Business Support Matters Limited

Confidentiality and Privacy

Business Support Matters Limited is registered under the Data Protection Act and abides by its guidelines and those of the GDPR (effective May 2018). We treat the personal and confidential information of our clients and others seriously. Derek Ian Lockett is responsible for data protection and his contact details can be found by following the link on the left sidebar.

In accordance with our engagement terms we collect data necessary to complete the tasks appropriate to the engagement and we undertake to ensure that;

How we use personal data:
We use personal data to fulfil our contracts as set out in the engagement letters with our clients. Where we are required to do so we will use personal data to help prevent, detect and investigate fraud. We will process personal data fairly and lawfully in accordance with the rights of data subjects under the Data Protection Act and the GDPR.

How we collect personal data:
Normally we obtain personal data direct from our clients but, with their permission, we may obtain some information from third parties such as HMRC, banks, company registrars and Companies House.

The personal data that we collect shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed. We will endeavour to ensure that personal data is accurate and kept up to date and we shall correct data where it is found to be incorrect, inaccurate or incomplete.

Retention of personal data:
Personal data shall not be kept for longer than is necessary. Typically we will retain data for 7 years to comply with legal and regulatory obligations.

Sharing personal data:
We will share personal data in accordance with our engagement terms, for example by submitting tax returns to HMRC and accounts to Companies House. Where we are required to do so to comply with the law we will share personal data with fraud prevention and law enforcement agencies, regulators, governments, courts and dispute resolution bodies. We will not share personal data with anyone else without first obtaining the permission of the person to whom the data belongs.

Safeguarding data:
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

We will not transfer personal data to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 

Your data subject rights:
We do not send unsolicited emails or newsletters - clients and other interested parties can connect to our Facebook page. Clients can request access to the information we hold about them and they can ask for their personal data to be deleted when it is no longer required for a legitimate business purpose or to meet legal or regulatory requirements.

If you have a complaint about the way in which we have handled your data or about the way in which we have processed it you have the right to make a complaint to the ICAEW or the DPR.

"We treat the personal and confidential information of our clients and customers seriously"