Your information – what we collect and how we use it
1. Cooper Parry LLP and its subsidiary companies (that’s: Cooper Parry LLP; Cooper Parry Holdings Limited; Cooper Group Limited; Cooper Parry Wealth Limited; Snapshot Software Limited; Cooper Parry Financial Services Limited; Cooper Parry Trustees Limited; Creaseys Wealth Limited, but to save ink (and reading), we’ll refer to ourselves as “the business”, “we” or “us” for the rest of this document) take data protection seriously.
In keeping the requirements of the General Data Protection Regulation (GDPR), we’ll only use your personal data for three reasons: 1) to deliver the products and services you’ve requested from us; 2) to meet our legal responsibilities; or 3) to understand how you are using our website (if you consent).
2. We’d collect personal data about you when:
- you request a proposal from us to provide you with a service
- you, your employer or one of our clients engage us to provide our services. We’ll also collect data during the period we’re delivering those services
- you get in touch with us. That could be by email, phone, post, social media or through our website
- we consult third parties and/or review data which is available to the public. For example, we may ask for data from your employer or find it on Companies House.
3. Here’s the kind of information we’ll hang on to for a bit:
- your personal details such as your name or address
- details of the communication we’ve had with you relating to the delivery or proposed delivery of a service
- details of any services you’ve received from us
- our correspondence and communications with you
- information about any complaints you make (although we try to keep these to a minimum!) and any questions you ask us
- information from research, surveys and marketing activities
- information we receive from other sources (for example, publicly available information, information provided by your employer or our clients, credit reference agencies etc).
4. How we use personal data we hold about you:
In order to process your data, we are obliged to identify at least one of what’s called our “lawful basis for processing”.
We may process your personal data:
- to help us perform the things we said we’d deliver (or you instructed us to deliver) for you in a contract. This might apply where we’re processing your personal data because you’re an employee, subcontractor, supplier, or customer of a client of ours. The lawful bases that apply here are “contractual” and/or “legal obligation” (where we are obliged to process your data to satisfy a legal requirement).
- for the purposes of our own interests (providing these interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data of course!). Examples of these interests might include marketing, business development, statistical and management purposes (this would be “legitimate interest”)
- for certain additional purposes if you provide your consent. Please bear in mind: where we ask for your consent to using your data, you have the right to withdraw this consent at any time (called “consent”)
We might use your personal data to:
- get in touch with you by post, email or telephone
- verify your identity where we need to (this is referred to as “Know your client”)
- understand what you need and how we can achieve this for you
- maintain our records in accordance with legal and regulatory obligations
- process financial transactions
- provide you with information on our services, events and activities that we think you’ll be interested in
- ask you your thoughts and opinions on the services we provide
- let you know about any changes to our services
- prevent and detect crime, fraud and corruption.
5. How long do we keep your personal data?
We will retain your personal data after we have fulfilled the original purpose for which it was collected’, as set out below.
When assessing how long we keep your personal data, we take the following into consideration:
- the requirements of our business and the services we provide
- any statutory or legal obligations that require us to keep it
- the reason why we originally collected the data
- the lawful grounds on which we have been processing the data
- the types of personal data we’ve collected
- the amount and categories of data
- whether the purpose of the processing could reasonably be fulfilled in other ways.
Don’t panic! Legislation, regulations, and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies but it’s typically six years plus the current financial year. So, we keep it for at least six just to make sure. Where we can, we measure how long we keep the data from the end of the accounting period to which it relates.
There are some scenarios where the time we’re obliged to keep data for is longer than this (for example where the data relates to insolvency), but rest assured, we don’t want to hold on to your data any longer than we have to!
6. Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one.
If we think it’s necessary to use your personal data for a new purpose, we’ll do so transparently by keeping you informed and reminding you of your rights before we start any new processing of your data.
7. Who has access to your personal data?
First let’s be clear – we won’t:
- sell or rent your information to third parties
- share your information with third parties for marketing purposes
Rest assured, access to your information is limited to those who need it and any of our people with access to your information understand that they have a duty of confidentiality. This falls under industry-related ethical standards, which we’re all required to follow.
8. People or businesses (“Third Party Service Providers”) working on our behalf:
In some cases, we use other people or businesses (we call them “third party service providers”) to provide professional advice, for cloud-based information storage facilities and in some cases processing that we’ve been asked to deliver for you, but don’t have in-house capacity.
Whenever we use third party service providers, we have contracts in place requiring them to keep your information secure and not use it for their own purposes; and we take great pains to only disclose the personal information necessary to deliver the service.
We’ll not release your information to other third parties unless:
- you’ve requested that we do so; or
- we’re required to do so by law. (For example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.)
9. Our security measures in place to prevent the loss, misuse or alteration of your personal data:
We’ve put security measures in place to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We also limit access to your personal data to those employees and other third-party service providers who have a business need to know. They’ll only process your personal data on our instructions, and they too are subject to a duty of confidentiality.
We’ve put procedures in place to deal with any suspected data security breaches. In the event of an actual or suspected breach of your data, we’ll notify you and any applicable regulator where we’re legally required to do so.
Whilst your data will usually be processed in our offices in the UK, to allow us to operate efficient digital processes, we sometimes need to process your data outside the UK. This is ordinarily done within the European Economic Area (EEA), but on some occasions, we may process your data outside of the EEA. Where this is the case, we will always tell you before it happens. We have applied due diligence and have suitable contractual agreements in place with these third-party service providers that meet all relevant regulatory requirements.
10. Your duty to inform us of changes in your personal data:
It’s important that the personal data we hold about you is accurate and current, for both our sakes! Please let us know of any relevant changes (for example, change of address or bank account) by getting in touch with your usual Cooper Parry contact or using the contact details below.
11. Your rights in connection with personal data:
By law, you have the right to:
- ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully
- ask us to correct the personal data that we hold about you
- ask us to delete your personal data. This one’s a little tricky! If, for some reason, we still hold your data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold!
- object to us processing your personal data. This applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data
- ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
- ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible
- withdraw consent for processing – we’ve got a special section on this below
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.
At this point it’s worth mentioning:
- you won’t have to pay a fee to exercise any of these rights, however;
- we may charge a reasonable fee if your request for access is clearly unfounded or excessive; and
- whilst it’s not like us, we might even decline to comply with the request in such circumstances. It’s also possible that we may not be able to comply with the request for compliance reasons
As a final note, if you choose to exercise any of these rights, without exception we will ask you to confirm your identity, which means we might need to request specific information from you. This is to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
12. Your right to withdraw consent:
You have the right to withdraw your consent for us to collect, process and transfer your data at any time where consent is our only lawful basis for processing your information. To withdraw your consent, please get in touch using the contact details below.
Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to (unless we have another lawful basis for doing so).
13. Changes to this privacy notice:
We keep this privacy notice under regular review and will place any updates on our website at www.cooperparry.com/privacy-policy/ You can get paper copies of this privacy notice by sending an email to email@example.com.
This privacy notice was last updated on 7 September 2021.
14. Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email our Compliance Partner, Simon Atkins, on firstname.lastname@example.org.
You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details:
Information Commissioner’s Office
Telephone: (0303) 123 1113 (local rate) or (01625) 545 745