Background

At Cooper Faure Limited, we take the protection of the Personal Data that we have on file either on paper or electronically extremely seriously.

This policy explains the reasons for our needing Personal Data and how it is collected and used. In addition, it outlines how we manage Personal Data in respect of the data protection laws of England and Wales and the EU’s General Data Protection Regulation (GDPR) and it outlines the rights of an individual.

The policy covers Personal Data provided to us, both by the individual and by others for and on behalf of the individual.

Personal Data is defined as any information relating to an identified or identifiable living person. We only request and process Personal Data when we are required to so and we aim to be clear on why the Personal Data is needed and how it will be processed.

The reasons that would necessitate us to process Personal Data would be to perform contractual services requested by an organisation or an individual or to engage with an organisation or an individual to discuss the provision of such services. Personal Data would only be processed where there is a clear lawful basis to allow us to do so.

Personal Data is provided from one of three sources, from the individual, from a third party acting on behalf of an individual, or from sources in the public domain, for example, the Companies House website.

In the circumstances where we request Personal Data from a third party that relates to an individual, we ask that this third party inform the individual of requirements regarding the use of their data.

In no circumstances would your Personal Data be sold to or shared with any third party so that they may offer you their products and services.

Data would only be shared with third parties either where we are legally required to do so or to deliver the information and or services you have requested from us.

Security

We take the security of all the data we hold extremely seriously. Our team are trained on data protection and security, and we maintain a culture of confidentiality.

We have a framework of policies and procedures which ensure that we keep the data we hold secure.

Our security measures include:
– the regular and mandatory change to passwords both for devices and systems;
– where available, two-step verification;
– email verification;
– information received electronically is held in a secure and protected environment;
– information received on paper is held in secured and protected storage;
– our Retention Policy ensures that Personal Data is held for no longer than legally required;
– our IT Security Policy governs the use of laptops and removable drives, the protocol for passwords and encryption, the rules for home and mobile working, access controls, and firewalls and cyber security.
– our Office Security Policy governs the measures taken to control access to premises and equipment, the use and storage of data in the premises and secure disposal of data.
– a Risk Assessment of our third-party technology providers to verify that their policies and procedures are compatible with GDPR.
– the implementation of a Breach Notification Plan to ensure that any breach is notified, reported, investigated and remedied effectively.
– the appointment of a Security Committee to review and update our policies and a Data Protection lead to ensure that the policies articulated to our team and adhered to.

All information you provide to us is stored electronically on third-party hosted secure servers. Where we have given you access to certain parts of our systems, you are responsible for ensuring that this access it kept secure and are required to notify us immediately of any breach.

A full list of our third-providers is available on request from dpo@cooperfaure.co.uk.

The transmission of information via the internet, by email or by post is not completely secure. Any transmission of data is at your own risk. Once your data is received, we will do our utmost to prevent unauthorised access by adhering to the strict policies and security procedures outlined above.

Personal Data and How It Is Used

Personal Data is any information about an individual from which that person can be identified.  We would only request, hold and process Personal Data for the following purposes:
– To perform the contractual services with a business or individual as defined and agreed in our Letter of Engagement;
– To propose a contract for our services as defined and subject to the agreement to our Letter of Engagement;
– Where it is necessary for our legitimate interest;
– Where it is required to comply with a legal or regulatory obligation.

The main categories of Personal Data that we would request and hold are:
– First, Middle and Last Names;
– Full Postal Address;
– Contact Telephone Number(s);
– Contact Email Address(es);
– Nationality;
– National Insurance Number;
– Passport Number;
– Passport Identification Pages;
– Personal Tax Unique Tax Reference;
– Employment History;
– Employee Number;
– Payroll and accounting data;

Data Retention

We only retain Personal Data for as long as required to fulfil the purposes for which is has been collected.

For the provision of contractual services, to satisfy the legal and accounting requirements, this will be the lesser of:
– Seven Years; or
– Three months after the termination of the contractual services by either party.

For our marketing purposes, we comply with GDPR by requiring explicit consent before sending any marketing materials such as newsletters or invitations to events and this consent can be withdrawn at any time.

Legal Rights

Under GDPR, you have rights in relation to your Personal Data. In summary, these rights are to:

Request access to your Personal Data

Otherwise called a ‘Subject Access Request’ under GDPR, this entitles you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Request the correction of your Personal Data

This entitles you to have any incomplete or inaccurate Personal Data that we hold corrected subject to the verification of the accuracy of the new data provided.

Request erasure of your Personal Data

This allows you to request us to delete or remove Personal Data where there is no good reason for us continuing to process it. In addition, you have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (as outlined in the clause below), where we may have processed your information unlawfully or where we are required to delete your Personal Data to comply with local legislation. However, there may be legal restrictions that would prevent us from complying with your request. If this is the case, we would notify you accordingly.

Object to the processing of Personal Data

This allows you to object in the situation where the processing of your Personal Data is dependent on our legitimate interest, or that of a third party, on the basis that it impacts on your basic rights and freedoms. In this circumstance, we would need to prove that we have legitimate grounds that supersede these rights and freedoms. Moreover, you have the absolute right to object to the processing of your Personal Data for direct marketing purposes.

Request a restriction to the processing of your Personal Data

This allows you to ask us to suspend the processing of your Personal Data in the following scenarios:
– if you want us to verify the accuracy of the data;
– where you have objected to our use of your data but we are ascertaining whether we have paramount legitimate grounds to use it;
– where our processing of the data is proven to be unlawful but you do want us to not erase it; or
– where you require that we retain your data beyond the legal requirement to enable you to support or defend any legal proceedings.

Request transfer of your Personal Data

This entitles you to request that we transfer your data back to you or your nominated representative. On receiving such a request, we will provide your Personal Data in a systematized, well-known, machine-readable format within a reasonable timeframe.

Withdraw consent

This entitles you to withdraw consent at any time in the circumstances where we are dependent on such consent to process your Personal Data. However, this does not impact the legality of any processing carried out before the consent is withdrawn. If you withdraw your consent, this may prevent us providing certain services to you and we will notify you accordingly should this be the case.

These rights are subservient to any legal duty that obliges that the data be held. For more information on these rights, please contact us at dpo@cooperfaure.co.uk.

Transferring Your Information Outside Europe

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union. We have undertaken a thorough audit of third-party technology providers to verify that, where this is the case, their policies and procedures are compatible your privacy rights as outlined in this policy.

By submitting your Personal Data, you are agreeing to this transfer, storing or processing.

Complaints

Whilst we are striving to meet our obligations under GDPR, if you feel that your Personal Data has been processed in a way that infringes your rights, please send an email with the details to dpo@cooperfaure.co.uk. We will look into and respond to any complaints we receive as a matter of urgency.

In addition, you have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns

Data Controller

Under GDPR, the Data Controller is defined as the person or organisation who determines the purposes for which and the way in which any Personal Data is processed.

The Data Controller for Cooper Faure Limited and associated businesses is Cooper Faure Limited, a company incorporated in England and Wales under Registration Number and with the Registered Address of Front Suite, First Floor, 131 High Street, Teddington, TW11 8HH

If you have any questions about this privacy statement or how and why we process Personal Data, please contact us at:
Data Privacy Officer
Cooper Faure Limited
Front Suite, First Floor
131 High Street
Teddington
TW11 8HH
Email: dpo@cooperfaure.co.uk
Phone: 0208 977 7739

Changes To Our Privacy Policy

We regularly review our Privacy Policy to ensure that it is fit for purpose and effectively reflects the rights of the individual. Any updates to the Privacy Policy will appear on this website and this Privacy Policy was last updated on 17th May 2018.