Privacy Policy
Privacy Policy
At Alliotts, we’re committed to protecting and respecting your privacy. We are bound by the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’). We handle data in line with the individual rights and principles it promotes and protects.
This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy policy. Where we act as a data processor on behalf of a data controller (e.g. processing payroll) we provide an additional schedule as part of that agreement and should be read in conjunction with this policy.
Who are we?
Alliotts LLP is an independent mid-tier firm of Chartered Accountants and business advisors. Alliotts is registered to carry on audit work in the UK, regulated for a range of investment business activities, and licensed to carry out the reserved legal activity of non-contentious probate in England and Wales by the ICAEW.
Details about our audit registration can be viewed at www.auditregister.org.uk for the UK under reference number C008291317.
We operate from two offices (address updated August 2024) :
Manfield House,
1, Southampton Street, London WC2R 0LR |
3 London Square,
Cross Lanes, Guildford GU1 1UJ |
What information do we collect about you on this website?
As a visitor, you do not have to submit any personal information in order to use our website. This website collects personal information when you specifically provide it to us; either when making an enquiry about our services, subscribing to receive our communications, or uploading a job application.
In each case, we will collect only the data needed to allow us to provide you with the marketing communications you ask for; to respond to your enquiry about our services; or to process your application for a position at Alliotts. Website usage information is collected using Cookies.
Our website contains links to other websites. This privacy policy only applies to the Alliotts website, so please be sure to read the privacy policies of any other websites you click through to.
Service Specific Privacy Notices
Please scroll down below for further details on how we handle your personal data in the following areas:
- Alliotts Clients
- Marketing and Enquiries about our Services
- Job Applicants
Your Rights to your Personal Data
Under the General Data Protection Regulation, all individuals have certain rights in relation to their personal data. Please click here to read these in full.
You are entitled to:
- Have your data erased (unless there is a legal reason for this to be kept)
- Have your data amended if it is inaccurate or out-of-date
- Have access to copies of the personal data we hold on you
Any requests for erasure, rectification or access should be emailed to data@alliotts.com. Alternatively you can submit this request in writing to Head of Data, Alliotts LLP Manfield House 1 Southampton Street, London WC2R 0LR.
Where you are a data controller and we act for you as a data processor (e.g. by processing payroll), we will assist you with Subject Access Requests that you may receive for which we hold data.
Data Security and Data Breach Policy
We have put appropriate security measures in place to prevent your personal data being lost, accessed by or disclosed to unauthorised parties. Access to personal data is limited to those employees, agents, contractors and third parties who require this data in order to fulfil our contract with you. A strict hierarchy of networked drives exist to ensure staff and partners only have access to content which is relevant to the performance of their jobs.
Alliotts staff are contractually obliged to adhere to data security policies which include email encryption, secure portals for the transfer of data between Alliotts and clients, and minimal paper records to ensure data is maintained in the secure IT environment in which Alliotts operates.
We are committed to ensuring all staff are up-to-date with the latest data protection legislation. Mandatory training will be provided when major updates to legislation take place, with refresher courses offered at regular intervals to ensure all Alliotts employees and partners continue to use best practice when handling personal data.
We have robust procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Feedback and Complaints
If, at any time, you do not feel that your data has been handled in line with your rights under GDPR, or wish to gain clarification on any of the points in this privacy policy, please contact our Head of Data, Elizabeth Lyle elizabeth.lyle@alliotts.com 020 7240 9971
You have the right to make a complaint to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues. Their contact details are as follows:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Our Privacy Policy is regularly reviewed.
Last updated: 05 April 2023
Alliotts Clients – Privacy Policy
What Personal Data do we collect and why?
Purpose
We collect only the information we need in order to fulfil the professional service you have engaged us to provide. Examples of other purposes in which we may process personal data are as follows:
- To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
- To comply with professional obligations to which we are subject as a member of the Institute of Chartered Accountants in England and Wales.
- To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
Legal bases
Our intended processing of personal data has the following legal bases:
- At the time you instructed us to act, you gave consent to our processing your personal data for the purposes listed above.
- The processing is necessary for the performance of our contract with you.
- The processing is necessary for compliance with legal obligations to which we are subject (e.g. MLR 2017).
- The processing is necessary for the purposes of legitimate interests which we pursue.
Personal data
Examples of information that we collect are:
- Your contact details
- Your identity documents to meet the requirements of MLR
- Our correspondence and communications with you
Any information we request will be limited to the requirements dictated by this service, and processed to fulfil our contract with you.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this policy, where we are legally required or permitted to do so.
Special Category Data
Some of the information we request is classed as special category data, meaning that this data needs to be handled with extra care. Examples of special category data which we may hold if relevant, include but are not limited to:
- Race or ethnic group
- Health records for benefit purposes
- Religious or philosophical beliefs
This is most likely to apply to our Payroll, Personal Tax, and HR clients.
Will we share your personal data?
There are times when we may share your personal data. This will be to fulfil a business service or as part of a legal or regulatory obligation.
We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to Alliott Global Alliance member firms, and reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
How long do we retain your information?
We retain personal data that is relevant, accurate, up-to-date, and necessary for regulatory and legal requirements, alongside our service provision to you.
We will only keep your data for as long as we need to. In making this decision we will consider:
- The purposes for which we originally collected the personal data
- Any statutory or legal obligations
The table below outlines the Alliotts internal retention policies for our clients by service line.
Service Line | Retention period | Action at end of period |
Accounts and Outsourcing | Six years plus current | Secure destruction |
Audit | Six years plus current | Secure destruction |
Corporate tax | Six years plus current | Secure destruction |
Personal Tax | Six years plus current
Information relating to gifts, chargeable assets, capital relief and others as applicable will be retained permanently and reviewed annually |
Secure destruction
Retained until client disengagement and information returned to client. |
Payroll | Six years plus current | Secure destruction |
Probate | Duration of client engagement | Return to client or secure destruction – action to be taken according to written instruction from the client. |
Company Secretarial | Retained for the duration of client engagement |
Cosec records returned to client or sent to new accountant |
Data Security
We have put appropriate security measures in place to prevent your personal data being lost, accessed by or disclosed to unauthorised parties. Access to personal data is limited to those employees, agents, contractors and third parties who require this data in order to fulfil our contract with you. A strict hierarchy of networked drives exist to ensure staff and partners only have access to content which is relevant to the performance of their jobs.
Alliotts staff are contractually obliged to adhere to data security policies which include email encryption, secure portals for the transfer of data between Alliotts and clients, and minimal paper records to ensure data is maintained in the secure IT environment in which Alliotts operates.
We are committed to ensuring all staff are up-to-date with the latest data protection legislation. Mandatory training will be provided when major updates to legislation take place, with refresher courses offered at regular intervals to ensure all Alliotts employees and partners continue to use best practice when handling personal data.
We have robust procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Marketing – Privacy Policy
There will be an option to easily unsubscribe from our marketing database with every communication you receive from us. You can also unsubscribe here. Choosing to opt out of marketing communications will have no detrimental impact to your relationship with Alliotts LLP.
All requests to unsubscribe are maintained securely on a suppression list within our emailing database so that we can be sure not to contact you again by mistake. This list will contain your name and email address; no further personal data will be retained.
Enquiries about our services
We receive enquiries about our services via a form on this website, by email, telephone or through the mail. This provides us with the information we need to contact you to discuss your enquiry.
If you wish to take this enquiry forward, we will request further information as part of our client on-boarding process, to include our legal requirement to conduct Anti-Money Laundering checks.
To verify the identity of a UK resident individual as part of this process we refer to the online reference tool Equifax, where we input your full name, date of birth and UK address. Accessing this information has no adverse effect on your credit rating.
If you decide not to proceed with your enquiry at any stage, we will delete all of the information that you have supplied to us, unless you tell us to do otherwise.
We do not anticipate requiring any special category data when processing an enquiry about our services. Any special category data which we might receive will be deleted if this is deemed irrelevant to our service offering to you.
Retention of information
Information is kept for as long as necessary to fulfil your request but no longer than three months from when the information is supplied to us. After three months, or if you decide not to proceed with your enquiry your data will be deleted from our system.
Job Applicants – Privacy Policy
As part of any recruitment process, the Firm collects and processes personal information, or personal data, relating to job applicants. This personal information may be held by the Firm on paper or in electronic format. We will process information contained in this form to comply with the requirements of General Data Protection Regulations (GDPR) and the Commission for Racial Equality.
What personal data do we collect and why?
We will only use and collect personal data which is relevant to your application for employment and preparation of any subsequent employment offers and contracts. Examples of information that we collect are:
- Your contact details
- Personal data provided in a CV, application form or cover letter
- Details of current salary and employment benefits
- Information relating to your right to work in the UK
We will only use your personal information in order to process your application, enter into a contract with you, and to comply with legal obligations. Any information we request will be limited to allow for these specific purposes.
Special Category Data
Some of the personal data involved in processing job applications and employment contracts is special category data, meaning this data will be treated with extra care. Examples of some of the special category data we may collect during the recruitment process are below:
- Health records to inform of any reasonable adjustments the Firm may need to make during the recruitment process
- Information about criminal convictions and offences
Will we share your personal data?
If your application is successful and we make an offer of employment, we may share your information with external organisations for the purposes of conducting pre-employment references and background checks; with your previous employer for reference purposes; and with legal professionals where applicable.
How long will we retain your information?
We retain personal data that is relevant, accurate, up-to-date, and necessary for regulatory and legal requirements.
If your application for employment or engagement is unsuccessful, as a rule the Firm will hold your personal information for six months after the end of the relevant recruitment exercise but this is subject to:
(a) Any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and
(b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court.
If you have consented to the Firm keeping your personal information on file for in case there are future suitable employment opportunities with us, the Firm will hold your personal information for a further year after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.
If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.
Data Security
We have put appropriate security measures in place to prevent your personal data being lost, accessed by or disclosed to unauthorised parties. Access to personal data is limited to those employees, agents, contractors and third parties who require this data in order to process your job application, any subsequent interviews and offer of employment.
We have robust procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.