GENERAL DATA PROTECTION REGULATION
The Directors of Kemsley LLP are committed to protecting and respecting the privacy of individuals, and to ensure that personal information held is appropriate to our business activities and secure. The Firm’s business systems are designed to fulfil the obligations and principles of the Regulations to ensure that personal information collected is:
- necessary for the specific purpose as advised;
- held secure;
- relevant and up to date;
- restricted to the information we need;
- held only for as long as we need it;
- disclosed to the subject of the information on request.
Who do we collect personal data from?
Personal information may be provided by enquirers, clients, contacts and contractors in relation to our business activities or by individuals or agents in relation to employment. Employment related matters are administered by Kemsley Whiteley & Ferris Ltd, a member of Kemsley LLP (Privacy Notice available on request from firstname.lastname@example.org).
Grounds for the processing of personal data
We rely on the following legal bases to use your personal information:
Legitimate interests: the processing is necessary for the Firm’s legitimate interests or the legitimate interests of a third party (unless there is reason to protect the individual’s personal data which overrides those legitimate interests). This applies to all stages and activities relevant to the provision of services including enquiry and administration, marketing, internal communication, processing of accounts, job applications and IT security.
To comply with our legal obligations: fraud prevention and disclosure of information to the relevant authority, for example possible criminal acts or security threats.
With your consent or explicit consent: where you have given us explicit consent to process your personal data (or explicit consent in respect of sensitive personal data) for a specific purpose or it is necessary for the Firm to meet our legal obligations.
The types of personal information collected
Personal information that we will process in connection with our services, if relevant, may include:
- Personal details e.g. name, date of birth, gender, marital status, race / ethnicity*, address, contact details.
- Business contact details e.g. job title, company, addresses, telephone numbers, email addresses.
- Identity records and official documentation as required by the Anti-Money Laundering Regulations.
- Accounting records of receipts and payments for our clients and our business.
- Bank account details to receive or make payments by Bank Automated Credit System.
- Records of emails, fax, telephone calls, correspondence and file notes.
- Details of transactions and fulfilment of orders.
- Records of our marketing to you.
- CCTV monitoring on behalf of our client in respect of Property Management services.
*Special Category information
Sensitive personal information termed “special categories” require higher levels of protection. We have appropriate policy documents and safeguards which we are required by law to maintain when processing such data. We may process special categories of information in limited circumstances, for example, with your explicit written consent, or to carry out our legal obligations or legitimate interests, or where is it needed in the public interest. Such information may include race / ethnicity, religious beliefs, sexual orientation and political opinions, health, medical conditions, sickness records, criminal convictions and offences.
Retention period of personal data
The personal information you provide will be retained only for as long as we have a reasonable business need, such as managing our relationship with you and administering our services. We will retain such information to meet our administrative obligations and in line with legal and regulatory requirements or guidance.
The source and purpose of processing personal data
We collect personal information when you (or a third party you have instructed to act on your behalf) register with us, make an enquiry or place an order for our services. We may collect information about you from direct mailing services (which are subject to GDPR data protection responsibilities) to email you about promotional events and other services we think may be of interest to you, subject to your agreement. We will not share your information for marketing purposes with companies outside Kemsley LLP. Personal data is held securely on the Firm’s databases to record current or past business activity.
If the service we provide requires us to facilitate other services, we will pass your details to the relevant supplier. For example, employment related matters will be referred to our member company Kemsley Whiteley & Ferris Ltd. Where services are contracted out our data protection responsibilities will continue to apply. See ‘How will we use your personal Information?’
We will share your personal information with third parties (for example third-party service providers and other entities in the group) where required by law, where it is necessary to administer the contract with you or where we have another legitimate interest. We require third parties to respect the security of your data and to treat in accordance with the law. We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. If we do, you can expect a similar degree of protection in respect of your personal information.
Our website may invite you to contact us or to provide information about yourself. We use the information you provide to personalise your online experience and to deliver the content most suited to your needs.
In addition, “cookies” (small text files placed on your computer when you first visit the site) are used on our websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, technology help desk or your Internet service provider.
Cookies are primarily used to enhance your online experience and are not used to track the navigational habits of identified visitors, unless we obtain your permission to do so. If you visit our site to read or download information, such as news stories or articles, much of the information we do collect is statistical only (for example, the domain from which you access the Internet, the date and time you access our site, or the Internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information in aggregate form to enhance our website. Some of the cookies we use are provided by Google Analytics to collect information in an anonymous form, including numbers of visitors to the site, the pages visited and where visitors have come to the site from.
An overview of privacy at Google can be seen at http://www.google.com/analytics/learn/privacy.html To opt out of being tracked by Google Analytics visit http://tools.google.com/dlpage/gaoptout
How will we use your personal information?
We will not disclose personal information to any third party without permission of the personal concerned, except to provide the services you have requested, prevent fraud or if required to do so by law. We do not carry out automated decision-making or profiling. Where we instruct contractors, processing will be conditional upon their adherence to this Policy.
We may use your personal information in the process of our business activities, to:
- Record and manage information for marketing, and to advise on service related matters.
- Record and manage information for provision of services.
- Instruct third parties: for example contractors dealing with agency boards, or property maintenance.
- Liaise where required for provision of services: with solicitors, Local Authorities, professional advisors, accountants, credit referencing and fraud prevention agencies, financial organisations, utility and insurance companies, debt recovery agents, Companies House, and internal departments for example Kemsley Whiteley & Ferris Ltd, a member of and employer for Kemsley LLP.
- Report regulatory matters e.g. HMRC, Regulatory bodies, Anti-Money Laundering Regulations.
- Record and manage enquiries, complaints or insurance related matters.
Access to your information and correction
You have the right to:
- object to or restrict the processing of your personal information at the point of first communication or withdraw your consent at any time.
- request details of information that we hold about you, the source of the information, the purpose for which it is processed and to whom it is disclosed, and the anticipated retention periods. This will usually be free of charge. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, or to withdraw consent;
- the right not to be subject to automated decision taking including profiling;
- raise questions or comments about this Policy;
- opt out of receiving any marketing material from us;
- lodge a complaint with the Information Commissioner’s Office www.ico.org.uk.
Subject access requests should be made in writing. A response will follow without delay and within one month of receiving the request. If you are dissatisfied with the handling of personal information, we will follow our complaints handling procedure which is available on request.
Kemsley LLP details
You may contact us with an enquiry by email: email@example.com or in writing to:
Registered office address: Practice Manager, Kemsley LLP, 113 New London Road, Chelmsford, CM2 0QT.
Kemsley LLP is a limited liability partnership registered in England, number OC326192.