Privacy Statement

Introduction

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Statement describes RightCue Limited’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

RightCue Limited is located in Basingstoke, in the United Kingdom. We are registered with the Companies House in England and Wales as RightCue Limited (Regn. No. 1140459) and with the Information Commissioner’s Office under registration number ZA206168.

We have appointed a Data Protection Officer for you to contact if you have any questions or concerns about our personal data policies or practices. RightCue Accountants’ Data Protection Officer’s name and contact information are as follows:

Yogesh Agarwal
RightCue Limited
9A, Basepoint Enterprise Centre
Stroudley Road, Basingstoke, RG24 8UP
Tel: +44(0)1256 406601
E-mail: privacy@rightcue.com

If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Compliance Manager who will ensure that your complaint is investigated.

If you are not satisfied with our handling of your queries or complaints on data protection, you can call the Information Commissioner’s Office on 0303 123 1113.

How we collect and use (process) personal information

The data we collect and process: 

  • Client data
  • Data about employees of our clients
  • Visitors to our website
  • Marketing data

Client Data

We intend to process personal data for the following purposes:

  • To enable us to supply accountancy, tax, business advisory and associated services to you as our client.
  • To perform identity checks as required under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
  • To comply with professional obligations to which we are subject as a member of Association of International Accountants.
  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
  • To enable us to invoice you for our services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

Categories of personal data collected

The information we collect may include:

  • Contact details– name, address, email address, phone numbers including mobile numbers
  • Identity details– previous name, maiden name, current and previous addresses, photograph, date and place of birth, nationality, marital status, driving license, passport numbers
  • Financial information– bank account numbers, national insurance numbers, pension account details, tax reference numbers
  • Family and health information– marital status, next of kin, name and age of children, disability and other health information
  • Any other information that you may provide/ be required to provide to comply with the regulatory and statutory requirements

We do not collect data of children except when such data is made available to us with explicit authorisation by the parent or the legal guardian of the concerned person for the purpose of providing our services, for example tax planning.

Data About Customers and Employees of our Clients

We process data provided to us by our clients who are the Data Controllers. We process this data strictly on instructions of the Data Controllers who provide us with access to such data and abide by the privacy and security requirements as per the contractual arrangements with the Data Controllers.

RightCue Accountants does not keep a record of any data processed by it in the course of providing its services e.g. payroll and accounts preparation services. We follow, and are fully committed to fulfil, our obligations as a Data Processor for data privacy, data security, and breach notifications.

Visitors to our Website

When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. The information is only processed in a way which does not identify any individual.

When you complete a contact form on our website or use the email for enquiries, we will use the information provided by you only for the purpose of providing you with an appropriate response.

Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.

How is your personal data collected

Apart from receiving personal data directly from you when you engage us to provide services, we may receive personal data from following sources:

  • From HMRC where we act as your authorised agent to receive communication on your behalf
  • When you use our address as service address for tax and company matters
  • From appropriate databases including ID verification softwares for compliance with money laundering regulations
  • When you subscribe to our publications, request marketing material to be sent to you or complete one of our enquiry forms

When and how do we share your personal data

We may share your personal data with:

  • HMRC and other statutory bodies where this is a requirement for delivering our services
  • Sub-contractors or associates who are asked by RightCue to deliver all or some of the services like book keeping.
  • An alternate appointed by us in the event of incapacity or death
  • Professional indemnity insurers
  • Our professional body [Association of International Accountants] and the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation)
  • IT service providers and software providers who provide data storage, processing, back-up and retrieval services like Microsoft, FreeAgent, Xero etc.
  • Any third parties with whom you require or permit us to correspond

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”)

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you.  If you ask us not to share your personal data with such third parties we may need to cease to act.

Transfers of personal data outside the EEA

When using cloud software providers to provide you with the services, personal data may be required to be stored outside of EEA if the servers or backup facilities of such cloud providers are located outside of EEA. We verify that any data transfer outside of EEA is subject to EU adequacy requirements, EU-US privacy shield, EU model privacy clauses or Binding Corporate Rules. In situations where data needs to be transferred to a country or a region where these measures do not apply, we will seek explicit consent from you before making such a transfer.

Automated decision-making

We do not use automated decision-making in relation to your personal data.

Security of your personal information

To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

We are certified to Cyber Essentials Plus and IASME Gold standards which demonstrates our commitment to security and privacy of your personal information.

Date storage and retention

Your personal data is stored by RightCue Accountants on its servers, and on the servers of the cloud-based services and IT service providers we engage, as well as in physical forms in our office and at backup and archival facilities. We retain data for the duration of the client’s business relationship with us and as per the regulatory data retention requirements.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@rightcue.com.

Data Subject Rights

This Privacy Notice is intended to provide you with information about what personal data the Firm collects about you and how it is used. If you have any questions, please contact us at privacy@rightcue.com. 

If you wish to confirm that the RightCue Limited is processing your personal data, or to have access to the personal data we may have about you, please contact us at privacy@rightcue.com. 

You have a right to request correction of inaccurate information, deletion of information, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements. If you’d like more information or would like to make such a request, please contact us at privacy@rightcue.com.