Lighthall Consult Chartered Certified Accountant (Lighthall consult Ltd “we”, “us”, or “our”) are
strongly committed to protecting personal data.
This privacy statement describes why and how
we collect and use personal data and provide information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. At Lighthall Consult Ltd, we process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.
How do we obtain information about you?
We obtain information about you when:
you engage us to provide you with professional services,
when you make enquiries about a potential engagement with us,
when we are engaged to act as a data processor on behalf of a data controller (for
example, when we carry out our payroll services on behalf of an employer),
when you provide us with your personal details upon applying for a role within the firm, when you contact us via our website, sign up to receive our mailings or to attend one of our events. The information collected will generally be obtained directly from you or from a third party which you have provided authority to as your agent. If we are acting as a data processor, the information may be passed to us via the data controller.
What type of information do we collect about you?
For our professional services, the information collected may relate to your personal and financial
circumstances, for us to provide the service that we have been engaged to undertake. For example, we may record your name, address, telephone number, email address, date of birth, unique tax reference, national insurance number, bank account details, data in relation to your personal taxation circumstances, data regarding your business activities, etc.
This could be a service for which either you or a third party have engaged us. For example, we may need to obtain personal data when we are acting as a data processor on behalf of a data controller (such as when we have been engaged to undertake payroll services for an employer or bookkeeping services for a client).
For job applications, this information may include your personal contact details, date of birth, education and skills, previous employment details, interests, ethnic origin, medical conditions, marital status, and CV.
If you have actively consented to receive electronic marketing material, we will hold details of your
name and contact information. You can unsubscribe at any point by emailing us at email@example.com phoning or writing to us (please see the “Contact information” section
For website event bookings, we will record your personal contact details, plus any special dietary
requirements (if applicable).
Our website is compliant with EU regulations on cookies. If you visit our website to read or download information, such as news stories or articles, all the information we collect is statistical only and not personally identifiable.
If you attend an event or visit our offices, we may hold images captured by photographers or CCTV cameras.
Why do we need to obtain and use your personal data?
Our primary statutory basis for processing personal data is for the performance of our contracts with our clients and staff. This includes the processing of personal data when we are engaged by a data controller to provide our services as a data processor.
The information that we obtain is essential for us to be able to carry out the agreed professional
engagement effectively. Without collecting personal data, we would not be able to fulfil our legal and regulatory obligations.
We will also use this data to notify clients of any news that we feel is relevant to our duty of care (for example, updates relating to changes in tax legislation or industry specific information). Where possible, we will communicate these updates electronically.
For marketing purposes, we will only contact you electronically if you have given us consent to do so. You are entitled to unsubscribe at any point and request to be removed from our marketing database.
We may also contact you from time to time if we feel you or your company has a legitimate interest in knowing information about our products or services. You are entitled to unsubscribe and be removed from the marketing database at any point by emailing us at firstname.lastname@example.org, telephoning or writing to us (please see the “Contact information” section below).
How will we use the information about you?
In general terms, and depending on which services we are engaged to deliver, as part of providing
our agreed services we may use your information:
For our business services (including those that we provide as a data processor):
contact you by post, email or telephone
verify your identity where this is required
understand your needs and how they may be met
maintain our records in accordance with applicable legal, regulatory and corporate governance obligations and good practice, ensuring our business policies are adhered to
process financial transactions (this may include credit scoring and checking)
prevent and detect crime, fraud or corruption
complete our agreed services (such as completion of your personal tax return or business accounts), along with assisting in the gathering of information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
for operational reasons, such as recording transactions, training and quality control, ensure the confidentiality of commercially sensitive information
market our business
improve our services
For our applicants and staff:
consider you for a position within the firm
maintain our records in accordance with applicable legal, regulatory and corporate
governance obligations and good practice, ensuring our business policies are adhered to
report regulatory statistics such as diversity and gender pay gap information
where necessary, security vetting (such as DBS / CRB checks)
Who might we share your information with?
If you are our client, to deliver our services to you effectively we may send your details to third parties such as those that we engage for professional compliance, accountancy or legal services as well as product and platform providers that we use to manage book-keeping services for you
Where third parties are involved in processing your data, we disclose only the personal information that is necessary to deliver the service. We have a contract in place with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they will only act in accordance with our written instructions.
Where it is necessary for your personal data to be forwarded to a third party, we will use appropriate security measures to protect your personal data in transit. To fulfil our obligations in respect of prevention of money-laundering and other financial crime we may send your details to third party agencies for identity verification purposes. We will not share your information for marketing purposes with companies outside our
group of companies.
Any staff with access to your information have a duty of confidentiality under the ethical standards
that this firm is required to professionally follow. If you are a member of staff, if there is a need to complete security vetting checks (such as DBS / CRB checks) in relation to work, we may need to pass your information on to the relevant third party for review. This is the only occasion when a third-party processor is used in relation to staff
Transfer of your data to other countries
In the course of carrying out our engaged services, we may transfer your data to other countries, which may not have the same legal protections for your data as the UK.
Where data is being transferred outside of the European Economic Area, we take steps to ensurethat your data is adequately protected in accordance with UK legal requirements. Where we are in a contractual relationship with the recipient, such protection will normally consist at minimum of appropriate contractual protections agreed between us and the recipient.
How long do we keep hold of your information?
In principle, your personal data should not be held for longer than is required under the terms of our contract for services with you. However, we are subject to regulatory requirements to retain data for specified minimum periods. We also reserve the right to retain data for longer than this where we consider it is in your interest for us to do so.
With regards to client data (and data which we obtain whilst acting as a data processor on behalf of a data controller), we will retain your personal data for a minimum of 7 years.
For marketing purposes, where you have consented to hear from us, if we haven’t made contact within 2 years, we will remove you from our database (unless you have already asked to be removed).
For human resources purposes, where you have applied for a position within the firm, we will retain your application for a minimum of 6 months from the closure of the vacancy unless you were successful (in which case, this record will then move to your staff file). For staff, we will retain your personal data for a minimum of 6 years after your employment ceases. Security precautions in place to protect the loss, misuse or alteration of your information
Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Once we receive your information, we make our best efforts to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Your data will usually be processed in our offices in the UK and stored within UK-based data centres. We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.
Your rights Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the details noted below in the “Contact information” section. When your personal data is processed electronically, you have the right to ask us to
move your personal data to another organisation.
Correcting your information
We want to make sure that your personal information is accurate, complete and up-to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information
You have the right to request deletion of your personal data. We will comply with this request, subject to the restrictions of our regulatory obligations and legitimate interests as noted above.
Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you do not want us to delete the data.
Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Objecting to how we may use your information
Where we use your personal information to perform tasks carried out in the public interest then, if you object to this use and ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. Please contact us in any of the ways set out in the “Contact information” section below if
you wish to exercise any of these rights.
please use the following contact details:
Data Privacy Officer: Abby Dare
Email address (general): email@example.com
Email address (marketing opt-outs): firstname.lastname@example.org
Post: Abby Dare
Lighthall Consult Ltd
64 The Broadway
Telephone number: 02085554638
This website (www.lighthallconsult.com) uses and adopt cookies to store data and information on your computer. Cookies help us to provide you with the useful experience out of our website. If you have any questions about the following information, please email email@example.com
Most web browsers allow you to control the cookies stored on your computer through your browser’s settings. To find out more about cookies, including how to see what cookies have been stored and how to manage and delete them, visit www.aboutcookies.org.
Removing or disabling cookies
You may choose to remove or block cookies at any time by adjusting your browser settings, but in some cases, this may impact your experience of our website.
The information below let you know what cookies this site uses and what they are.
This site uses session cookies. These are temporary cookie files, which are erased
when you close your browser.
Third Party Cookies
These cookies are used to collect information about how visitors use our site. We use
the information to compile reports and to help us improve the site.
The information collected is anonymous and does not identify a visitor. The data includes
the number of visitors to the site, where visitors have come from and the pages they
Select this link for an overview of privacy at Google.
Select this link to opt out of being tracked by Google Analytics across all websites.