Privacy Notice

This privacy notice explains how Seofon Business Services Limited (a company registered in England number 07894629) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.

Data controller

Seofon Business Services Limited is the data controller, this is because we make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at info@seofon.co.uk or telephone 01403 588 639

On what basis do we collect and process your data?

We process personal data for the purpose of providing bookkeeping, payroll, and other professional business services. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose. To allow us to engage with you to provide our services, we will collect and process personal data where it is necessary to enable a contract for services to be put in place and subsequently to deliver that service. Also, we have a legal obligation under Anti Money Laundering legislation to process your personal data when we conduct the required due diligence.

We process your personal data where it is in our legitimate interest to do so and in doing this, we are careful to do it in a way that does not outweigh your own rights and freedoms. Our legitimate interests are to fulfill your requirements to the best of our ability and expand our services.

We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required, and you are unable to give that information yourself.

This is the data we collect and the basis for doing so.

Purpose	Data Type	Data Collected	Legal Basis
Provide required service	Identity Details	Name	Contract (Article 6(1)(b))
Provide required service	Identity Details	Address	Contract (Article 6(1)(b))
Provide required service	Identity Details	Telephone Number(s)	Contract (Article 6(1)(b))
Provide required service	Identity Details	Email address	Contract (Article 6(1)(b))
Provide required service	Identity Details	Signature	Contract (Article 6(1)(b))
Due Diligence Check	Identity Details	Name	Legal Obligation (Article 6(1)(c))
Due Diligence Check	Identity Details	Address	Legal Obligation (Article 6(1)(c))
Due Diligence Check	Identity Details	Date of Birth	Legal Obligation (Article 6(1)(c))
Due Diligence Check	Identity Details	Photographic Image	Legal Obligation (Article 6(1)(c))

We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication.

The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves, although some contact details may be obtained from third party referrals. Please see our Cookie Policy for information on the data collected by our website.

Some of the data we collect is deemed necessary to contractually deliver our service to you. If you do not provide this data, we will be unable to enter into an agreement with you.

Data recipients and data transfers

We do not sell any of your personal data to any third party. We do share your information with trusted and vetted associates who carry out contracted services on our behalf. We use Google Drive for the secure storage and transfer of data, and we use Office 365 for electronic communications.

Where required we will disclose your personal data with law enforcement and fraud prevention agencies. We utilise ‘Creditsafe’ for our Anti Money Laundering due diligence checks. This is so we can help tackle fraud and or money laundering or where such disclosure is necessary for compliance with a legal obligation to which we are subject. We share your data with agencies such as HMRC, pension providers and your accountants or advisors. Additionally, we will disclose your personal data in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

We transfer your data to trusted third parties for the purposes of processing, these are:

Xero Accounts
BreatheHR
Quickbooks
Business Dropbox
Office 365
FreeAgent
Reality Payroll

In addition, we utilise the services of other accredited accountancy and bookkeeping providers to support our clients.

Personal data in electronic form is held in UK and or EU accredited data centres as well as the USA. If data must be transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through mechanisms such as standard contractual clauses as approved by the EU and UK’s Information Commissioner or derogations provided by the GDPR.

Sensitive information

Seofon Business Services Limited does not process sensitive data as defined by Article 9 of the GDPR.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing activity described above. Personally Identifiable Information processed by us will be deleted in accordance with legal obligations and or our retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Full personal data of clients will be retained for a minimum of 7 years following the end of any commercial agreement. Personal data required for statutory reporting or HMRC audit purposes will be retained for 7 years. Personal data processed for the purposes of due diligence in relation to anti money laundering will be retained for 5 years.

Data Storage and Security

We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures such as strong passwords to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur. We use cloud based portals for data transfer with encrypt the data in transit and at rest.

Only persons who need the information to fulfil their roles and responsibilities are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. Seofon Business Services Limited is committed to upholding those rights and those applicable to the personal information we collect, and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
Right of Access – you have the right to know what personal information is held, by whom and why.
The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
Right to Object – You have the right to object to profiling and direct marketing
You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk.

Automated decision making

We do not use automated decision making to process personal data.

Third party websites

Our website may contain links to other websites. This privacy policy only applies to the Seofon Business Services Limited, so if you follow a link to another website, you should read that organisation’s own privacy policy.

Changes to our privacy policy

We keep our privacy policy under review, and we will place any updates on our website. This privacy policy was last updated in August 2020

How to contact us

You can write to us at this address:

Seofon Business Services Limited
Planet House
North Heath Lane
Horsham
West Sussex
RH12 5QEH

You can telephone us on this number: 01403 588 639

You can email us by using this link: info@seofon.co.uk.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LEM7RYL13Q	2 years	This cookie is installed by Google Analytics.