PRIVACY NOTICE

Data Privacy Notice – Aviso Business Services Ltd

 Aviso Business Services Ltd is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

 Aviso Business Services Ltd is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to current and former employees, workers and subcontractors. This notice does not form part of any contract of employment or contract for services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are aware of how and why we are using such information.

How we use your personal information?

We process personal information to enable us to provide accounting, tax compliance and related services, and to allow us to suggest services which may be of interest to you.

We may, from time to time, contact you regarding legal, technical, regulatory or industry changes that we believe should be brought to your attention.

We may need to use your information for regulatory purposes. For instance, we are required to carry out anti-money laundering checks as part of our new client take on process.

We may need to provide your information to service providers or other professional advisors. In the instance that personal identifiable data is shared, we will request your consent before doing so.

How we store your personal information?

We have put in place measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data sharing

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

“Third parties” includes third-party service providers such as HMRC, accounting software providers, other entities within our group, IT and cloud services providers, professional advisory services, administration services, marketing services and banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

Access to your information, correction and removal

You have the right to request a copy of the information that we hold about you, to correct information or to request the removal of your data.
We want to make sure that your personal information is accurate and up-to-date. You may ask us to correct or remove information that you think is inaccurate.

To access your information, make corrections and removal:

  • Submit your request by email to paul.tonks@aviso.services

  • The information will be provided free of charge within three-weeks

  • The information will be in an accessible format and intelligible

  • If the request is complex it may be extended to two-months and a reasonable (and justified) charge may be applied. We will advise of this within the initial three-weeks

  • All requests are logged

  • All requests are confirmed and responded to. If this doesn’t happen please contact the Data Protection Officer. Contact details in the footer of this privacy policy.

Breach notification procedure

  • The client will be advised of all breaches relevant to their data including:

    • Confidentiality

    • Availability

    • Integrity

  • Awareness: reasonable degree of certainty that a security incident has occurred that has led to personal data being compromised.

  • If the breach is reportable to the Information Commissioner’s Office (ICO) it will be within 72 hours of becoming aware of it.

  • All breaches will be logged.

  • Aviso Business Services Ltd as controller will document any personal data breaches, compromising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this article.

  • The notification will include the nature of the breach, the Data Protection Officer’s details, the consequences of the breach, the measures taken to address the breach and measures to mitigate its possible adverse effects.

  • If appropriate measures were taken, if the personal data was unintelligible/encrypted the situation will be logged, and the client advised, but the ICO may not be informed.

  • All breaches will be contained where possible and the severity of the resulting risk will be assessed.

  • An internal meeting will be held at Aviso Business Services Ltd including the department head, Data Protection Officer, responsible person and a Director.

  • Notes will be provided and filed with the log.

Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided

  • any statutory or legal obligations

  • the purposes for which we originally collected the personal data

  • the lawful grounds on which we based our processing

  • the types of personal data we have collected

  • the amount and categories of your personal data

  • whether the purpose of the processing could reasonably be fulfilled by other means

Please note that, we are required by our professional body and professional indemnity insurers to retain certain client data for a period of time following and during our client engagement. If your request for data removal is within this timeframe we will notify you, and we will remove all data which does not conflict with this obligation.

Liability and indemnity

  • Aviso Business Services Ltd is as standard a Data Controller

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

 

If you have any questions about this privacy notice, please contact the Data Protection Officer on 01305 233177 alice@aviso.services

You can also write to us at 1 Widcombe Street, Poundbury, Dorchester, Dorset, DT1 3BS