Contabili Romani in UK – Servicii de contabilitate complete
100% Remote Office
gdpr policy
1. Purpose of This Policy
This policy outlines:
What personal data we collect and why.
How we use and protect your information.
The legal basis for processing your data.
Your rights under UK data protection law.
How you can contact us regarding your data.
This policy applies to all data we process, whether collected online, through our website, email, telephone, or in connection with our accounting, taxation, or compliance services.
2. What Personal Data We Collect
We collect only the information necessary to provide our professional services effectively. This may include:
Identity data: full name, date of birth, National Insurance number, UTR, company registration details.
Contact details: email address, postal address, telephone number.
Financial information: bank details, invoices, income and expense records, accounting data.
Technical data: IP address, browser type, device identifiers, and website interaction logs.
Compliance documentation: AML/KYC identification, proof of address, and relevant certificates for verification.
We do not collect any special category data (e.g., race, religion, political views) unless explicitly required for compliance and only with your consent.
3. How We Collect Personal Data
We may collect your information through:
Our website contact forms and client onboarding portals.
Direct communication by email, telephone, or secure document upload.
Professional third-party integrations (e.g., HMRC, Companies House, payment processors).
Automated technologies (cookies, analytics tools) used to improve our website.
All data transmission through our website and client portal is encrypted using SSL/TLS security protocols.
4. How We Use Your Personal Data
We process your data only for legitimate business purposes, including:
Delivering accounting, taxation, payroll, and compliance services.
Managing client relationships and communications.
Submitting required filings to HMRC, Companies House, or other authorities.
Verifying identity and conducting AML/KYC checks.
Maintaining accurate internal records and billing.
Meeting our legal and contractual obligations as a regulated business.
We will never sell, rent, or disclose your information for marketing purposes without your explicit consent.
5. Legal Basis for Processing
Under the UK GDPR, we process personal data using one or more of the following lawful bases:
Contractual necessity: to perform services you have requested.
Legal obligation: to comply with statutory duties under UK tax and financial law.
Legitimate interests: to manage our business operations and maintain client relationships.
Consent: when you voluntarily provide data for specific purposes (e.g., newsletter subscription).
Where consent is the legal basis, you may withdraw it at any time by contacting us.
6. Data Storage and Security
We operate a 100% remote digital infrastructure hosted on our own private servers located in the UK.
All systems are protected by advanced encryption, secure authentication protocols, and continuous monitoring.
We use the following safeguards to ensure data protection:
Encrypted file storage and backups.
Role-based access control and user authentication.
Regular security audits and software updates.
Compliance with GDPR data minimisation and retention principles.
Your data will never be stored outside the UK or transferred to third parties without appropriate protection and contractual guarantees.
7. Data Retention
We retain client data only for as long as necessary to fulfil our professional and legal obligations.
This typically includes:
Financial records: retained for 6 years after the end of the tax year, as required by HMRC.
Client communication and agreements: retained for up to 7 years for compliance verification.
AML/KYC documentation: retained in accordance with the Money Laundering Regulations 2017.
After the retention period, all personal data is permanently deleted or anonymised.
8. Your Data Protection Rights
Under the UK GDPR, you have the following rights:
Right of access – to request copies of your personal data.
Right to rectification – to correct inaccurate or incomplete information.
Right to erasure – to request deletion of your data where lawful.
Right to restrict processing – to limit how we use your data.
Right to data portability – to transfer your data to another controller.
Right to object – to processing based on legitimate interests.
Right to withdraw consent – at any time, where consent is the basis of processing.
All requests will be handled promptly, in line with ICO requirements.
9. Sharing of Data
We may share limited information only with trusted third parties when necessary to deliver our services, such as:
HMRC (for tax submissions).
Companies House (for corporate filings).
Professional indemnity insurers or auditors (for compliance verification).
Payment processors (for secure billing).
All third parties are contractually bound by confidentiality and data protection clauses ensuring compliance with the UK GDPR.
10. Cookies and Website Analytics
Our website uses cookies to improve user experience and gather analytics data.
Cookies help us understand how visitors interact with our site so we can enhance performance and functionality.
You can manage or disable cookies in your browser settings.
No personally identifiable data is collected through analytics tools without consent.
11. Updates to This Policy
We review this policy regularly to reflect legal, technical, and operational changes.
Any updates will be posted on our website with a revised effective date.
Please check this page periodically for updates.
For any queries regarding these Terms or our services:
CIDB Solutions Ltd
25 Courtlands Close, Watford, England, WD24 5GR
office@cidbsolutions.co.uk
https://cidbsolutions.co.uk