Privacy Policy
Introduction
Maintaining your privacy is not just a legal requirement for us, it extremely important and we take our responsibility very seriously. We are committed to protecting your privacy and maintaining the security of any personal information we hold. We will not disclose any personal details to any third parties unless it is necessary or we are legally obliged to do so. This Privacy Policy statement explains how Martin Fiddaman Associates Limited (“we”, “us” or “our”) collect, store, and use personal data in the provision of business services to our clients, and users of our website. It also informs you about your privacy rights in relation to the processing of your personal data. We strictly adhere to the requirements of the applicable data protection laws, including the General Data Protection Regulation and the UK Data Protection Act 2018, as well as our data privacy policy.
Data Controller and Processor
We are the Controller and Processor of your personal information. Personal data is securely stored confidentially on our computer systems and/or in paper files. When using the Martin Fiddaman Associates Limited website, or when providing personal information to us, Martin Fiddaman Associates Limited is the data controller. By using this website, and when providing personal information to us, you are agreeing to be bound by our Privacy Policy.
Changes to the Privacy Statement and your duty to inform us of changes
This privacy statement is effective as of 04 June 2021 and will be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws. Any updates will be posted on this page so that you are aware of the information we collect and how we use it at all times. Continued use of the Website and communication with us will constitute your agreement to any such changes. It is important that the personal data we hold about you is accurate and current. Please therefore keep us informed if your personal data changes (or if you wish to verify or remove your personal details) during your relationship with us by using the contact details below.
The type of personal information we collect
The personal information we collect is data about an individual from which that person can be identified. We may collect, use, store and transfer personal data about your:
• Identity: which may include full name, marital status/title, sex, date of birth, or an official identity document such as a passport or driving licence;
• Contact Details: including business address, email address and telephone number;
• Transaction Details: about services you have received and payments for services you have made; or services we have received and payments we have made
• Bank details: and other related information;
• Identity: which may include full name, marital status/title, sex, date of birth, or an official identity document such as a passport or driving licence;
• Contact Details: including business address, email address and telephone number;
• Transaction Details: about services you have received and payments for services you have made; or services we have received and payments we have made
• Bank details: and other related information;
How we collect personal data
We collect personal data from you through direct interactions. For example, when we interact with you for business purposes and you provide such information to us, or when we contact you with business related information that we consider may be of interest to you. We may also collect personal data from publicly available information sources such as Companies House. Also, if you make an enquiry you will be asked to provide certain information including name, email address and telephone number. It is important that the personal data we hold about you is accurate and current. If you want to update the information you have previously given us, please contact us. We do not collect any sensitive data about you, which require special treatment under data privacy laws, such as racial or ethnic origin, political opinions and religious beliefs.
How we use your Personal Data
Data protection law sets out a number of reasons for collecting and processing your personal information. The law allows us to process your personal data on the basis that we need to do so in order to enter into a contract with you and deliver those contractual services to you. We only use your personal information where required for specific purposes.
Most commonly, we will use your personal data where:
• you have provided information to us with a view to entering into a contract, for example to obtain a quote arrange an initial meeting;
• we have obtained your personal data from a public source which we require in carrying out our services; or
• we are required to do so under the terms of any contract entered into between us and you.
If you do not provide us with personal data for these purposes either voluntarily or when requested by us to do so we will be unable to enter into a contract with you or meet our contractual obligations.
At other times, we may process your personal data on the grounds that:
• you have provided your express consent to us to do so (such consent may be withdrawn at any time by contacting us using the details below but will not affect the lawfulness of any processing based on consent before it’s withdrawal);
• we are required to do so in order to meet a legal obligation;
• we have a legitimate interest in doing so and that interest does not impact on your rights, such as using data analytics to improve our website or services, or sending you emails about our services where the law permits us to do so.
• you have provided information to us with a view to entering into a contract, for example to obtain a quote arrange an initial meeting;
• we have obtained your personal data from a public source which we require in carrying out our services; or
• we are required to do so under the terms of any contract entered into between us and you.
If you do not provide us with personal data for these purposes either voluntarily or when requested by us to do so we will be unable to enter into a contract with you or meet our contractual obligations.
At other times, we may process your personal data on the grounds that:
• you have provided your express consent to us to do so (such consent may be withdrawn at any time by contacting us using the details below but will not affect the lawfulness of any processing based on consent before it’s withdrawal);
• we are required to do so in order to meet a legal obligation;
• we have a legitimate interest in doing so and that interest does not impact on your rights, such as using data analytics to improve our website or services, or sending you emails about our services where the law permits us to do so.
Data Sharing
We may share your personal information with trusted third-party providers who work closely with us to deliver our services, for example experts from specialist fields who are asked to provide advice on specific solutions. Any such providers are required to take appropriate security measures to protect your personal information and comply with our privacy policy. We ensure that such providers only process your information in accordance with our instructions to complete any requests for service. We do not sell, rent or exchange your personal information with any third party for any commercial reasons, but we may process your personal information where this is required or permitted by law.
Transfering your data outside of the UK
We do not anticipate transferring your personal data outside of the UK. However, whenever we do transfer personal data outside of the UK, we ensure that such transfers are conducted in accordance with all applicable legal requirements and that an equivalent degree of protection is afforded to that data by its recipient.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
We maintain a specific data retention policy to ensure that we only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those through other means, and the applicable legal requirements. Data will generally be held for no more than 3 years after the business relationship has ended, unless required by law or regulation.
Your data protection rights
Under data protection law, you have the following rights, including your:
• Right of Access which entitles you to request a copy of your personal data to check its accuracy and how it is being processed;
• Right of Rectification which entitles you to ask us to correct any incomplete or inaccurate personal data;
• Right to Erasure which entitles you to request that your personal data be deleted in certain circumstances, for example, where there is no good reason for us to continue processing it. Or you have exercised your right to object to processing (see below);
• Right to Object to Processing which entitles you to request that we no longer process your personal data;
• Request the Restriction which entitles you to request that we suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interest but we need to hold some of it for the purpose of legal proceedings;
• Right to Data Portability entitles you to request that we transfer your personal data to another party, or organisation, or to you;
• Right to Data Portability which entitles you to request that we transfer your personal data to another party, or organisation, or to you; and
Right to Withdrawal of Consent entitles you to withdraw your consent to our processing your personal data at any time (although data processed before such withdrawal of consent is made will still be lawfully processed).
You are not required to pay any fees or charges for exercising your rights, and if you make a request we have one month to respond. You may exercise your rights at any time by contacting us at using the template on the Contact page. When exercising your data protection rights, we may ask you to verify your identity in order to help us respond efficiently to your request.
• Right of Access which entitles you to request a copy of your personal data to check its accuracy and how it is being processed;
• Right of Rectification which entitles you to ask us to correct any incomplete or inaccurate personal data;
• Right to Erasure which entitles you to request that your personal data be deleted in certain circumstances, for example, where there is no good reason for us to continue processing it. Or you have exercised your right to object to processing (see below);
• Right to Object to Processing which entitles you to request that we no longer process your personal data;
• Request the Restriction which entitles you to request that we suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interest but we need to hold some of it for the purpose of legal proceedings;
• Right to Data Portability entitles you to request that we transfer your personal data to another party, or organisation, or to you;
• Right to Data Portability which entitles you to request that we transfer your personal data to another party, or organisation, or to you; and
Right to Withdrawal of Consent entitles you to withdraw your consent to our processing your personal data at any time (although data processed before such withdrawal of consent is made will still be lawfully processed).
You are not required to pay any fees or charges for exercising your rights, and if you make a request we have one month to respond. You may exercise your rights at any time by contacting us at using the template on the Contact page. When exercising your data protection rights, we may ask you to verify your identity in order to help us respond efficiently to your request.
How to contact us or make a complaint
If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact us using the template on the Contact page.
You may also lodge a complaint with our lead supervisory authority, the Information Commissioner, or your local supervisory authority about any aspect of our handling or processing of your personal data. We would, however, appreciate the chance to address your concerns before you approach any supervisory authority, so please contact us in the first instance.