What is GDPR?
General Data Protection Regulation (GDPR) is a set of new data protection rules that come into force on 25 May 2018. They mean that organisations like The Accountancy Cloud can only use your personal data to contact you if you've given them permission to do so.
The Accountancy Cloud completed an independent GDPR audit and are pleased to announce that we are following their procedures and instructions to ensure we are fully compliant.
We would like to reassure you that your data is safe and secure. We only collect personal data where we have a legal reason to do so and we only use the data for the purpose it is provided for.
High Level Summary
- We sometimes need to get personal and other kinds of data from our clients for the purposes of providing our services to you. Occasionally we will need to share it with partner organisations where they are providing part of the service (we hold this data under the GDPR label “legitimate interests”).
- If you are someone we would like to work with we may keep your details so we can contact you about our services. We need your permission to contact you for this reason and you can ask us to stop at any time (we hold this data under the GDPR label “consent”).
- We will use processes, systems and good practice to protect your data from hackers and others. We will never sell your personal data.
- We comply with the GDPR rights you have around your data, including the right to see the data we hold, and – subject to some limits – the right to ask for data to be deleted.
- Unless otherwise agreed with you, we will hold your data for up to two years after we last hear from you, unless we are required to do so for legal or auditing purposes.
- If you have any comments, questions or concerns about this policy or how we store, process and use data please contact email@example.com
We apply security measures from both a technical and organisational stance where deemed relevant. Technical measures include, but are not limited to, encryption of files and utilisation of passwords.
Organisational measures relates to internal policies requiring individuals to comply with retention times and archiving or destruction rules for data held.
Purposes for which we will use personal data:
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We use the following software for storage of personal data, please see attached links for how these software providers comply with GDPR regulations:
- Xero - https://www.xero.com/uk/campaigns/xero-and-gdpr/
- Quickbooks - https://quickbooks.intuit.com/uk/gdpr/
- Pipedrive - https://www.pipedrive.com/en/privacy
- Campaign monitor - https://www.campaignmonitor.com/trust/gdpr-compliance/
- Podio - https://help.podio.com/hc/en-us/articles/360000980392-Where-is-data-hosted-
- Chaser - https://chaserhq.com/privacy-policy
- Receiptbank - https://www.receipt-bank.com/privacy-policy/
You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at firstname.lastname@example.org
Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held by us at no cost to you;
- request that your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.