Wilkins Kennedy Privacy Notice
Wilkins Kennedy LLP together with Wilkins Kennedy FKC Limited, WK Corporate Finance LLP and W K Business Solutions Limited (Referred to as “Wilkins Kennedy”, “we”, “us” or “our”) respect your privacy and we are committed to protecting your personal data. This Privacy Notice will describe how we will look after your personal data, how and why we collect and use personal data, whether provided to us by the individuals concerned or others. We may use personal data as described in this privacy statement, or as made clear before collecting the personal data.
What is personal data?
Personal data is any information relating to an identified or identifiable living person.
Data Controller and contact information
The Data Controller for this site is Wilkins Kennedy LLP (Registered Number OC370220), together with its wholly owned subsidiaries, Wilkins Kennedy FKC Limited (Company Number 06544885); WK Corporate Finance LLP (Company Number OC315669) and W K Business Solutions Limited (Company Number 04646298). All entities are registered at Bridge House, 4 Borough High Street, London Bridge, SE1 9QR.
We have appointed a Data Protection Officer, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including exercising any of the rights set out later within this notice, you can contact the Data Protection Officer by email at DataProtectionOfficer@Wilkinskennedy.com or by writing to the Data Protection Officer, Wilkins Kennedy LLP, Gladstone House, 77-79 High Street, Egham, Surrey, TW20 9HY.
If you have any complaints relating to the use of your personal data, these can be sent to the Data Protection Officer, as set out in the paragraph above. We will try to deal with your concerns, and respond to you.
You have the right to make a complaint to the Information Commissioners Office (ICO), the UK supervisory body. For further information on how to raise your concerns visit https://ico.org.uk/for-the-public/raising-concerns/ . We would ask that you give us a chance to answer your questions before contacting the ICO.
Categories of Data Subjects
Personal Data that we process for our own purposes and on your behalf may include, but not be limited to:
1. Professional Services
Wilkins Kennedy provides services to individuals as well as businesses, charities and not-for-profit and other organisations. Where we engage with clients for professional services, we may collect and process personal data to satisfy our contractual obligations. We request that you do not send us personal data that is not required to fulfil our contractual obligations. The details of the contract will be set out in our letter of engagement.
We will also process your data to help us manage our clients. We use the data to assess the needs of our clients, and to service those needs. This may include reviewing the services we provide.
We use your data to assist with our administration, including raising fees, managing client relationships, hosting events, marketing activities and operating processes.
We may use your data to assist with our Regulatory, legal or ethical requirements. This may include verifying the identity of individuals.
What data do we collect?
The types of data we collect in respect of professional services will include your name and contact details, and other information to enable us to service your needs. It may include financial information, non-financial information, payroll information, other employee information (including information relating to staff performance, dismissals and legal disputes), shareholder information, customer and supplier information, income information, and any other information relevant to the work you ask us to perform.
How long do we keep data for?
We will retain the data for as long as it is considered to be necessary for the purpose we collected it for. This may be determined by law, or regulatory requirements. This is typically 6 years. We may keep data for longer to defend our legal rights, or the legal rights of our clients. Data may be kept for longer, where relevant, with restricted access applied to it.
Basis for processing data?
We will process your data under the lawful basis of contract. The contract between us is formed by your letter of engagement with Wilkins Kennedy. We will only process your data in accordance with the General Data Protection Regulation.
In some cases, in addition to the lawful basis of contract, we may be assisting you in complying with your legal obligation for processing data.
We will never process your data without a purpose, if it is un-necessary and where our interests are overridden by your own interests.
2. Marketing activity
For marketing purposes, we process personal data from current, former and potential clients, as well as business contacts. We process the following types of data:
- Name, and Job Title
- Email, Postal Address and Phone Number
- Industry and Specialisms
We use this information in order to send technical updates and invitations by email or post.
Where we already have a relationship with individuals such as clients and professional contacts, we will process their personal data on the grounds that we have a legitimate interest in sending them marketing material and there is no other way to communicate directly with them.
However, in doing so we have considered the balance between our need to market our services and the individuals’ right to privacy. We believe that the impact is minimal because:
- Clients expect their accountant to send updates and information that could affect their business, and they would also expect to receive invitations to appropriate events.
- Non-clients with whom we already have an established relationship, know us and would expect to receive relevant information and invitations.
- We aim to further reduce the impact of our data processing by allowing individuals to manage the communications they receive through an online preference centre https://wilkinskennedy.us14.list-manage.com/subscribe?u=e163290cff7b91a466d48a862&id=27c829b3fd.
We also respect individuals’ absolute right to object to the processing of their data. All our email communications include a simple opt out. If someone opts out we do not delete their data but store it on a suppression list so that we do not contact them in future.
Data retention and transfer to third parties for marketing purposes
We do not want to market our services to people who are not interested in hearing from us, so we will not hold onto personal data for any longer than is necessary. We monitor engagement through open rates of emails, clicking on links and attendance at events. Where individuals show no engagement after several attempts at communication, we will remove their details from our database.
We occasionally send personal data to third parties in order to deliver our marketing services.
- Sometimes we run events jointly with other trusted professional parties. We do not share our contact database with them, nor with other guests to our events, but your name may be included in an attendee list which is shared with our co-hosts and with other guests.
3. Our People
We collect personal data from our people as part of the administration, management and promotion of our business.
Our staff handbook and partnership agreement explain further how your data is held.
Applicants to join our firm
Where someone is applying to join Wilkins Kennedy, personal data is collected through the application process. Data may be collected through forms found on our website. Data collected through the application process will be used for the following purposes:
- For employment. We process that data received in order to consider the applicant’s potential employment with Wilkins Kennedy.
- For administration and management purposes. We may also use the data provided to assist us in making informed decisions about recruitment, management decisions and administration.
How long will we store your data?
We will store data relating to applicants for as long as it is relevant to the purpose for which it was collected, or for a maximum period of six years where those purposes are no longer relevant.
Basis for processing?
We will process your data under the basis of legitimate interest.
We collect and process personal data about our suppliers, subcontractors and individuals associated with them. The data is held to help us manage our working relationship with them, to contract and receive services from them, and in some cases to provide professional services to our clients.
What data do we collect?
We will collect and process our suppliers’ names and contact details. We also maintain details of transactions we undertake with them.
Basis for processing data?
We will process data based on the lawful basis of contract.
How long do we hold your data?
We will store your data for as long as it is considered necessary for the purpose for which it was collected. Data may be held for a longer period where determined by applicable law or regulation.
5. Visitors to our offices
We have procedures in place at our offices to keep our staff and partners, our visitors, and the data we hold, safe. We record the name of visitors and ask who they are meeting, if visitors come by car we may record their car registration, and we enter the times they arrive and leave our offices.
Signs in some of our receptions areas may indicate that we operate CCTV. The images are held securely and only accessed when needed, in the event of an incident.
Basis of processing?
We consider that we process this data under the lawful basis of legitimate interest.
How long do we hold data for?
Visitor records are only accessed on a need to know basis. They are not made available unless there is a reason for that data to be shared. CCTV recordings are only retained for a short period of time unless there has been an incident, in which case, they will be retained until they are no longer required.
Sharing personal data
We will only share personal data where we are legally permitted to do so.
When we share data with others, we put in place contractual arrangements and security procedures to protect the data and comply with our data protection policies, confidentiality and other security arrangements.
Personal data held by us may be transferred to:
- Third party organisations that provide IT services to us, or other functionality, applications or data processing. For example, we use third parties to provide IT support, as service providers for cloud-based software products, web hosting, and back up facilities.
- Some of our third party providers are based outside the EEA.
We may receive requests from third parties with authority to obtain disclosure of personal data. This may be in order to check that we are complying with applicable laws and regulations, to investigate alleged crime, to establish, exercise or defend legal rights, or to meet legal obligations that we hold.
We will only fulfil requests for personal data where we are permitted or required to do so, in accordance with applicable law or regulation.
Where will processing be performed?
Wilkins Kennedy’s own servers are based in the UK. The data may be transferred to, or stored at, a destination outside the European Economic Area (EEA). It may be processed outside the EEA, by staff based outside the EEA or by one of our suppliers.
Where we transfer personal data outside the EEA, we will take reasonable steps to ensure your data is treated securely.
Where we transfer personal data to a country not determined by the European Commission as providing adequate levels of protection for personal data, the transfers will be under an agreement which covers the EU requirements for transfers of personal data outside the EU.
Wilkins Kennedy has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or access in an authorised way, altered or disclosed. We limit access to your personal data to the employees, agents, contractors and other third parties who have a business reason to have access. They will only access and process your personal data on our instructions and all are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected breach of personal data and will notify you and the regulator where we are legally required to do so.
The Rights of an individual under GDPR
Individuals have certain rights over their personal data, and data controllers are responsible for fulfilling these rights.
- Right to be Informed – you have the right to know what data we have, how we use it and how long we will hold it for.
- Right of Access – Individuals may request access to their personal data, held by us as a data controller.
- Right to Rectification – if the personal data we hold about you is incomplete or inaccurate, you have the right to require us to rectify the data we hold. We may need to verify the accuracy of the data you provide to us in order to ensure our data is accurate.
- Right to Request Erasure (also known as the right to be forgotten) – You may request that we delete your personal data, where there is no good reason for us to keep it. However, we may not always be able to comply with your request, where we are required by law to retain your personal data. If this is the case, we will provide details of this, should you request erasure,
- Right to Object to Processing – Where we process your personal data based on the lawful basis of consent, individuals may withdraw their consent to this processing. You may also object to us processing your data for marketing purposes. In some cases, we may be able to demonstrate compelling legitimate grounds to process your data which override your rights.
- Right to Restrict Processing – This right allows you to ask us to suspend processing your personal data in the following cases:
- If you want us to verify the data’s accuracy;
- Where our use of the data is unlawful but you do not wish us to erase it;
- Where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or
- You have objected to our use of the data but we need to verify whether we have legitimate overriding grounds to continue to use it.
- Right to Data Portability – You have the right to request the transfer of your personal data, either to you or a third party, you have chosen. We will provide this data to you, in a structured, commonly used, machine – readable format
- Rights in relation to automated decision making and profiling – you have the right to know if, when and how automated decision making and profiling will be applied to your personal data.
Changes to our privacy notice
We keep our privacy notice under review. This notice was last updated on 24 May 2018.