1.1. Fathom Solutions Limited is registered as Data Controller with the Information Commissioner’s Office.
- what information we gather about you;
- how we obtain that information;
- what we use that information for;
- who we give that information to;
- how long we retain that information;
- your rights in relation to your information; and
- who you can contact for more information or queries.
2.1. This policy applies to individuals whose data we process, including clients, potential clients, networking contacts, and attendees at our marketing events or technical seminars.
Personal data means any information relating to an identified or identifiable person (‘data subject’) such as a name, postal/email address, telephone number or identification number.
Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation and data concerning criminal convictions or offences.
Data subject means any living individual who is the subject of personal data held by us.
Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure or destruction.
Data controller means the organisation which decides the purposes and means of the processing of personal data.
Data processor means an individual or organisation that processes personal data on behalf of a data controller
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.
- Principles of data protection
4.1. Personal data shall be:
Processed lawfully, fairly and in a transparent manner;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
Accurate and, where necessary, kept up to date (‘accuracy’);
Kept for no longer than is necessary (‘storage limitation’); and
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
- Data controller
5.1. We will usually be a data controller in relation to the data that we process; however, for some services, such as Payroll, we will be a processor.
- What information we collect about you
6.1. The information we collect will depend on the reason we are collecting it and the nature of our relationship with you. It is our policy to collect only the minimum information required from you. If you believe we have collected excessive information about you, please contact us by the means indicated in the “Contact us” section below to raise any concerns you may have.
6.2. Where we need to collect personal data in relation to providing our services, we ask you to provide us with only the data that we have requested.
6.3. Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.
6.4. When providing us with other data subjects’ information, such as your family or your employees, you must ensure you have a lawful basis for doing so.
6.5. Examples of the personal information we may collect include:
Clients and prospective clients including associated individuals:
- Contact details including phone, email, address and any other relevant contact details;
- Personal details such as date of birth, gender, marital status;
- Financial information including income, taxation, investments, benefits, assets, insolvency records and other financial information relevant to the services we provide;
- Bank account details; and
- Employment details.
Business contacts including suppliers and individual contacts at supplier organisations:
- Contact details including phone, email, address and any other relevant contact details;
- Employer/associated business name; and
- Job title.
- How we collect personal information including special category information
7.1. You or others may provide us with your personal information via various means, including:
- direct correspondence with us via meeting, phone, in writing, including by email;
- searching and browsing our website for content;
- registering for events and seminars;
- contacting us for further information; or
- providing us with business cards or other contact information.
- Special category personal information
8.1. We may ask you to provide special category personal information where required in relation to the services we provide. We ask that you do not provide us with special category personal information unless we have requested it.
- Our website
9.1. Our website may direct you to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply.
- Cookies 10.1.
- Use of personal information
- to provide our services to you;
- to administer and manage our website, including to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites);
- to understand how people, use the features and functions of our website in order to improve the user experience;
- to develop our businesses and services;
- to conduct quality and risk management reviews; to monitor and enforce compliance with our Terms, including acceptable use policies; and
- any other purposes for which you provided the information to us.
11.2. We do not collect personally identifying information for sale to third parties.
- Lawful bases for processing personal information
12.1. We rely on one or more of the following processing conditions:
- to perform our contractual obligations to you or;
- our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights);
- to satisfy any legal and regulatory obligations to which we are subject; and
- where no other condition for processing is available, if you have agreed to us processing your personal information.
- Security of personal information
13.1. We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction.
13.2. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.
13.3. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
13.5. We are members of professional institutes whose codes of conduct must be adhered to. These are the Institute of Chartered Accountants in England and Wales, and the Chartered Institute of Taxation.
- Sharing personal information
14.1. We may transfer, share or disclose the personal data we collect from you to third parties (and their respective subcontractors, and/or their subsidiaries and affiliates) for:
- the purposes for which the information has been submitted;
- the purposes listed above under Use of personal information; and
- other internal or administrative purposes.
14.2 We also may transfer, share or disclose personal data to third party service providers such as:
- government agencies such as HM Revenue and Customs and Companies House;
- our regulating bodies;
- other professional service providers such as accountants and solicitors;
- credit reference and fraud prevention agencies;
- document security and storage services;
- data backup providers;
- our insurers;
- banks and other financial institutions;
- law enforcement agencies;
- cyber security consultants; and
- life insurance and pension providers.
14.3. The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.
- Other disclosures
15.1. We may also disclose personal information to third parties under the following circumstances:
- when explicitly requested by you;
- when required to deliver publications or reference materials as requested by you;
- when required to facilitate conferences or events hosted by a third party;
- for regulatory compliance purposes; and
- Retention of personal information
16.1. We will destroy correspondence and other files that we store electronically or otherwise once we deem these to be no longer relevant except those that are required by law or professional guidelines to be kept for specified periods. Unless we are required to keep data for specified periods, we will typically keep it for no longer than seven years.
- Disposal and destruction
17.1. When the retention periods expire we shall dispose of and destroy all personal data, unless it is still in use for the provision of our services.
17.2. Any personal data recorded on paper, which does not need to be retained on file, shall be shredded.
18.1. We keep contact information until a contact requests that we delete that information.
18.2. Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
18.4. If you want to unsubscribe from marketing communications, you should look for and follow the instructions we have provided in the relevant communications to you. Alternatively, you can at any time contact us to request that such communications cease.
18.5. If you choose to unsubscribe from any communications, we may retain information sufficient to identify you so that we can honour your request.
- Rights in relation to your information
19.1. You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:
- request a copy of personal information we hold about you;
- ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- object to our processing of your personal information; and
- withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).
- Automated decision making
20.1. We will not use your personal information for automated decision making.
- Roles and responsibilities
21.1. The Director of Fathom Solutions Limited has day-to-day and ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy.
- Contact us
Post: Fathom Solutions Limited, Braecroft, Sandwich Road, Eastry, Kent, CT13 0DR
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO can be contacted by the following means:
Telephone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF