Kent Coast Accounts holds personal data about customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact for a variety of business purposes.
Kent Coast Accounts is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations.
This policy describes how this personal data is collected, handled and stored to meet the company’s data protection standards — and to comply with the General Data Protection Regulation (GDPR).
We take the highest respect to those who have trusted us with their personal data with us, and we promise those who supply us with their data, that their data belongs to them and is only used for the purposes and services of that is originally intended. We do not sell your personal information and we employ the strongest safeguards we possibly can to protect your information.
HOW DO WE COLLECT INFORMATION?
Kent Coast Accounts collects information in two possible ways:
When you directly give it to us (“Directly Provided Data”)
When you sign up for our site, purchase our service, work or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes or completing registration forms or sending us an email or most commonly in person at a meeting. All this information requires a direct action by you at that time in order for us to receive it. This is you providing consent for us to use and process your data securely.
When you give us permission to obtain from other accounts (“User Authorised Data”)
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, this can be via social media or by choosing to send us your location data when accessing our website from your smartphone.
HOW LONG DO WE KEEP YOUR DATA FOR?
Kent Coast Accounts will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Accounts team) for as long as is necessary.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after Kent Coast Accounts is no longer needed to provide the Services to you.
Kent Coast Accounts will not sell or rent your personally identifiable information, gathered as a result of filling out the site registration form, to anyone. Ever.
CHOOSING HOW WE USE YOUR DATA
We understand that you trust us with your personal information and we are committed to ensuring you can manage the privacy and security of your personal information yourself. With respect to the information relating to you that ends up in our possession, and recognising that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:
You can request a readable copy of the personal data we hold on you at any time. To do this, please contact us using the details on our Contact page.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown at the bottom of this page.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:
Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by clicking on the link in the email or emailing email@example.com
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or telephone and/or text message and/or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
How and Where Do You Store or Transfer My Personal Data?
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
We share your data with external third parties, as detailed below, that are based outside of the EEA. The following safeguard is applied to such transfers:
We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR. More information is available from the European Commission.
Please contact us using the details at the bottom of this page for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.
The security of your personal data is essential to us. We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Do You Share My Personal Data?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, administration services, marketing services and banking services.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: firstname.lastname@example.org
Telephone number: 01843 291944.
Postal Address: Kent Coast Accounts Ltd, 39 Brooke Avenue, Margate, Kent, CT9 5NG.
Our Data Protection Officer is Douglas Thomson, you can contact him at email@example.com.
Please note, we are constantly reviewing how we process and protect data. Therefore, changes to our policy may occur at any time. We will endeavour to publicise any changes.