At Gary Jobsey & Co we comply with our obligations under the General Data Protection Regulations by keeping our clients data up to date, secure and retaining it for only as long as it is necessary and only where we have authority to do so.

We will collect and process personal data only to the extent that it is necessary in providing services to our clients in the delivery of accounts taxation and such services as set out in our engagement letters.

We will only collect personal information that is provided directly by our clients and as obtained with client authorisation.

We will not use automated processes or profiling with the personal data that we hold.

We will take reasonable precautions to keep the data secure and confidential including by means of physical and electronic safeguards.

We will not disclose any client personal data to third parties except with the prior explicit consent in writing by the client or as to the extent permitted by law. The client can withdraw their consent at any time. We have no need to transfer personal data of clients outside of the UK.

We will retain records and personal data in order that we can assist with the needs of clients and in order to comply with the law and for as long as claims can be brought against us. The minimum statutory data retention period is six years.

We will protect the data of former clients in the same way as existing clients.

We will protect the data of prospective clients in the same way as existing clients; their data will be securely destroyed within twelve months of the approach not progressing to formal engagement.

We will not collect any personal data from visitors to our website. Where our website contains links to other websites, those sites are not covered by our privacy policy.

Where we use third party software for example for tax or payroll we remain responsible for the data which is processed; we have reviewed the privacy policy that the software manufacturers have made available on their website and having carried out due diligence are reasonably satisfied that they are complying with General Data Protection Regulations.

For clients, you have the right to
1. request a copy of your data; we can refuse to provide information where to do so may reveal personal data of another person or negatively impact on the rights of another person.
2. have your personal data corrected if it is inaccurate.
3. request that your data is deleted when it is no longer required for a legitimate business need, legal obligations or purpose it was collected for and outside the period within which claims can be brought; where data may be held within complex backup systems we will take reasonable steps to comply with the request.
4. ask us to restrict our processing of your data where the accuracy of the data may need to be verified.