We’ll collect personal data about you for various reasons (as further detailed in this privacy notice) including: 1) to deliver the products and services you’ve requested from us, 2) to meet our legal responsibilities, 3) to understand how you are using our website, and 4) to send marketing communications to you.
DATA AND HOW WE USE IT
Your personal data includes things such as your name, your address and when we’ve been in touch. We use data like this to help us deliver services, to let people know about any changes to your service and other purposes set out in the in detail section below.
As a professional services business, we have to keep your data for lots of lawful reasons too. We’ll usually keep your personal data for up to six years after we’ve stopped working with you.
We might supply your data to other people we work with too, but we only give them what they need and its under strict confidentiality.
You have lots of rights when it comes to your data. You can see what data we have about you at any time. In some circumstances, you can withdraw your consent for us to keep it too. And of course, you can ask us a question about it at any time.
You can do this by sending an email to our Risk and Compliance Partner, Simon Atkins, at email@example.com.
More information about your rights is set out in the in detail section below.
1. Cooper Parry Group Holdings Limited (registered company number 13994155) (we’ll refer to ourselves as “the business”, “we” or “us” for the rest of this policy) and the other companies in our group (that’s: Cooper Parry Group Limited; Cooper Parry Advisory Limited; Cooper Parry Holdings Limited; Cooper Parry Wealth Limited; Creaseys Wealth Limited; Horizon Accounts Limited; Future Perfect Financial Planning (UK) Limited; Future Perfect Solutions Limited; Snapshot Software Limited; Cooper Parry Audit Holdings Limited; and Cooper Parry Audit LLP), take data protection seriously.
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you use our live chat function or register for one of our events.
This website is not intended for children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and privacy policies and is not intended to override them.
We are the controller and are responsible for your personal data.
We’ll only use your personal data for the purposes set out in this privacy notice, which includes: 1) to deliver the products and services you’ve requested from us, 2) to meet our legal responsibilities, 3) to understand how you are using our website, and 4) to send marketing communications to you.
2. We collect personal data about you when:
- you visit our website. This might include device information (such as your IP address, location, device identification numbers, or provider), usage information and browsing history (such as information about how you navigate within our services), your browsing history (in relation to our website and which elements of our services you use the most), location data and demographic information (such as your country).
- you request a proposal from us to provide you with a service
- you, your employer or one of our clients engage us to provide our services. We’ll also collect data during the period we’re delivering those services
- you get in touch with us. That could be by filling in forms on our website or corresponding with us by email, phone, post, social media or through our website (including use of our live chat function)
- we consult third parties and/or review data which is available to the public. For example, we may ask for data from your employer or find it on Companies House.
3. Here’s the kind of information we’ll hang on to for a bit:
Personal data means any information about an individual from which they can be identified (not including any data which has been anonymised). We may collect, use, store and transfer the following types of personal data:
- identity data – including your personal details such as your full name, date of birth, title, marital status, job title, gender and other similar identifiers
- contact data – including your address, email address and telephone numbers
- financial data – including bank account details
- technical data – including your IP address, device identification numbers or provider, operating system and platform, browser type and version and other technology on the device you use to access our website
- transaction data – including details about payments to and from you and other details of services you have purchased from us
- profile data – including purchases or orders made by you, your interests, preferences, feedback and survey responses
- usage data – including details of how you use our website and any services you’ve received from us
- communications data – including our correspondence and communications with you (whether by email, telephone, through our live chat function or otherwise) and details of the communication we’ve had with you relating to the delivery or proposed delivery of a service (including information about any complaints you make (although we try to keep these to a minimum!) and any questions you ask us)
- marketing data – including information from research, surveys and marketing activities, together with your preferences in relation to receiving marketing from us and our third parties
- information we receive from other sources (for example, publicly available information, information provided by your employer or our clients, credit reference agencies etc).
- special category data – including details about your health, race or ethnicity, religion, sexual orientation, and genetic and biometric data
If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of the contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
4. Here’s the kind of information we’ll hang on to for a bit:
In order to process your data, we are obliged to identify at least one of what’s called our “lawful basis for processing”.
We may process your personal data:
- to help us perform the things we said we’d deliver (or you instructed us to deliver) and perform the contract we are about to enter into or have entered into with you. This might apply where we’re processing your personal data because you’re a subcontractor, supplier, or customer of a client of ours. The lawful bases that apply here are “performance of a contract” and/or “to comply with a legal obligation” (where we are obliged to process your data to satisfy a legal requirement);
- for the purposes of our own business interests (providing these interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data of course!). Examples of these business interests might include direct marketing, business development, statistical and management purposes (this would be “legitimate interest”); and/or
- for certain additional purposes if you provide your consent. Please bear in mind: where we ask for your consent to using your data, you have the right to withdraw this consent at any time (called “consent”).
Where we process any special category data, we recognise that we need to take even more care over it. When using your special category data, we will use it in accordance with the law and will ensure that suitable and specific measures are in place to safeguard your fundamental rights and interests. We process special categories of personal data under Article 9(2)(a) GDPR, where you have provided explicit consent (this is “explicit consent”). Examples of when we may process special category data about you includes health information we receive from you as part of providing certain services to you (i.e., wills, probate and administration of trusts matters).
We might use your personal data for more than one of these purposes at the same time.
We might use your personal data to:
|Purpose||Type of personal data||Lawful basis|
|Onboard you as a new client||
||Performance of a contract
To comply with a legal obligation
|Deliver our services to you and manage our relationship with you, including:
||Performance of a contract
Legitimate interest (to recover fees due to us)
To comply with a legal obligation
Explicit consent (where processing special category data)
|Administer and protect our business and this website||
||Legitimate interests (for running our business, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To comply with a legal obligation
|Deliver relevant website content and advertising to you and measure and understand the effectiveness of our advertising||
||Legitimate interest (to develop our services and website, to grow our business and to inform our marketing)|
|Use data analytics to improve our website, services, marketing, customer relationships and experiences||
||Legitimate interest (to keep our website up to date and relevant, and to inform our marketing)|
|Manage our recruitment process and to assess an applicant’s suitability for employment with us||
||Performance of a contract
To comply with a legal obligation
Legitimate interest (for considering your application to join us)
|Directly market to you and make suggestions and recommendations to you about events and services that may be of interest||
||Legitimate interest (to grow our business and offer you services that we think may be of interest)
|Directly market to you where you have provided consent||
5. How long do we keep your personal data?
We will only retain your personal data for as long as is reasonably necessary to fulfil the original purpose for which it was collected.
When assessing how long we keep your personal data, we take the following into consideration:
- the requirements of our business and the services we provide
- any statutory or legal obligations that require us to keep it
- the reason why we originally collected the data
- the lawful grounds on which we have been processing the data
- the types of personal data we’ve collected
- the amount, nature and sensitivity of data
- the potential risk of harm from unauthorised use or disclosure of your personal data
- the purposes for which we process your personal data and whether we can reasonably achieve these purposes through other means
- any other applicable legal, regulatory, tax, accounting or other requirements.
Don’t panic! Legislation, regulations, and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies but it’s typically six years plus the current financial year. Where we can, we measure how long we keep the data from the end of the accounting period to which it relates.
There are some scenarios where the time we’re obliged to keep data for is longer than this (for example where the data relates to insolvency), but rest assured, we don’t want to hold on to your data any longer than we have to!
If you would like further information relating to how long we will keep your data, please contact us.
6. Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one.
If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data.
7. Who has access to your personal data?
We may share your personal data with third parties for the purposes set out in this policy, this may include:
- other companies in our group
- service providers (acting as processors) who provide services to us including IT and system administration
- HM Revenue & Customs, regulators and other authorities
- third parties whom we choose to sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as is set out in this privacy notice
Let’s be clear – we won’t sell or rent your personal information to third parties.
Rest assured, access to your information is limited to those who need it and any of our people with access to your information understand that they have a duty of confidentiality. We require them to respect the security of your personal data and to treat it in accordance with the law. This falls under industry-related ethical standards, which we’re all required to follow.
8. People or businesses (“Third Party Service Providers”) working on our behalf:
In some cases, we use other people or businesses (we call them “Third Party Service Providers”) to provide professional advice, for cloud-based information storage facilities and in some cases processing that we’ve been asked to deliver for you, but don’t have in-house capacity.
Whenever we use Third Party Service Providers, we have contracts in place requiring them to keep your information secure and not use it for their own purposes; and we take great pains to only disclose the personal information necessary to deliver the service.
All of our Third Party Service Providers are required to put in place appropriate security measures to protect your personal data.
9. Our security measures in place to prevent the loss, misuse or alteration of your personal data:
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees and other third-party service providers who have a business need to know. They’ll only process your personal data on our instructions and they too are subject to a duty of confidentiality.
We’ve put procedures in place to deal with any suspected data security breaches. In the event of an actual or suspected breach of your data, we’ll notify you and any applicable regulator where we’re legally required to do so.
10. International transfers of personal data:
Whilst your data will usually be processed in our offices in the UK, to allow us to operate efficient digital processes, we sometimes need to transfer your personal data outside the UK, as some of our external third parties may be based outside the UK. This is ordinarily done within the European Economic Area (EEA), but on some occasions, we may process your data outside of the EEA.
Whenever we transfer your data outside the UK, we ensure a similar degree of protection is afforded to it and will ensure that adequate safeguards and protection measures are in place in compliance with the applicable data protection laws.
We have applied due diligence and have suitable contractual agreements in place with these third-party service providers that meet all relevant regulatory requirements.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
11. Your duty to inform us of changes in your personal data:
It’s important that the personal data we hold about you is accurate and current, for both our sakes! Please let us know of any relevant changes (for example, change of address or bank account) by getting in touch with your usual Cooper Parry contact or using the contact details below.
12. Your rights in connection with personal data:
Under certain circumstances, the law gives you the right to:
- request access to your personal data – you can ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully. This is more commonly known as a ‘data subject access request’
- request correction of your personal data – you can ask us to correct any inaccurate personal data that we hold about you and complete any incomplete personal data that we hold on you
- request erasure of your personal data – you can ask us to delete or remove your personal data where there is no good reason for us to continue processing it. This one’s a little tricky! If, for some reason, we still hold your personal data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold! We may not always be able to comply with your request for erasure for specific legal reasons, in which case, we will notify you of such reasons at the time of your request
- object to us processing your personal data – this applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data
- ask for the restriction of the processing of your personal data – this means you can ask us to suspend the processing of personal data about you where you want us to establish the accuracy of the personal data; where our use of the personal data is unlawful but you do not want us to erase it; where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise of defend legal claims ; or where you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use such personal data.
- ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible
- withdraw consent for processing – we’ve got a special section on this below
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.
We try to respond to all legitimate requests within one month but if we are unable to, we will notify you of this and keep you updated.
At this point it’s worth mentioning that you usually won’t have to pay a fee to exercise any of these rights, however we may charge a reasonable fee if your request for access is clearly unfounded or excessive and whilst it’s not like us, we might even decline to comply with the request in such circumstances. It’s also possible that we may not be able to comply with the request for compliance reasons
As a final note, if you choose to exercise any of these rights, without exception we will ask you to confirm your identity, which means we might need to request specific information from you. This is to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
13. Your right to withdraw consent:
You have the right to withdraw your consent for us to collect, process and transfer your data at any time where consent is our only lawful basis for processing your information. To withdraw your consent, please get in touch using the contact details below.
Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to (unless we have another lawful basis for doing so).
14. Changes to this privacy notice
We keep this privacy notice under regular review and will place any updates on our website at www.cooperparry.com/privacy-policy/.
You can get paper copies of this privacy notice by sending an email to firstname.lastname@example.org.
This privacy notice was last updated on 19 April 2023.
15. Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Risk and Compliance Partner, Simon Atkins, on email@example.com.
You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details:
Information Commissioner’s Office
Telephone: (0303) 123 1113 (local rate) or (01625) 545 745