Verve Wills & Estate Planning Ltd Data Protection Policy

Introduction

Verve Accountancy Limited is an independent accounting, tax and advisory firm who perform professional services. The firm has other offices, this policy applies to all of the offices.

In the course of our work with your Company we are likely to collect, use, transfer or store personal information about you, your business, your employees, your customers and suppliers, including names and addresses. The UK’s data protection legislation, including the General Data Protection Regulations (GDPR) contain principles and legal conditions which must be followed before and during any processing of personal information.

Our data protection policy will help you to understand what information we collect, how we use it and what choices you have.

By using www.vervewills.co.uk and submitting any personal information to us, and signing the terms of our engagement letter, you agree to the use by us of your personal information in accordance with the terms of this Data Protection policy.

What personal information do we collect

When you visit the www.vervewills.co.uk website -We do not require registration when you access the website, but if you participate in any of the activities or services offered by the website or complete a ‘contact us’ form, we will collect the personal data we need to be able to provide you with those services, such as your job title, name, email address and telephone number.

To manage the cookies and similar technologies used (tracking pixels, web beacons etc) and related consents, we use the consent tool, “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

Our website contains links to other reputable websites of interest. However, once you have used these links to leave our site, we do not have any control over the third party websites. We cannot be responsible for the content, protection and privacy of any information you provide whilst visiting these sites.

Cookies allow web applications to respond to you as an individual. They help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you share with us. You can choose to accept or decline cookies.

We may also collect data relating to your IP address, details of the pages you have visited on www.vervewills.co.uk and which browser you used to view www.vervewills.co.uk.

Personal information we hold will include names, address, telephone numbers, email addresses, national insurance details, tax references and income details.

We do not collect sensitive personal information from you. Sensitive data includes data relating to race or ethnic origin, political opinions, religious or other beliefs, physical or mental health, sexual orientation or criminal record.

How do we you your personal data?

We are a data controller. This means that we are required by law to ensure that everyone who processes personal data during the course of their work with us does so in accordance with the data protection legislation including the GDPR principles. In summary, the principles say that:

• Personal data must be processed in a lawful, fair and transparent way
• The purpose for which the personal information is collected must be specific, explicit and legitimate
• The collected personal data must be adequate and relevant to meet the identified purpose.
• The information must be accurate and kept up to date
• The personal data should not be kept in a form which permits identification of a data subject for longer than necessary for the purposes for which it is used,
• The personal data must be kept confidential and secure and only processed by authorised personnel.

We only use the data you provide to deal with your request and to provide the services you have asked for as described in our engagement letter.

We are legally obliged to hold some types of data to fulfil our statutory obligations and we will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant engagement letter you hold with us.

When we engage you as a client, we will carry out the necessary CDD checks (Client Due diligence) to verify your ID and this will include retaining ID documents on our records for the period you are a Verve client.  

Will you provide my information to a third party?

We may contract with other companies or individuals, agents, subcontractors, regulatory bodies and other associated organisations for the purposes of completing tasks, to deal with your enquiry or to otherwise operate our business. If we use third party providers, we disclose only the personal data that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes and we ensure those third parties are also fully compliant with the GDPR regulations. We may also process personal data in the “cloud” but we ensure we carry out the same level of checks to ensure those companies have adequate GDPR compliance in place with the Countries where their servers are located.

In order to perform our contract with you we may use external third parties based outside the EEA so the processing of your personal data may involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries ;
• where there is not an adequacy decision by the European Commission in relation to a country we may use certain service providers under specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries

We may share your information with other partner businesses which will include Verve Wills & Estate Planning Limited and Verve Wealth Planning Limited. If we Direct market you from other partner businesses, you will have the right to reject direct marketing in each and every marketing activity you will receive and if you notify us of the requirement to unsubscribe from marketing material we will cease immediately from sending further communications to you.

Any staff with access to your information have a duty of confidentiality under the ethical standards that Verve is required to follow. Our staff are continually trained and monitored on the rules and regulations under GDPR and the handling of personal data.

We will not release information to other third parties unless you consent in writing that we do so.

Your rights

You have the right to request:

• Details of the personal information that is stored by Verve.
• Correction of your information – we want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you.
• Deletion of data -you have the right to ask us to delete any personal information we hold about you where you consider we no longer require the information for the purposes it was obtained.
• that you withdraw consent to Verve holding your personal data where you have previously given consent. You can contact your local Verve office to notify us that you withdraw your consent.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect internally and online.

Marketing

We are subject to specific rules under the GDPR in relation to marketing our services. This could be marketing from our other partner businesses. You will have the right to reject direct marketing in each and every marketing activity you will receive and if you notify us of the requirement to unsubscribe from marketing material we will cease immediately from sending further communications to you.

Subject Access Requests

Under the GDPR, subject to certain legal limitations, individuals have available a number of legal rights regarding how their personal data is processed and what information we hold. You can request in writing a Subject Access Request and ask us what information we hold about you personally and also request the following:

• Confirm what personal data we hold
• Request corrections to be made to data we hold
• Request erasure of data
• Object to the processing of data
• Request that processing restrictions be put in place  
• Right to be notified of a data security breach

How will we respond to a data subject request?

We will reply within a reasonable time frame to any subject access requests in writing.

Action to be taken in the event of a data protection breach

A personal data breach will arise whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on an individual.

In the event of a security incident or breach, Verve will ensure they:

• contain the breach;
• will assess the potential adverse consequences for individuals, based on how serious or substantial these are, and how likely they are to happen; and
• limit the scope of the breach by taking steps to mitigate the effects of the breach.

The Data Protection Officer will determine within 72 hours the seriousness of the breach and if the Information Commissioner’s Office (ICO) and/or individuals need to be notified of the breach.

Staff Training

All employees and principles of Verve that handle personal information of individuals have an understanding of the data protection legislation, including GDPR.

We will provide all employees and principles of Verve with continuous training and updates on how to process personal data in a secure and confidential manner and in accordance with the spirit of the data protection legislation, including GDPR. They are also kept informed and are aware of any changes made to privacy notices, consent procedures and any other policies and procedures associated with our internal processing of personal data.  

Complaints

Should you wish to enquire about our use of your personal data, please contact your usual contact at your local office. We will investigate all complaints received and will endeavor to respond to complaints promptly.