Privacy Policy

Privacy Notice

Francis & Co respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

Controller

Francis & Co is the controller and responsible for your personal data (collectively referred to as Francis & Co, ‘we’, ‘us’ or ‘our’ in this privacy notice).

We have a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

How do we collect information from you?

We obtain information about you when you engage us to deliver our services and/or when you use our website, for example, when you contact us about our services.

What type of information do we collect?

The personal information we collect from you will vary depending on which services you engage us to deliver. It might include your name, address, email address, telephone number, date of birth, National Insurance number, Unique Tax Reference (UTR) number, bank account details and IP address.

Our policy is to collect only the personal data necessary for agreed purposes and we ask clients to only share personal data where it is strictly needed for those purposes. We collect personal data from our clients or from third parties acting on the instructions of the relevant client.

How is your information used?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To provide professional services such as tax advice, or general or specific business advice as part of the range of services we offer. We also process personal data in the administration and management of our business.
  • To provide you with information about our services and other information which we think will be of interest to you (or those of a third party) unless you tell us not to.
  • Where we need to comply with a legal or regulatory obligation.

Retention of data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We are required by legislation, other regulatory requirements, and our insurers to retain your data where we have ceased to act for you. To ensure compliance with all requirements it is the policy of the firm to retain all records and other documentary evidence created in the provision of services for a period of seven years from the end of the period concerned. We may retain certain records for a longer period to meet potential obligations arising under the Statute of Limitations Act 1980.

Who has access to your information?

We have a policy including procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. We will not sell or rent your information to third parties or share your information with third parties for marketing purposes.

Any staff member with access to your information has a duty of confidentiality under the ethical standards that this firm is required to follow.

External Third Parties

  • Service providers [acting as processors] based in the United Kingdom who provide IT and system administration services.
  • Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities [acting as processors or joint controllers] based in the United Kingdom who require reporting of processing activities in certain circumstances.

Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud, or corruption.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your rights

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
    • This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you.
    • This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal data.
    • If you consider that we no longer require the information for the purposes for which it was obtained, if you have validly objected to our use of your personal information (see ‘Object to processing of your personal data’ below), if our use of your personal information is contrary to law or our other legal obligations or if we are using your information with your consent and you have withdrawn your consent (see ‘Withdraw consent’ below).
  • Object to processing of your personal data
    • Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. You have the right at any time to require us to stop using your personal information for direct marketing purposes.
  • Request restriction of processing of your personal data
    • In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
  • Request the transfer of your personal date to you or to a third party.
    • We will provide you, or a third party you have chosen, your personal data in a structured readable format. This right will only apply to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data.
    • You may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given. If you withdraw consent, we may not be able to provide certain products or services to you.

Please contact us in any of the ways set out in contact information below, if you wish to exercise any of these rights.

Changes to our privacy notice

We keep this privacy notice under regular review and will place any updates on www.wfrancisandco.co.uk. Paper copies of the privacy notice are also available on request.
This privacy notice was last updated January 2023.

Complaints

If you wish to complain about our use of your personal data, please contact us with the details of your complaint and we will seek to resolve this directly. You also have the right to register a complaint with the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to their website at https://ico.org.uk/concerns.

Contact information

If you have any questions about this privacy notice or how and why we process personal data, please contact us:

Warren Francis
Francis & Co AFH Ltd
Second Floor
123 Promenade
Cheltenham
Gloucestershire
GL50 1NW

T: 01242 370298
E: office@wfrancisandco.co.uk