Skip to main content

How I use your personal data

I am committed to protecting your personal data. I may collect your data via questionnaire packs that are sent by email. I may also collect some data from our email correspondence.

I will use your personal data for the purposes of providing services to you or if I need to comply with a legal obligation. The legal ground of processing this data is your explicit consent.

I will use your non-sensitive personal data to (i) register you as a client, (ii) manage payment, (iii) collect and recover monies owed (iv) to manage my relationship with you, (v) send you details of my services.

The legal grounds for processing your data are in relation to points (i) to (iv) above are for performance of a contract with you and in relation to (iii) and (v) above, necessary for my legitimate interests to develop my services and grow my business and to recover monies owed.

I will not share your details with third parties for marketing purposes.

Disclosure of your personal data

I may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors and insurers, (iii) HMRC and other regulatory authorities, (iv) my professional supervisor and/or (v) my personal assistant and other colleagues.

I require all of these third parties to whom I may transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on my instructions.

International transfers

Some of my third party providers are businesses outside of the EEA in countries which do not always offer the same levels of protection for your personal data. I do my best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe. If I am not able to do so, I will request your explicit consent to the transfer and you can withdraw this consent at any time.

Data security

I have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. I also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on my instructions and are subject to a duty of confidentiality. I have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where I am legally required to do so.

In certain circumstances you can ask me to delete your data. See the section entitled ‘your rights’ below for more information.

I may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.

Data retention

I will only keep your personal data for as long as is necessary to fulfil the purposes for which I collected it. I may retain your data to satisfy any legal, accounting, or reporting requirements so for example I need to keep certain information about you for 6 years after you cease to be a client for tax purposes.

You have the right to ask me to delete the personal data I hold about you in certain circumstances. See section 6 below.

Your rights

You are able to exercise certain rights in relation to your personal data that I process. These are set out in more detail at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/

In relation to a Subject Access Right request, you may request that I inform you of the data I hold about you and how I process it. I will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case I may charge a reasonable fee or decline to respond.

I will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case I will notify you of any delay and will in any event reply within 3 months. If you wish to make a Subject Access Request, please send the request to email anita@anitamarsden.com marked for the attention of the Data Compliance Officer.

Keeping your data up to date

I have a duty to keep your personal data up to date and accurate so from time to time I may contact you to ask you to confirm that your personal data is still accurate and up to date.

If there are any changes to your personal data (such as a change of contact details) please let me know as soon as possible by emailing the address above.

Complaints

I am committed to protecting your personal data but if for some reason you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

I would be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.