In order to comply with data protection obligations under the General Data Protection Regulations (“GDPR”), and in keeping with six core principles of GDPR, personal data should be:

• Processed lawfully, fairly and in a transparent manner

• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purpose

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

• Accurate and where necessary kept up to date

• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

The firm acts as a Data Controller, and it acknowledges that it is subject to the full scope of data protection obligations imposed by the GDPR. This includes (but is not limited to) the firm’s obligations to:

• provide privacy notices (with some limited exceptions) to data subjects;

• respond to access requests from data subjects;

• and report data breaches to the [DPC / ICO].

As a data subject, you have certain rights which include the following:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to object

• Right to data portability and

• Rights re: automated decision making and profiling.

The firm has appointed Sharon Henshaw as Head of Privacy, who is responsible for compliance with GDPR and all personal data processing and data security within the firm.

Tel: 07368 242204
Email: SharonHenshawAccs@gmail.com

Address: Lynton House, Coychurch, Bridgend, CF35 5HN, United Kingdom.

Please get in touch if you would like to see a copy of the firm’s full Privacy Policy.