This privacy notice (“notice”) provides an overview of how we manage and protect the personal data of both our private clients and the officers and employees of our corporate clients and third parties related to a client (eg a trustee, dependent or beneficiary or beneficial owner) (“data”), as required by law. This notice tells you who we are, what data about we collect, and what we do with that data.
Click “find out more”, where available, to view further details.
Saffery LLP, a limited liability partnership incorporated and registered in England and Wales with registered office at 71 Queen Victoria Street, London, United Kingdom, EC4V 4BE and company number OC415438 (“we”, “us”, “our”, “the firm“) is a chartered accountancy practice with offices in England and Scotland.
Details of how to contact us can be found below in the “Who should you contact with questions?” section of this notice.
We use your data for various purposes connected with the services that we provide to you or your employer.
We generally collect data from you directly but we may also collect data from third parties such as:
- Other advisers and intermediaries (such as solicitors, banks, land agents and independent financial advisers), both current and previous.
- HMRC and other governmental organisations.
- Company information databases.
- Client identification and verification services such as Smartsearch and Worldcheck.
- Your family or estate office.
- Publicly available sources, such as Companies House.
- Your agents and representatives, such as your power of attorney.
- Other professional services providers that provide services to you.
- Other third parties.
What data we collect and for what purpose will depend on whether you are a private client or a representative of a corporate client.
Data we collect may include:
- Basic contact information, proof of age and identity information.
- Financial information and HMRC client data.
- Trust information.
- Referral letters from third party institutions.
- Sensitive data.
- Additional information applicable only to our private clients, such as beneficiary details and powers of attorney.
- Information relating to your use of our website, further details of which can be found in our cookies policy.
For more information, please see Find out more section below.
We will use data about you for the following purposes:
- To provide such services to you.
- To make payments on your behalf.
- To make insurance claims on your behalf.
- To create and manage records of your involvement with us and to communicate with you.
- To contact you with respect to the services that we provide.
- Sending you marketing information (but only to the extent you have consented).
- If you provide your consent to share data with financial institutions, employers or landlords for the purposes of mortgages, leases and other financial references.
- To verify your residence and identity in order to comply with our legal and regulatory requirements.
- To comply with legal and or regulatory obligations.
The legal basis for our use of data about you is one of the following (which we explain in more detail in the “find out more” section). The processing of your data is necessary for:
- The performance of a contract to which you are a party.
- Compliance with a legal obligation to which we are subject.
- A legitimate business interest that is not overridden by your interests, rights and freedoms which require protection.
Where none of the above applies, we will ask for your consent to process data.
For more information, please see Find out more section below.
We may share data about you with:
- Our insurers in the event of an potential insurance claim;
- Your other professional advisers;
- We may share sensitive data with other service providers or HMRC, for example to provide a reasonable excuse claim to HMRC;
- Financial institutions;
- Family and estate offices;
- Third parties interested in acquiring you (in respect of corporate clients only);
- Third parties who provide us with products or services; and
- Other third parties, where required or permitted by law.
For more information, please see Find out more section below.
It may be necessary for us to transfer data outside the country or territory where it was collected, including to a country, territory or international organisation that may not have the same data protection standards.
For more information, please see Find out more section below.
We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the data you provide. We also require our service providers to comply with strict data privacy requirements.
We store data in accordance with legal, regulatory, financial and best-practice business requirements. Once our contract with you ends, we will securely delete/destroy your data in line with our data retention policies.
You may have the following rights in respect of data about you that we hold:
- Request us to give you access to it.
- Request us to rectify it, update it, or erase it.
- Request us to restrict our using it, in certain circumstances.
- Object to our using it, in certain circumstances.
- Withdraw your consent to our using it.
- Data portability, in certain circumstances.
- Opt out from our using it for direct marketing.
- Lodge a complaint with the supervisory authority in your country.
- You are able to exercise these rights by contacting us using the details set out below.
For more information, please see Find out more section below.
If you have any questions, or wish to exercise any of the rights detailed above, please contact us at [email protected].
You have a right to contact your local supervisory authority with any questions or concerns. If we or they cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
Find out more:
Further information on the data we collect about you
Basic contact information, proof of age and identity information
If you instruct us to provide services to you, we will collect your name, gender, nationality and address, including country of residence, during your client onboarding. We are also required to collect information such as passport information, driving licence or ID card details and National Insurance number. You also may provide us with additional contact information (such as your mobile number).
Financial information and HMRC client data
We will collect information such as your sort code(s), account number(s), pension information and bank statements. We may also collect certain financial information from Experian or other credit checking service providers.
We will also collect any financial information necessary to provide our services to you, which may include (but is not limited to) pension information, details of your income and expenses, and of gains on the disposal of assets. You or HMRC may provide us with your HMRC client data, such as your unique taxpayer reference
Trust information
We may need to collect information about trusts that relate to you, such as trusts deeds and trust minutes.
Referral letters from third parties
We may collect a referral letter from a third party (such as a financial institution or adviser (current or previous).
Sensitive data
We may collect racial or ethnic origins, health and medical information, information regarding criminal and civil offences, court orders and other legal documentation.
Private client information
If you are a private client, we may collect information contained in your will, details of your dependant(s), marriage certificate and child benefit number.
Website usage information
If you visit our website, then we will install certain cookies on to the device that you are using. Further details about how we use cookies is set out in our cookie policy.
Webinars and meetings
Meetings are sometimes recorded in order to enable minute takers to fulfil their task or to enable meeting participants (or non-attendees) to access a recording of a meeting.
Depending on how the meeting is held this may include the recording of audio or video of the attendees for meetings, but only the presenter for webinars – personal data of Attendees at webinars will not be recorded. Parts of recordings may constitute personal data according to data protection laws. Personal data in recordings would include images of you (i.e. webcam footage of you), any opinions you contribute and anything you say about yourself.
The lawful basis for processing personal data through recordings is that it is in Saffery’ legitimate interests to do so. We have considered the implications of processing data in this way and concluded that any impact on your privacy as an individual is not overridden by your interests or fundamental rights. You will not be requested to give consent for the recording as that is not the lawful basis upon which we are operating. Clearly presenters for webinars and meeting chairs must be recorded, but to ensure that meeting or webinar attendees who do not wish to be recorded are not recorded by accident, then you can choose to mute your microphone and/or turn off your webcam. This will as a consequence restrict your ability to contribute to the relevant meeting or webinar.
The recordings will be kept securely on Saffery LLP servers, which is in the UK. The recordings will kept in an appropriate place on our network with access rights limited by reference to the purpose of the recording and who needs to have access to it. Once the need for the recording has been completed, the recording will be deleted. The meeting host/minute taker will be responsible for deleting the recordings, but the Chair of the relevant meeting or webinar will also be responsible for checking that this deletion is carried out in a timely way. Saffery LLP will not share the recordings with any other organisation unless required to by law. Those given access to the recordings will not be allowed to make duplicates, nor download any recordings to personal devices or a third party cloud storage facility.
Back to top
Further information on the purpose(s), methods of collection and legal basis for processing your data
The purposes for which we use your data, and the corresponding methods of collection and legal basis for its use, are described below:
Purpose: To provide certain services to both private and corporate clients
Services include:
- Advisory work
- Valuation work
- Trust entry, 10-year and exit charge returns
- Payroll and P11Ds
- VAT registration and returns
- Account completion
- FATCA/CRS and other regulatory reporting
- Investment tracking
- Wealth reviews
- Completion of tax returns and related filings
- Invoice processing (supplier, self-employed and sales)
- Bank transaction processing
- Pension valuation
- Management reporting
- Grant applications
- Charity Commission annual returns
- Bank form completion
- Audit work
- iXBLR accounts
- Companies House returns and other company secretarial services
- Cultural tests
- Company tax returns
- Due diligence
- Lead advisory
- Reporting accountants
- Employment related securities filing
- ATED returns
- Tax claims and elections
- r185 form completion
Method of collection and legal basis for processing
The data relevant to these purposes is generally provided to us by you directly, during your initial onboarding as a client, or in order for you to enter into a contract with us and/or in order for us to perform our contract with you.
We use it in order to perform our obligations contained in our contract with you.
The contract in question will be our letter of engagement.
Purpose: To create and manage records of your involvement with us and to contact you with respect to the services that we provide
Method of collection and legal basis for processing
The data relevant to these purposes is generally provided to us by you directly, during your initial onboarding as a client, or in order for you to enter into a contract with us and/or in order for us to perform our contract with you.
We have a legitimate business interest in managing records of your involvement with us and in being able to contact you with respect to the services that we provide.
Sometimes your data will be processed automatically, for example when you leave telephone voice messages on our system it will automatically be sent to the recipient as an email file.
Meetings are sometimes recorded in order to enable minute takers to fulfil their task or to enable meeting participants (or non-attendees) to access a recording of a meeting.
Depending on how the meeting is held this may include the recording of audio or video of the attendees for meetings, but only the presenter for webinars – personal data of Attendees at webinars will not be recorded. Parts of recordings may constitute personal data according to data protection laws. Personal data in recordings would include images of you (i.e. webcam footage of you), any opinions you contribute and anything you say about yourself.
The lawful basis for processing personal data through recordings is that it is in Saffery’ legitimate interests to do so. We have considered the implications of processing data in this way and concluded that any impact on your privacy as an individual is not overridden by your interests or fundamental rights. You will not be requested to give consent for the recording as that is not the lawful basis upon which we are operating. Clearly presenters for webinars and meeting chairs must be recorded, but to ensure that meeting or webinar attendees who do not wish to be recorded are not recorded by accident, then you can choose to mute your microphone and/or turn off your webcam. This will as a consequence restrict your ability to contribute to the relevant meeting or webinar.
The recordings will be kept securely on Saffery LLP servers, which is in the UK. The recordings will kept in an appropriate place on our network with access rights limited by reference to the purpose of the recording and who needs to have access to it. Once the need for the recording has been completed, the recording will be deleted. The meeting host/minute taker will be responsible for deleting the recordings, but the Chair of the relevant meeting or webinar will also be responsible for checking that this deletion is carried out in a timely way. Saffery LLP will not share the recordings with any other organisation unless required to by law. Those given access to the recordings will not be allowed to make duplicates, nor download any recordings to personal devices or a third party cloud storage facility.
Purpose: Sharing data with financial institutions, employers and landlords for the purposes of mortgages, leases and other financial references.
Method of collection and legal basis for processing
The data relevant to these purposes is generally provided to us by you, during your initial onboarding as a client, or in order for you to enter into a contract with us and/or in order for us to perform our contract with you.
We are reliant upon the consent that you have provided to us in order for us to use your data for this purpose.
Purpose: Sharing data with other third parties, such as land agents, solicitors, valuers, brokers, IFAs, other professional services firms you may use and our service providers.
Method of collection and legal basis for processing
The data relevant to these purposes is generally provided to us by you or your other service providers, during your initial onboarding as a client, or in order for you to enter into a contract with us and/or in order for us to perform our contract with you.
This information may be shared for the purpose of tax planning, compliance or at your request.
Purpose: Sending you marketing information (but only in accordance with applicable law).
Method of collection and legal basis for processing
The data we process to send you marketing information will only be used for this purpose with your consent or based on our legitimate business interest in conducting and managing our marketing activities.
Purpose: To comply with legal and or regulatory obligations, such as anti-money laundering regulations and know your client checks or to respond to requests from HMRC and/or law enforcement agencies.
Method of collection and legal basis for processing
The data relevant to these purposes is generally provided to us by you directly, during your initial onboarding as a client, or in order for you to enter into a contract with us and/or in order for us to perform our contract with you.
The data may be processed automatically, for example when we use identification and verification to comply with anti-money laundering regulations.
We are under certain legal and/or regulatory obligations (eg law enforcement requests for information) and in order to meet various legal compliance and regulatory obligations, as applicable.
Where we do not base our use of data about you on one of the legal bases described above, we will ask for your consent before we process the data. We may from time to time ask for your explicit consent to process sensitive data (such as racial or ethnic origin or health and medical information) or data relating to criminal offences. In these circumstances we will provide specific information to you about both the relevant processing activities and your rights in relation to them.
As part of our client engagement and acceptance procedures we may process data to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues). We will only process such personal data with the individual’s consent or as otherwise required by law or regulation.
In some instances, we may use data about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.
Back to top
Further information on who we share your data with and for what purpose(s)
Sharing data with third parties
- We may share data about you with our insurers, your other personal advisers and third parties interested in acquiring you (in respect of corporate clients only).
- We may share data about you with third parties who provide us or you with products or services, such as:
- Saffery Ireland;
- Saffery Suisse (SA);
- Saffery Registered Fiduciaries;
- Saffery Fund Services Limited;
- Saffery Guernsey Audit and Tax;
- Other member firms in the Nexia International network that assist with the services that we provide to you (such as providing accounting or tax advice in other countries);
- Data analytics providers who we may use to support audit services; and
- SKP Group – a third party supplier and Nexia International member firm that assists with services we provide to you (such as the processing of personal tax returns for you on our behalf).
- We may share data about you with other third parties, where required or permitted by law, for example: regulatory authorities (such as the Institute of Chartered Accountants in England & Wales) and government departments (such as HMRC); in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; when permitted by law to do so in respect of your agents and representatives (such as your power of attorney); and in the context of a restructuring of our organisation.
Back to top
Further information on where data about you might be sent?
When using data as described in this notice, it may be transferred either within or outside the country or territory where it was collected, including to a country, territory or international organisation that may not have the same data protection standards.
For example, we may transfer your personal data to:
- Our offices in Ireland, Guernsey and Switzerland;
- Our third party service providers that are based outside of the EU (such as SKP Group based in India); and
- The USA, in order to comply with FATCA.
In all cases, we will implement adequate measures including appropriate security measures, for the protection of personal data in those countries, territories or international organisations in accordance with applicable data protection laws. Where data is sent outside of the EU personal information will continue to be protected by means of a contract containing standard data protection clauses which are in a form approved by the European Commission. To obtain further information on the data transfer mechanisms on which we rely, please contact us as set out here.
Back to top
Further information on your rights in respect of the data we hold about you
In respect of the data we hold about you, you will have the rights set out below (note: certain legal limits apply to all these rights):
To request that we give you access to your data
This is confirmation of:
- Whether or not we process data about you;
- Our name and contact details;
- The purpose of the processing;
- The categories of data concerned;
- The categories of persons with whom we share the data and, where any person is outside the EU and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the data;
- (If we have it) the source of the data, if we did not collect it from you;
- (To the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
- The criteria for determining the period for which we will store the data.
On your request we will provide you with a copy of the data we hold.
To request that we rectify or update your data
This applies if the data we hold is inaccurate or incomplete.
To request that we erase your data
This applies if:
- The data we hold is no longer necessary in relation to the purposes for which we use it;
- We use the data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all data about you in which case we will respect your wishes);
- We use the data on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;
- The data was unlawfully obtained or used; or
- To comply with a legal obligation.
To withdraw your consent to our using it
- This right applies to any data which we have collected and process based on your consent.
- You have the right at any time to withdraw the consent you have provided to us.
To request that we restrict our processing of your data
This right applies, temporarily while we look into your case, if you:
- Contest the accuracy of the data we use; or
- Have objected to our using the data on the basis of legitimate interest.
(If you make use of your right in these cases, we will tell you before we use the data again).
This right applies also if:
- Our use is unlawful and you oppose the erasure of the data; or
- We no longer need the data, but you require it to establish a legal case.
To object to our processing of your data
You have two rights here:
- If we use data about you for direct marketing: you can “opt out” (without the need to justify your decision) and we will comply with your request; and
- If we use the data about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
To portability of your data
This right applies:
- To data that you have provided to us; and
- If we use that data on the basis either of your consent, or on the basis of discharging our contractual obligations to you.
If both (1) and (2) apply, you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else.
To lodge a complaint with the supervisory authority in your country
Each EU country must provide for a regulator for this purpose. You can find their contact details here
Back to top