We understand that your privacy is important to you. Sanders is committed to protecting the privacy of those that we interact with, be they potential clients, existing clients or website users.
This privacy notice sets out how we collect and process your personal data – whether that is through your use of our website (for instance, if you sign up to our newsletter or contact us regarding career opportunities) or when you engage us to provide you with a product or service. Any information that you do provide to us is only used for the purposes as set out in this notice.
A separate privacy notice applies in relation to job applicants and this can be found here: job applicants privacy notice.
If you have any questions about this privacy notice or the information that we hold about you, please do not hesitate to contact us by email us or write to us using the contact details listed below.
Sanders Chartered Accountants, 1 Bickenhall Mansion, Bickenhall Street, London, W1U 6BP.
Contact number: 020 7317 0040
Email address: email@example.com
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org.
Glossary of Terms
“Personal data” relates to any information about a natural person that makes them identifiable. It does not include anonymised data.
Sensitive personal data
“Sensitive personal data” or “special categories of personal data” refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
A “data processor” isa person or organisation which processes personal data for the controller.
“Data processing” is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
Data we collect about you
The personal information we collect from you will vary depending on a) the products and/or services you engage us to deliver and b) the information required for us to provide those services.
We may process certain types of personal data about you such as:
- your name, address, email and contact information;
- data relating to your financial/business affairs – such as your Unique Tax Reference Number (UTR), your National Insurance Number (NI), your bank account details and information relating to your own interaction with your own customers/suppliers etc;
- data relating to your use of our website and the technology that you use to do so (including your IP address);
- data relating to your use of our wider products and/or services; and
- whether you wish to receive marketing communications from us such as marketing emails and newsletters.
We do not collect special categories of personal data about you, including information relating to criminal convictions and offences.
There may be occasions when we are required to collect personal information about you in order to comply with a legal obligation, or so that we can fulfil the terms of a contract to provide products and/or services to you. Please be aware, that should you fail to provide us with the necessary data, we reserve the right to suspend or terminate our contract with you until such time as all necessary data has been provided.
How we collect personal data about you
How we use your personal data
We will use your personal data to enable us to supply the products and/or services that you have engaged us to deliver and for other purposes such as; where we need to contact you by post, email or telephone; where we need to update and enhance our existing client information/records in accordance with applicable legal and regulatory obligations; for analysis for management purposes; where we need to verify your identity; for making statutory returns; for purposes of processing financial transactions; for purposes of legal and regulatory compliance; to prevent and detect crime, fraud and corruption; and where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We will use your personal data to provide you with marketing communications if you have expressly consent to us doing so, if you have previously requested information from us or if we have provided/provide you with products and/or services. We may use your personal data to provide you with marketing communications if it is in our legitimate interests to do so; for instance, to keep you up to date with relevant industry news, as well as to market our products and services in order to grow our business and to decide our marketing strategy.
You may unsubscribe or opt-out at any time by contacting us at email@example.com.
Please note, should you opt out of receiving our marketing communications, we will continue to use and process the personal data you have provided to us as a result of you proposing to enter into a contract with us or having entered into a contract with us.
Why we use your personal data
Our lawful reason for processing your personal data will either be because it is necessary for our performance of a contract with you, or to enter into a contract with you or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:
- To enable us to take steps at your request to enter into a contract with you and/or your business;
- To provide and manage the performance of our contract with you and/or your business;
- To manage the relationship between us;
- To comply with our legal and statutory obligations (for instance, to prevent money laundering and terrorist financing);
- To communicate with you, by email, telephone and post;
- To send you emails that you have opted into;
- To send you emails making suggestions about products and/or services that may be of benefit to you and/or your business;
- To provide and manage access to our website;
- To administer and protect our business and our website; and
- To analyse how you use our website so that we may make improvements and give users a better experience.
Sharing your personal data
We may have to share your personal data with our third party service providers, agents and subcontractors and other associated organisations for the purposes of providing our products and/or services to you. This will include but is not limited to:
- Service providers who provide us with IT and System Administration services;
- Service providers who provide us with cloud based accountancy solutions;
- Service providers who provide us with company secretarial services and solutions;
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- Identity management companies who provide ID verification services;
- HM Revenue & Customs, Companies House, Financial Regulators and other authorities to whom we are required to report; and
- Third parties to whom we may sell, transfer, or merge parts of our business or our assets.
When we use third party service providers, we disclose only the personal information that is necessary to deliver to you the products and/or services that you have requested from us. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. We have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Transferring your personal data outside the European Economic Area (EEA)
Some of our third party service providers are businesses located outside of the EEA. If we do transfer your personal data outside the EEA, we do our best to ensure a similar degree of security of data as in operation within the EEA. Where we transfer your personal data to countries where there is no adequacy decision by the European Commission in respect of that country, we will put in place certain measures to ensure that your personal data does receive an adequate level of protection, such as contractual clauses that have been approved by the European Commission. If such safeguards are not available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We take the security of your data seriously and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our IT systems are protected by a firewall. In addition, anti-virus and cloud security products are installed. We use VPN technology to provide secure tunnels to provide office and data centre connectivity. Electronic data is encrypted when in transit and at rest. Physical security measures are in place to protect any hard copy data held. We have internal policies and controls in place, including user controls and access protocols, to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by those employees, agents, contractors and other third parties who have a business need to know such data. Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, are under a duty of confidentiality and they are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically for contracted services we will hold your data for a period of at least 7 years from the end of the tax year or accounting period to which they relate or such longer period as may be required to reflect the Statute of Limitations. These periods may also be extended if HM Revenue and Customs enquires into any accounts or returns. You must tell us if you require the return or retention of any specific documents for a longer period.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights as a data subject
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require us to change incorrect or incomplete data;
- require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where we are relying on a legitimate interest as the legal ground for processing; and
- ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the our legitimate grounds for processing data.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
Changes to our privacy notice
We keep this privacy notice under regular review. Paper copies of the privacy notice may also be obtained from email@example.com.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO). We request that you contact us first in the first instance if you do have a complaint so that we can try to resolve it for you.
We seek to resolve directly all complaints about how we handle your personal information but should you wish to lodge a complaint you can contact the ICO at the following address:
Information Commissioner’s Office
Telephone – 0303 123 1113 (local rate) or 01625 545 745