Business Accounting and Taxation (Bath) Ltd. hereinafter referred to as BATB is committed to protecting the privacy of personal data under the new General Data Protection Regulation (GDPR) (May 2018). BATBis registered with the Information Commissioners Office (ICO), which is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
This is any personal data you share with us, and could include: your name, your postal address, your email address and your telephone number. This may be used for the following purposes:
You have the right to request to see, amend or remove any personal information we hold about you. See section 2: Your Rights below.
We do not sell or swap your details with any third parties. If further services are required your explicit consent will be required before being actioned. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. This includes a designated Data Controllerand Data Protection Officer who are responsible for the safeguarding of your personal data.
BATB will not store or process special category data.
The legal bases on which we process your data are as follows: Consent. We require your consent to store and utilise your data. Each form you complete will have a consent agreement statement. We may use this data to inform you of other books which may be of interest to you.
By entering into an agreement with BATByou understand that we will store and process such data as you provide on application. Article 6(1)(b) GDPR. Legal Obligation. We have an obligation under the Financial Services legislation in UK to report certain data to official bodies such as HMRC. You will be informed of this whenever possible. Article 6(1)(c) of GDPR.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Breach Notification
A personal data breach may mean that someone other than the data controller gains unauthorised access to personal data. However, a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.
All breaches of the GDPR are to be reported without undue delay to the Information Commissioners Office (ICO) within 72 hours, unless the breach is unlikely to result in any risk to the rights and freedoms of data subjects, and to the data subjects without undue delay unless a specified exemption applies.
Notifications to the data subjects will provide name and contact details of the data controller where more information can be obtained, the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Data Subject Rights and Subject Access Requests BATB is fully committed to respecting individuals’ rights including access to personal information held about them in accordance with Article 17 of the GDPR.
Any individual who makes a valid subject access request is entitled to be:
Individuals are only entitled to their own personal data, and not to information relating to other people, unless they are acting on behalf of that person. In these circumstances, written consent will be required.
Full details on individuals rights can be found on the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ Exempt information
BATBmay not be able to release some information. Information which is exempt from a subject access request includes:
How to make a request
In order to make a valid subject access request the following must be provided:
Proof of identification may be requested to ensure that the personal information requested is provided to the right person.
BATB Ltdwill comply with requests for access to personal information within one month, as required by the Act. All subject access requests should be addressed to:
The Data Controller, Business Accounting and Taxation (Bath) Ltd, 3 Edgar Buildings, George Street, Bath, BA1 2FJ
BATBreserves the right to make any changes to this Privacy and Data Protection Policy, and other aspects of this site at any time. Please check this page regularly for any changes. Policy updated:18/05/2018
Policy review date:18/05/2019