Personal data is information that helps to identify a living person. The means of collecting, processing, retaining and using the data may differ depending on the purpose. We would like to be as transparent as possible and have provided information (this list is not exhaustive) about our processing activities and reasons why we retain data for your information:-
- Our clients contact details and any individuals who may be associated with our clients
- Business contacts, subcontractors and suppliers and any individuals who may be associated with them
- Any individuals who use our forms and applications in connection with the provision of our professional services
- Anyone who gets in touch with us through our website, telephone or email
- Any visitors to our office interested in using our products and services
Most of the data we hold comprises names and contact information for individuals including email, service and residential addresses and telephone numbers. We will also hold data to include date of birth, nationality, occupation and country of residence which we need to complete when filing forms at Companies House. The GDPR (“General Data Protection Regulation”) refers to sensitive personal data as “special categories of personal data”. We do not record any such special data.
What we do with the data
We use the data we gather to meet your needs as a service provider for the purposes of our legitimate interests as a company compliance business and to comply with our legal requirements. More specifically we use the data to ensure annual compliance and statutory regulations are met. We file forms at Companies House, prepare company accounts, and prepare VAT returns and corporation tax returns. We also use the data to update and maintain statutory books and registers. In most cases the provision of our services will require information to be sent to Companies House or HMRC, amongst other government agencies, where it will be placed on public record. We also use your information for internal record keeping and credit control but for no other purpose. We do not use the data we hold for marketing purposes.
Security and Confidentiality
Our data is held on secure servers which we outsource to a third party and we try to avoid keeping paper based records where possible. If we do have paper based records, they are held at our office, 1 Princeton Mews, 167-169 London Road, Kingston upon Thames, Surrey KT2 6PT. We observe recognised security standards and have frameworks and policies in place to ensure that the data we hold is not kept for longer than necessary and is disposed of appropriately. We regularly review our policies to ensure that the data we hold is and remains secure. We do not sell, distribute or lease personal information to third parties unless we are required to do so by law.
Our employees access client’s data in order to carry out their legitimate tasks for the business. The employees have signed updated contracts with provisions regarding data confidentiality and are not free to use the data for any other purpose. Compliance with any internal policies relating to data protection is mandatory for our employees.
When and how we share personal data
We will only share your data with third party service providers when we are permitted to do so and we are putting in place contracts to ensure the protection of the data we share with them but we cannot be held responsible for what they do with the data.
Data held by us may be transferred to (this list is not exhaustive):-
- Government bodies such as HMRC, Companies House and the Foreign Office
- Cloud based IT service provider
- Cloud based online company secretarial software
- Lawyers, notaries and accountants we are partnered with
- Couriers and distributers
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR we do not have a statutory requirement to have a Data Protection Officer (“DPO”). The person who is responsible for ensuring M & N Group Limited discharges its obligations under the GDPR is Karen Milliner, a director of the company.
How long we keep data
We will keep data for the duration of time that we are instructed to provide services. When we cease to be instructed to act on behalf of a company, all data will be removed from our records and office except the data we are required to legally to hold.
Data controller and contact information
The data controller is M & N Group Limited (a private limited company registered in England and Wales under registration no.01196725 and with its registered address at 1 Princeton Mews, 167-169 London Road, Kingston upon Thames, Surrey KT2 6PT).
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
1 Princeton Mews
167-169 London Road
Kingston upon Thames
Phone: 020 8974 5252
Your rights as a data subject
You have the right to access and amend the data we hold about you and you also have the right to withdraw your consent to us holding your data.
As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to be deleted and restriction or objection to the processing of your personal data. Some of these rights will only be available from 25 May 2018.
If you would like to access your personal data or want to amend the details we hold please email firstname.lastname@example.org. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (currently 40 days). Please email this address if you would like to withdraw consent and be deleted. You have the right to complain if you are unhappy with how we are using your data – please visit the ICO website for more information.