients and us (which will most usually be for the provision of our services) where you may be a subcontractor, supplier or customer of our client; • provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes; • seek your thoughts and opinions on the services we provide; and • notify you about any changes to our services.
In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
Data retention We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
• the requirements of our business and the services provided; • any statutory or legal obligations; • the purposes for which we originally collected the personal data; • the lawful grounds on which we based our processing; • the types of personal data we have collected; • the amount and categories of your personal data; and • whether the purpose of the processing could reasonably be fulfilled by other means.
Change of purpose Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
- DATA SHARING Why might you share my personal data with third parties? We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our clients, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Which third-party service providers process my personal data? “Third parties” includes third-party service providers and other entities within our group. The following activities may be carried out by third-party service providers: IT and cloud services, professional advisory services, legal services, administration services, marketing services, banking services and regulatory bodies.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties? We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law. 7. TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA) Our offices are based in Ditton, Kent and our main data centre is located in the UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. We will take all steps reasonably necessary to ensure that your personal information is treated securely in accordance with this privacy notice.
Should you require further information about this, please contact us using the contact details outlined below.
- DATA SECURITY As well as the measures set out above in relation to sharing your information, we have put in place commercially reasonable and appropriate internal security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION Your duty to inform us of changes It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Your rights in connection with personal data Under certain circumstances, by law you have the right to:
• Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully. • Request correction of the personal data that we hold about you. • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes. • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. • Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our data protection point of contact on email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
- RIGHT TO WITHDRAW CONSENT In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us) you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email our data protection point of contact on firstname.lastname@example.org.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- CHANGES TO THIS PRIVACY NOTICE Any changes we may make to our privacy notice in the future will be updated on our website and, where appropriate, notified to you by email or otherwise. Please check regularly to see any updates or changes to our privacy notice.
This privacy notice was last updated on 25 May 2018.
- CONTACT US If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our Data Protection Point of Contact, Richard Price, on email@example.com or telephone 01732 400102.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns