The current website operates the The current URL website, which provides the SERVICE.
This page is used to inform website visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service, the The current website website.
If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect are used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at The current URL, unless otherwise defined in this Privacy Policy.
For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. The information that we collect will be used to contact or identify you.
We want to inform you that whenever you visit our Service, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive.
Our website uses these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.
We may employ third-party companies and individuals due to the following reasons:
To facilitate our Service;
To provide the Service on our behalf;
To perform Service-related services; or
To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Children’s Privacy
Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us: admin@myfinancepartner.uk
The Data Protection Act 2018 (“DPA 2018”) and the UK General Data Protection Regulation (“UK GDPR”) impose certain legal obligations in connection with the processing of personal data.
My Finance Partner Ltd is a controller within the meaning of the UK GDPR. The firm’s contact details are as follows:
My Finance Partner Ltd
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice.
Where we act as a processor on behalf of a controller (for example, when processing payroll), we provide an additional schedule setting out required information. That additional schedule should be read in conjunction with this privacy notice.
The Type of Personal Data we collect
For provision of services efficiently, we will collect and process the following personal data:
Name
Date of Birth
Marital Status
Nationality
Address
Contact Number
National Insurance
Photo ID
Why we process personal data
We process personal data for the following purposes:
to enable us to supply professional services to you as our client
to fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 (MLR 2019))
to use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings
to enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen
to contact you about other services we provide which may be of interest to you if you have consented to us doing so
The legal bases for our intended processing of personal data
We rely on the following legal bases in order to process your personal data:
occasionally we will rely on your consent to process your personal data but only if we have contacted you beforehand and asked you to agree;
the processing is necessary for the performance of our contract with you so that we can deliver our services to you;
the processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2019);
the processing is necessary for our legitimate interests, such as: investigating/defending legal claims, recovering debts owed to us, keeping our client records up to date and to develop our services and grow our business.
If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
Persons/organisations to whom we may give personal data
We may share your personal data with:
HMRC
any third parties with whom you require or permit us to correspond
subcontractors (Including overseas book-keepers)
an alternate appointed by us in the event of incapacity or death tax insurance providers
professional indemnity insurers
the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2019 (or any similar legislation)
other professional consultants and service providers
If the law allows or requires us to do so, we may share your personal data with:
the police and law enforcement agencies courts and tribunals
the Information Commissioner’s Office (“ICO”).
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.
Transfers of personal data outside the UK
Your personal data will be processed in the UK and by a Third-party Contractor (Processor) who is bound by the International Data Transfer Agreement and complies with UK GDPR.
Retention of personal data
When acting as a data controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:
where tax returns have been prepared it is our policy to retain information for six years from the end of the tax year to which the information relates
where ad hoc advisory work has been undertaken it is our policy to retain information for six years from the date the business relationship ceased.
where we have an ongoing client relationship, data which is needed for more than one year’s tax compliance (e.g. capital gains base costs and claims and elections submitted to HMRC) is retained throughout the period of the relationship, but will be deleted four years after the end of the business relationship unless you as our client ask us to retain it for a longer period.
Our contractual terms provide for the destruction of documents after four years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.
You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as follows:
Individuals, trustees and partnerships
with trading or rental income: five years and 10 months after the end of the tax year otherwise: 22 months after the end of the tax year.
Companies, LLPs and other corporate entities
six years from the end of the accounting period.
Where we act as a processor as defined in DPA 2018, we will delete or return all personal data to the controller as agreed with the controller at the termination of the contract.
Subject Access Requests (Requesting personal data we hold about you)
You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).
Please provide all SARs in writing.
To help us provide the information you want and deal with your request quickly, you should include enough details to enable us to verify your identity and locate the relevant information. For example, you should tell us:
your date of birth
previous or other name(s) you have used
your previous addresses in the past five years
personal reference number(s) that we may have given you, for example your national insurance number, your tax reference number or your VAT registration number
what type of information you want to know
If you do not have a national insurance number, you must send a copy of:
the back page of your passport or a copy of your driving licence a recent utility bill.
DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).
You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.
Where you are a controller and we act for you as a processor (e.g. by processing payroll), we will assist you with SARs on the same basis as is set out above.
The Right to Rectification (Putting things right)
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.
The Right to Erasure (Deleting your records)
In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.
The right to restrict processing and the right to object
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.
Obtaining and reusing personal data (the right to data portability)
In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine- readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website (www.ico.org.uk).
DATA PROTECTION POLICY
Statement and Purpose of Policy
My Finance Partner Ltd is committed to ensuring the privacy and security of personal data collected, processed and stored in accordance with the UK General Data Protection Regulation (UK GDPR).
We confirm for the purposes of data protection laws that My Finance Partner Ltd is a Data Controller of personal data.
The purpose of this Policy is to help us achieve our data protection and data security aims by:
Setting out the rules on data protection and legal conditions that must be satisfied when we collect, receive, handle, process, transfer and store personal data;
Clarifying the responsibilities and duties in respect of data protection and data security.
Interpretation
Data protection laws means all applicable laws relating to the processing of personal data, including, for the period during which it is in force, the UK GDPR.
Data subject means the individual to whom the personal data relates.
Personal data means any information that relates to an individual who can be identified from the information.
Processing means any use that is made of data, including collecting, storing, amending, disclosing or destroying said data.
Special categories of personal data mean information about an individual’s racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
(1)Data Protection Principles
My Finance Partner Ltd adheres to the following principles of data protection:
Lawfulness, fairness, and transparency: There must always be a lawful basis to process personal data, as set out in the data protection laws. Personal data may be processed as necessary to perform a contract with the data subject, to comply with a legal obligation which the data controller is the subject of, or for legitimate interest of the data controller or the party to whom the data is disclosed. The data subject must be told who controls the information (us), the purpose(s) for which we are processing the information and to whom it may be disclosed.
Purpose limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data minimization: Personal data is limited to what is necessary in relation to the purposes for which it is processed. Data will be processed to the extent required for the specific purpose notified to the data subject.
Accuracy: Personal data is accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that the information that is inaccurate is rectified or deleted without delay.
Storage limitation: Personal data is kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Integrity and confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
(2) Accountability and Regulatory Compliance
All parties will comply with any applicable legislation relating to personal data and will ensure that where personal data is processed this is done in accordance with applicable local law. Where local legislation relating to personal data requires a higher level of protection for personal data, such legislation will take precedence over this Policy. Where there is no law or the law does not meet the standards set out by the Rules in this Policy, the position will be to process personal data adhering to the Rules in this Data protection and security Policy.
(3) Data Collection and Processing
Only collect personal data for specified, explicit, and legitimate purposes.
Obtain consent from data subjects before collecting their personal data, where required.
Inform data subjects about the purposes of data collection and processing, the legal basis for processing, and their rights regarding their personal data.
Ensure that all personal data collected is accurate, relevant, and limited to what is necessary for the purposes for which it is processed.
Regularly review and update personal data to ensure its accuracy and relevance
Where it is necessary to safeguard national security or defence, for the prevention or detection of crime, taxation purposes, legal proceedings or where otherwise permitted by law. This rule means that will identify and make known the purposes for which personal data will be used (including the secondary uses and disclosures of the data) when such data is obtained or, if not practicable to do so at the point of collection, as soon as possible after that, unless there is a legitimate basis for not doing so.
(4) Processing of Sensitive Data
Only process sensitive personal data if it is necessary to use it.
Sensitive personal data needs to be handled with additional care, in order to respect local customs and applicable local laws. In particular, will:
Avoid collection of sensitive personal data where it is not required for the purposes for which the data is collected or subsequently processed.
Limit access to sensitive personal data to appropriate persons (by either masking or making anonymous or pseudonymous the data, where appropriate) in accordance with the security standards established in Information Security/Privacy Policies
4(B)
will only process sensitive personal data where the individual’s explicit consent has been obtained unless it has a legitimate basis for doing so consistent with the requirements of applicable data protection laws.
In principle, individuals must give their explicit consent to the processing of their sensitive personal data unless it has a legitimate basis for doing so. Consent to process sensitive personal data must be specific, informed, unambiguous and freely given.
(5) Individual Rights
Inform data subjects of their rights regarding their personal data, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing.
Respond to data subject requests in a timely manner and in accordance with legal requirements.
Provide data subjects with a mechanism to exercise their rights regarding their personal data.
To access data subject rights contact: admin@myfinancepartner.uk
(6)(A) Data Security
Adhere to IT Security Policies. Comply with the requirements contained in security/privacy policies as revised and updated from time to time together with any other security procedures relevant to a business area or function.
The technical and organisational security measures as implemented will be designed to implement data protection principles and to facilitate compliance with data protection by design and by default.
Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Encrypt personal data where appropriate.
Restrict access to personal data to authorized personnel only.
Regularly review and update security measures to address emerging threats and vulnerabilities.
(6)(B)
Ensure that providers of services also adopt appropriate and equivalent security measures. European law expressly requires that where a provider of a service to has access to Data(e.g.,a pay roll provider), strict contractual obligations, evidenced in writing and dealing with the security of that data are imposed to ensure that such service providers act only on instructions when using that data and that they have in place proportionate technical and organisational security measures to safeguard the personal data.
(6)(C)
Where a service provider is a Network entity processing personal data on behalf of another Network entity as a data controller, the service provider must act only on the instructions of the data controller on whose behalf the processing is carried out and ensure that it has in place proportionate technical and organisational security measures to safeguard the personal data.
(7)Data Breach & Response
A personal data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
My Finance Partner Ltd in accordance with UK GDPR will:
Implement procedures for detecting, reporting, and investigating data breaches.
Notify the relevant supervisory authority and affected data subjects of any data breaches in accordance with legal requirements.
Take appropriate measures to mitigate the effects of data breaches and prevent recurrence.
(8) Data Transfer
Ensure that any transfer of personal data outside the United Kingdom is conducted in accordance with applicable legal requirements and safeguards.
(9) Data Protection Impact Assessment (DPIA)
Conduct DPIAs for any new projects, processes, or systems involving the processing of personal data that are likely to result in a high risk to the rights and freedoms of data subjects.
Assess the necessity and proportionality of data processing activities, as well as the risks to data subjects' rights and freedoms.
Where such data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the Network entity to mitigate the risk, the supervisory authority, prior to processing, will be consulted.
Implement measures to mitigate the risks identified in DPIAs.
(10) Record of Processing Activities (ROPA)
Keep a record of categories of processing activities carried out. Processing activities likely to result in a high risk to the rights and freedoms of natural persons will be subject to a data protection impact assessment. Network entities keep a record of processing activities. This record will be in writing, including in Confidential electronic form, and will be made available to supervisory authorities on request.
(11) Legitimising direct marketing
Allow customers to opt out of receiving marketing data. Individuals have the right to object to the use of their personal data for direct marketing purposes and will honor all such opt-out requests.
(11) (B)
Suppress from marketing initiatives the personal data of individuals who have opted out of receiving marketing data. Will take all necessary steps to prevent the sending of marketing materials to individuals who have opted out.
(12) Automated individual decisions
Individuals have the right not to be subject to a decision made solely on automated processing and to know the logic involved in such decision as well as the significance and the envisaged consequences of such processing.
Take necessary measures to protect the legitimate interests of individuals. Under UK data protection law, no decision which produces legal effects concerning an individual, or significantly affects that individual, can be based solely on the automated processing of that individual's personal data (including profiling), unless such decision is:
necessary for entering into, or performance of, a contract between the individual and the data controller;
authorised by law; or
based on the individual's explicit consent.
Undertake any reasonably necessary measures to comply with its duty to inform individuals.
(11) Training and Awareness
Provide appropriate training to Personnel who have permanent or regular access to personal data, who are involved in the processing of personal data or in the development of tools used to process personal data.
Take reasonable and appropriate steps to communicate with Personnel and to provide appropriate training on the requirements of this Data protection Policy. Network entities to deliver as appropriate. In addition, Personnel within a Network entity should be made aware of their obligations relating to data privacy under the Global Code of Conduct.
Communication and training should cover data privacy elements such as:
Basic principles
Importance of data privacy Definitions
Personal and sensitive personal data
Data privacy considerations with respect to information security
Consultation and resources.
(12) Compliance Monitoring and Review
Regularly monitor compliance with this Data Protection Policy and applicable data protection laws and regulations.
Conduct periodic reviews and audits of data protection practices and procedures.
Update this Data Protection Policy as necessary to reflect changes in data protection laws, regulations, or business practices.
(13) Responsibilities
The Data Controller is responsible for overseeing compliance with this Data Protection Policy and applicable data protection laws and regulations.
All Personnel are responsible for complying with this Data Protection Policy and protecting the personal data entrusted to them.
(13) Enforcement
Violations of this Data Protection Policy may result in disciplinary action. Any Personnel who becomes aware of a potential violation of this Data Protection Policy is required to report it to their supervisor.
(14) Contact Information
If you have any questions, concerns, or complaints about the handling of your personal data by My Finance Partner Ltd, please contact:
admin@myfinancepartner.uk
15 Retention of Records
On termination of this Agreement the Bookkeeper will return to the Client all original hard-copy records on request
and will retain electronic or working-paper copies only for so long as required by law or professional practice standards, after which they will be securely destroyed.