This policy summarises how The VAT Consultancy collects, uses and discloses personal data and ensures compliance with relevant laws and regulations. Personal data is information which relates to an individual and from which he or she can be identified either directly or indirectly through other data which we have.
The VAT Consultancy is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle.
We have a Data Protection Officer who overseas compliance with data protection laws and this policy and provides guidance to staff as needed.
Data Protection Principles
The following principles are followed in relation to our use, collection and disclosure of personal data. The data will be:
- processed fairly and lawfully and to the extent required under local law with valid and informed consent;
- obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive;
- not kept for longer that necessary;
- processed in accordance with the rights of individuals;
- kept secure to prevent unauthorised processing and accidental loss, damage or destruction and
- not transferred to or accessed from another jurisdiction where these principles cannot be adhered to
Collection, Use and Disclosure
The data we collect and process falls in the following categories:
- personal data obtained and created in relation to providing VAT and customs duty advisory and compliance services;
- personal data relating to subscribers via our website to updates
- personal data relating to staff
This data is collected and used as follows:
Providing VAT and Customs Duty Services
we collect names, business information and personal identification documentation from you at the beginning of our engagement. The business information is used to enable us to provide our services to you. The ID documentation is required to satisfy legal requirements (Anti Money Laundering regulations)
throughout the course of providing our services we may collect further data from you in relation to the business activities. This may be shared with our overseas network partners where required to provide the service and will be adequately protected. From time to time we will contact you by email to update you on a recent VAT or duty issue of relevance to your business where we share documentation with you via our secure online portal, we may process online registration details and login credentials for individuals who request access to these services
Subscribers to updates via our Website
- where you subscribe for updates via our website we will collect and process your data (name, business name, email address) and use it to provide the
- information you have requested from us
- our website may also collect your device’s unique identifier such as its IP address
- this data is not shared with third parties
Personal Data Relating to Staff
our data processing activity relating to staff data has been communicated to them by separate means and appropriate consents obtained.
As required under GDPR, individuals may request a copy of their personal data, have it corrected if it is accurate, and request that we delete and destroy it where this would not breach other regulatory requirements (such as the requirement to retain client records and copies of advice provided for at least 6 years). Should you need to make a request in this regard, please email our Data Protection Officer Julie.firstname.lastname@example.org.
The VAT Consultancy uses market leading IT systems including Microsoft 365 and Mimecast which have robust security and firewalls to prevent unauthorised access. Our IT support team and any other third parties we work with who may see or process/use your data have GDPR compliant systems to protect data.