Website Privacy Policy

This Policy governs the use of personal data which you provide to us via our website. Personal data is any or all data relating to a natural person who is identified, or can be identified, from the data. 

A F Accounting Limited (“we”, “our”, “us”) respects your privacy. We understand that how your personal data is used and shared online matters to you, and we take the privacy of those who visit our website (“the Site”) very seriously. We will not collect any data other than when you contact us, and we will always process that data in compliance with the law. Our site may contain links to other sites, and be aware that if you choose to click on those links, your data may be processed by other organisations hosting those sites. We cannot control or monitor this, and you should have regard to their Privacy Policies.

Please read this Privacy Policy carefully, and ensure you understand it.  When you first use our Site, this is taken to be agreement to this Policy. If you do not accept the Policy, then you should stop using the Site immediately.

Who we are

  • the Site is owned and operated by A F Accounting Limited
  • our VAT number is 262 196 695
  • we are regulated by, and a member of, The Association of Chartered Certified Accountants

Your rights

You have certain rights as a data subject under the General Data Protection Regulation (GDPR), which governs the collection, processing and disposal of personal data by organisations such as ours.

In relation to personal data about you, you have the right:

  • to be informed about how and why we collect and use the data
  • to be given access to the data we hold
  • to have any inaccurate or incomplete data rectified
  • to ask us to delete personal data, earlier than we might already dispose of it
  • to prevent us from processing the data further
  • to object to us using the data for particular purposes

We provide contact details at the end of this Policy for you to use if you have any complaint about our processing of your personal data. If you are not satisfied with the way we deal with this issue, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body in charge of supervising personal data use in the UK.

What data do we collect?

If you communicate with us by e-mail, we will collect your name and e-mail address and any other content that you send to us in the body of the mail. We do not collect any other personal data by any other method and in particular, we do not place cookies on our Site.

How is your data used?

We will process and store your data securely, and we will only keep it for as long as we need it for the purpose(s) for which it was collected.

In relation to the data we do collect, as laid out in the section above, we may use it as follows:

  • to reply to your email
  • to contact you by phone

You have the right to withdraw your consent to our use of your personal data at any time, and to request that we delete it.

We will not share your personal data with anyone at any time

How and where do we store your data?

We will only keep your data as long as we need it for the purpose(s) for which it is collected, and/or for as long as we have your permission to hold it.

Some or all of your data may be stored outside of the EEA. If we do store data outside this area, we will take all reasonable steps to ensure that your data is as safe and secure as it would be within the UK, and is treated lawfully and in accordance with the GDPR.

The steps we take to secure your data include:

  • your details in the context of a prospect client will be stored no longer than three months from the date of initial contact (and securely destroyed after this date), unless we are appointed as your accountant, at which point, they will form part of our correspondence file.
  • all emails containing personal data will instead be sent as a PDF and encrypted using Virtual Cabinet. Emails may still be used where the subject nature is not personal.
  • Where personal data is contained in the body of an email received, it should be copied from the body of the email and stored securely, with the email being deleted
  • all temporary files containing any personal data should be deleted without delay
  • where personal information is being sent by fax, the recipient should be informed of its imminent arrival to allow them to monitor and collect the document immediately
  • all personal data sent in hard copy form should be delivered to the recipient in person, in a container marked ‘Confidential’, or sent by recorded delivery or courier, as appropriate.
  • all electronic copies of personal data should be stored securely using privilege levels and passwords. Passwords will never be written down or shared.
  • regular password changes will be enforced and the number of logins will be restricted
  • computer equipment belonging to the Firm will be sited in a secure location within the office and in a position where they cannot be viewed by members of the public
  • computer terminals must not be left unattended, and should be logged off at the end of the session
  • personal data is backed up daily and is stored offsite and where appropriate is encrypted. In addition to this, a monthly backup is stored onsite & encrypted
  • all software must be kept up to date and Aimee Fielding shall be responsible for ensuring that all security-related updates are installed promptly, unless there are valid technical reasons for not doing so
  • no software should be installed on the Firm’s system without the prior approval of Aimee Fielding
  • Memory sticks (“USB” devices) may be used to transfer data, however the device used must be encrypted.
  • personal data should not be stored on any mobile device such as laptops, tablets and smartphones without the approval of the DPM and, where it is held, only in accordance with his or her instructions and limitations. Devices will either be encrypted or have the ability to be formatted remotely
  • personal data must never be transferred on to an employee’s personal device and we will never transfer such data onto a device owned by a contractor or agent unless they have agreed to comply fully with the letter and spirit of this Policy and with the GDPR
  • all manual files must be stored securely in locked cabinets and should not be left unsecured in the office overnight
  • computer print outs containing personal information should be destroyed without delay and should never be retained for scrap paper
  • where personal data is to be erased, or otherwise disposed of, this will be done in accordance with the Firm’s Data Retention Policy.

Accessing your data

You are entitled to make a Subject Access Request under the GDPR.  This means that you may request a copy of any personal data we hold about you, free of charge. We will provide any or all information in response to your request if you contact us on aimee@af-accounting.co.uk.

Contact Details

If you have any questions about the Site or this Policy, or you wish to make a Subject Access Request, then please contact us as follows, making your request or query clear:

e-mail: aimee@af-accounting.co.uk

telephone: 07715 213 816

postal address: 66 Hercules Close, Bristol, BS34 6JG

Amending the Policy

We may change this policy from time to time, in response to changes in the law or for operational reasons. Any changes will immediately be posted on the Site and you will be deemed to have accepted the amended Policy if you continue to use the Site afterwards. You should therefore regularly review this Policy.