Solutions for Accounting Ltd – GDPR Statement of Compliance
The General Data Protection Regulation (‘GDPR’) became effective on 25th May 2018, replacing data protection law in the UK.
Solutions for Accounting Ltd (‘Solutions’) acknowledges its responsibility to develop and maintain business-wide awareness of the rights of individuals to be empowered and protected in terms of data privacy.
In preparation for GDPR, we consulted broadly and implemented processes, procedures and training to ensure that a legal basis for the processing of personal data underpins all business practices at Solutions.
We recognise that there are a small number of circumstances in which personal data may be processed and that the GDPR clarifies the responsibilities of companies as far as the processing (collection, storage, maintenance and use) of personal data is concerned.
Solutions' GDPR strategy is now established, but we consider this to be an ongoing endeavour that will continue to be operational perpetually. We will continually strive to ensure that personal data privacy is embedded as routine practice on an ongoing basis.
The Solutions board of Directors have appointed a Data Controller, responsible for the general management and security of data, and ongoing compliance with the GDPR.
Solutions has undertaken to ensure that all staff receive training in the concepts and requirements of data protection law. Staff are expected to embrace the ethos of data protection law and to adopt practices in the workplace that reflect the company’s commitment to ensuring that the rights of individuals are respected and protected at all times.
Solutions’ internal policy for data protection requires any products, services or systems adopted by the company (relating in any way to the processing of personal data) to undergo an assessment to establish that they do not contravene the company’s policies to maintain compliance with the GDPR.
Solutions has implemented training and processes to enable staff to recognise and respond to data Subject Access Requests (‘SARs’). Staff understand the significance of undertaking identity checks prior to responding to requests for data portability and the rectification and erasure of personal data.
Further to this, Solutions appreciates that its products and services are likely to form part of the controls and processes that its clients’ businesses will implement in order to fulfil their own GDPR obligations.
To assist in this endeavour, Solutions will offer advice and support to clients in developing means by which they themselves are able to respond to SARs and update or erase data (for example), and implement data security technology to minimise any risk of personal data exposure.
If you are employed by an organisation that is a Solutions client, prospective client, business partner, supplier or associate, it is possible that we might record data about you (in which case, you become the ‘data subject’ in the context of the GDPR).
A list of responses to questions frequently asked by ‘data subjects’ follows:
Where and how is the data about me be recorded?
We collect and store information about you when you visit our website; enquire about our products and services via an online form or by telephone; when you email us or when you meet with us.
We may supplement the information we hold about your business (or you as an individual if you are a sole trader or corporate entity of some kind) with information from third parties such as CreditSafe, LinkedIn and other publicly available platforms.
When you visit our website, we collect electronic ID data such as your Internet Protocol (IP) address. We collect information about your browsing habits on our websites using ‘cookies’. Further information is available about this on our website ‘Privacy’ page, accessible via a link on the foot of the page.
Your data is likely to be recorded in our Customer Relationship Management (CRM) database system. There may also be emails that you have sent to us (and that we have sent to you) recorded in our CRM system and within our email server database.
If you are a sole trader or consumer client, it is probable that we will hold a record which relates to you within our accounting software database as well.
Our CRM, Email and Accounting databases are all maintained within a secure location in the European Union.
We may also record your email address, name and company name in our mass email broadcasting system (which is a secure cloud based database).
What data do Solutions hold about me?
Our CRM system is configured to provide for the recording of the following personal information:
In addition, we may have attached to your record in our CRM system:
Records held within our accounting system will include a history of transactions (including sales orders, invoices and financial status information that relates specifically to your trading history with us). These may be regarded as ‘personal’ if you are a sole trader or a corporate entity of some kind.
How does Solutions ensure data security?
All our database systems are password protected and access is only afforded to those with a legitimate reason for so doing.
All users are required to have a domain user name and password to authenticate against the security model for access to our databases. Password policies determine that these must be changed with a high degree of frequency and they must also have a pre-determined level of complexity.
All portable computers are encrypted with the AES encryption algorithm in cipher block chaining with a 256 bit key.
Where corporate systems are available to staff (exclusively) via the internet, all web services are secured via SSL/TLS certificate security certificate and all internet data transactions are encrypted as a consequence.
Remote workers are only able to access data services within our corporate network via secure Virtual private Network (VPN).
What do you do with my information?
We use your information for the following purposes:
With whom do you share my information?
We will never share your information with a third party without your express permission, unless we are required to do so by law.
Do you process sensitive personal data?
We do not directly process data which the Data Protection Act 1998 defines as ‘sensitive personal data’. As a business to business (B2B) company, most data recorded within our systems is of a corporate nature.
How will you use my information to contact me?
We may contact you by telephone (via a business phone number where it has been provided, and sometimes via a mobile phone), by post (to your business address), by email (via a business email address if you have provided us with one) or by Social Media platform (such as LinkedIn, Facebook or Twitter).
Will you send me marketing information?
We will only send you marketing information about other products and services that we (ourselves) offer. Most of our marketing communications are broadcast via an email marketing platform. This platform includes an ‘unsubscribe’ link. You may use this link to inform us that you no longer wish to receive email marketing messages from us or you may alert us to this via phone on 0115 840 5075, email to firstname.lastname@example.org or in writing (to our head office address in Nottingham).
Can I see the information that you hold about me?
If you would like a copy of the personal information that we hold about you, simply call us on 0115 840 5075 or write to us at Solutions for Accounting Limited, Sherwood House, 7 Gregory Boulevard, Nottingham NG7 6LB. We will acknowledge the request as soon as we receive it and will provide a full response within 1 month of our acknowledgement.