Client information held
Numeric Accountancy Services Limited holds identifying personal information to provide accountancy services to clients, communicate with relevant third parties in relation to those services, and meet regulatory obligations.
Personal data held normally consists of:
- •Full name and previous names where used
- •Date of birth
- •Current address and former address if less than 3 years
- •Tax UTR number
- •National Insurance number
- •VAT number
- •Email and telephone numbers
- •Personal pension details
Data systems
Client personal data is held and processed internally using the following systems:
- •Taxcalc - Office CRM and accounts production
- •HMRC Basic Tools - Payroll
- •Sage - Bookkeeping
- •QuickBooks - Bookkeeping
- •FreeAgent - Bookkeeping
- •AutoEntry - Bookkeeping
- •Xero - Bookkeeping
- •Microsoft Word & Excel - Client working papers
- •Outlook - Email contacts
- •DocuSign & Dropbox - file sharing
Hard copy data is also held in physical client files.
Numeric Accountancy Services Limited is a limited company registered in England & Wales (registered number 12084121). Managing director Kenneth Deamer is licensed and regulated by AAT under licence number 9006172.
Data accuracy
The following client data is confirmed annually with the client and internal records are updated accordingly:
- •Name
- •Address
- •Email
- •Telephone numbers
Data security
All electronic systems holding client data must be password protected using LastPass password vault. All client data should be cloud hosted where possible.
Data retention and destruction
Data is retained in accordance with the firm's Privacy Notice. Data that no longer meets the firm's requirements is destroyed as follows:
- •Electronic files - electronic file shredding via McAfee
- •Whole files - Offsite security shredding using Restore Datashred Limited
- •Paper documents - physically shredded using a shredding machine
Systems no longer used by the firm are fully deleted and physical storage systems (computers, data drives, etc.) have hard drives reformatted before disposal.
Data Protection Officer
This firm's Data Protection Officer (DPO) is Kenneth Deamer.
The DPO's minimum tasks are to:
- •Inform and advise the business about its obligations to comply with GDPR and other data protection laws
- •Monitor compliance with GDPR and other data protection laws, including internal data protection activity, awareness, training, and audits
- •Advise on and monitor data protection impact assessments
- •Act as contact point with the ICO and consult on any data protection matter
- •Be first point of contact for individuals whose data is processed
GDPR 3.0 Feb 26
Data breaches
When a personal data breach occurs, it must be reported to the DPO who will establish the likely risk to people's rights and freedoms. If a risk is likely, the breach must be reported to the ICO within 72 hours of becoming aware of the breach and to affected individuals. If a risk is unlikely, it does not need to be reported.
A data breach may include physical, material, or non-material damage such as loss of control over personal data, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, or loss of confidentiality of personal data protected under GDPR rules.
GDPR 3.0 Feb 26
