Constable VAT is strongly committed to ensuring that your privacy is protected. The information we hold about you is treated as confidential and is held and processed in accordance with current legislation. The Data Protection Act 2018 (“DPA 2018”) and the UK General Data Protection Regulation (“UK-GDPR”) impose certain legal obligations in connection with the processing of personal data.
Constable VAT Consultancy LLP is a data controller and we process personal data. The firm’s contact details are as follows:
Constable VAT Consultancy LLP
12 Dedham Vale Business Centre
Where we act as a data processor on behalf of a data controller (for example, when acting as a contractor in assisting another tax agent’s client), we provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
Changes to this statement
Constable VAT may change this policy from time to time by updating this page and, as such, you should check this page regularly.
This policy was last updated on 3 March 2021.
The purposes for which we intend to process personal data
We intend to process personal data for the following purposes:
- To enable us to supply professional services to you as our client.
- To fulfil our obligations under relevant laws in force from time to time (e.g., the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
- To comply with professional obligations to which we are subject as a member of The Chartered Institute of Taxation.
- To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
- To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.
- To provide technical information about developments in VAT law and policy and contact you about other services we provide which may be of interest to you if you have consented to us doing so.
Persons/organisations to whom we may give personal data
We may share your personal data with:
- any third parties with whom you require or permit us to correspond,
- an alternate appointed by us in the event of incapacity or death,
- our professional indemnity insurers, and
- our professional body, The Chartered Institute of Taxation and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).
If the law allows or requires us to do so, or with your consent, we may also share your personal data with:
- HM Revenue & Customs,
- courts and tribunals,
- the police and law enforcement agencies, and
- the Information Commissioner’s Office (“ICO”)
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties, we may need to cease to act.
Categories of personal data collected
We may collect a range of personal data according to the services we are providing.
We will require personal data on any person who has significant control of a business for the purpose of conducting checks required under anti-money laundering legislation. This will include the name and address of that person and sufficient information, such as photo ID and proof of residence, to allow us to be confident that we know with whom we are dealing.
We will require such personal data e.g., telephone numbers, email addresses etc. to allow us to communicate effectively whilst performing our duties. We may also require personal data sufficient to allow us to provide necessary information to governmental or relevant regulatory bodies in performing our duties. For example, we may require information such as National Insurance numbers if submitting an application to register for VAT.
It may be that there will be an exceptional need for sensitive information, for example if we are seeking to persuade HMRC that a reasonable excuse for a default is due to ill health. These situations will be dealt with on a case by case basis and we will agree with you how to manage and destroy such data.
Source of personal data collected
We will only seek personal data from you directly or from publicly accessible sources such as Companies House. The personal data that we collect may include data pertaining to your employees, suppliers and customers where this is necessary for the performance of our duties.
If we seek personal data from any other source this will be at your request and require your authorisation and the agreement of the person whose data is required.
Security and storage of personal data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold.
We retain personal data for as long as we consider it necessary for the purpose for which it was collected including as required by law or regulation.
If your communications with us are not subject to encryption, our replies will be on the same basis for the ease of communication. However, on communications that seem to involve large quantities of personal data, or at your request, we will communicate or transfer data using:
- Post/hard-copy documents.
- Encrypted emails
If our communications with you by email are not encrypted or password protected, you also accept the risks associated with this form of communication.
You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”). Please provide all SARs in writing marked for the attention of Laura Krickova.
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it. We will promptly correct any information found to be incorrect.
To stop receiving marketing and information emails from Constable VAT please click on the unsubscribe link in the relevant emails or email email@example.com.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org.
You may have other rights such as the right to deletion, or to restrict processing. If you wish to exercise any of these please email email@example.com.
Making a complaint to the Information Commissioner’s Office
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints for the attention of Laura Krickova.
If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.