Privacy Policy

GENERAL DATA PROTECTION REGULATION (“GDPR”) – PRIVACY NOTICE
USE OF PERSONAL INFORMATION

How the law protects you?

Valentine & Co are committed to protecting and respecting your personal data and privacy. This privacy policy relates to our use of any personal data we collect from any of our services. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data.

As well as this Privacy Policy, your privacy is protected by law. The General Data Protection Regulation (‘GDPR’) ensures that we use your personal information only if we have a proper reason to do so.

The law states we must have one or more of these reasons for using your data:

  • To fulfil a contract we have with you to provide our services
  • Where it is our legal duty
  • When it is in our legitimate interest
  • When you consent to the use of the data

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Your rights

Under the GDPR your rights are:

  • To be informed – we must make available this privacy notice with the emphasis on transparency over how we process any personal data
  • Access – you are entitled to find out what details we may hold about you and why
  • Rectification – we are obliged to correct or update your details
  • Erasure of information we hold – also known as the right to be forgotten. You have the right to require us to delete personal data – in certain circumstances
  • Restrict processing – you have the right to ‘block’ or suppress the processing by us of personal data
  • Data portability – you have the right to obtain and reuse your personal data that you have provided to us in a structured, commonly used and machine-readable format
  • Object – you have the right to object to us processing personal data in relation to direct marketing and/or profiling

The data we collect

  • Personal data we process may include your (or your employer’s) name, address, date of birth, family relationships and email address and telephone number. We may also process details relating to your employment (including National Insurance
  • Number, salary, pension arrangements, personal tax details etc).The data collection may also include your IP address and cookies (website)
  • We may have reason to collect personal data from you in relation to the provision of our services as insolvency practitioners, including your financial details, details relating to your assets, tax affairs, bank accounts, investments, payroll information, accounting records and other statutory returns
  • We may require documentary details from you such as a driving licence, passport or birth certificate, in order to comply with our obligations under identification, money laundering and anti-terrorism legislation.
  • Our collection methods are:
    – via our website;
    – through engagement (or potential engagement) of our services;
    – by communications, including email, telephone, post or social media;
    – networking;
    – through engagement of service providers;
    – via third parties and/or publicly available resources (for example from your employer, HMRC or from Companies House, Linkedin profile etc).
  • When using our digital services, such as our website or other digital services, we may gather data from you using cookies and other internet tracking software, the purpose of which is to understand how you are using our services, and to provide you with better and enhanced information.

What we use personal data for

We use information held about you to:

  • conduct checks to identify clients and verify identity
  • provide services to you as set out in a Letter of Engagement between us or where appointed as an Insolvency Practitioner, to fulfil our obligations under statute or regulation including completion of statutory returns
  • update and enhance client and contact records
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or by Legitimate Interests
  • notify you about changes to our services
  • fulfil our legal obligations including money laundering and identification checks, complying with anti-terrorism financing and Criminal Finances Act legislation
  • enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

We also embrace the use of social media and may wish to process any comments made public by you.

How we may use personal your data

Under data protection law, we can only use personal data of we have a proper reason for doing so, eg

  • to comply with our legal and regulatory obligations when acting as insolvency practitioners
  • as part of other services offered to you
  • for our legitimate interests, where we have a business or commercial reason to use personal information, so long as an individual’s own rights and interests are protected
  • to provide data to other professional advisors who we instruct eg accountants and lawyers, mortgage providers, H M Land Registry in the case of a property transaction or Companies House, banks, employers, insurers or brokers, IT providers (the list is not exhaustive)

Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.

Data deletion

Under GDPR you have the right to request that under specific circumstances personal data we hold be deleted. A request for this will be decided on a case by case basis and must be submitted in writing to the contact details provided in this policy.

Data correction

We will correct or update your data at the earliest opportunity provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.

Data security

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to use it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data inspection

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request (SAR) under the GDPR is your right to request a copy of the information that we hold about you. SAR requests must be in writing to the contact details provided in this policy. If we do hold your personal data, we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • confirm that your data is being processed
  • verify the lawfulness and the purpose of the processing
  • confirm the categories of personal data being processed
  • confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • let you have a copy of the data in an intelligible form

Please note that you may need to provide identification, in order to prove who you are in order to access your data. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

In the instance that we do not hold information about you we will also confirm this in writing at the earliest opportunity.

Withdrawal of consent

Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent. However, please note that:

  • The withdrawal of consent does not affect the lawfulness of earlier processing
  • If you withdraw your consent, we may not be able to continue to provide services to you

Complaints

You have the right to complain about the processing of your personal data. If you have any concerns over how we have used or are using your date then please contact us using the details provided below.

If you are still not satisfied that we have addressed your concerns adequately, you have a right to lodge your complaint with the Information Commissioners Officer, details of which are available at Information Commissioners Office. https://www.ico.org.uk/concerns

Contact
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Mark Reynolds):

Email address: [email protected]

Telephone number: 0208 343 3710

Postal Address: Valentine & Co, Galley House, Moon Lane, Barnet, EN5 5YL

Changes to our Privacy Policy
We reserve the right to modify or amend this privacy statement at any time and for any reason. Nothing contained herein creates or is intended to create a contract or agreement between us and any user visiting the website or providing identifying information of any kind.