1. Introduction

TaxConnect Accountants Ltd (“the Company”) is committed to protecting the privacy and personal data of our clients, employees, and any individuals who interact with our business. This GDPR Policy outlines our approach to compliance with the General Data Protection Regulation (GDPR) and sets out the principles we follow to ensure the lawful and responsible handling of personal data.

2. Scope

This GDPR Policy applies to all personal data processed by the Company, regardless of the format or medium in which it is stored. It applies to all employees, contractors, and third parties who handle personal data on behalf of the Company.

3. Data Protection Principles

The Company adheres to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner, ensuring that individuals are informed about the processing of their data.
• Purpose Limitation: We collect and process personal data only for specified and legitimate purposes, and we do not use it in any way incompatible with those purposes.
• Data Minimization: We collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate, up to date, and, where necessary, rectified without delay.
• Storage Limitation: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal and regulatory requirements.
• Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, protecting it against unauthorized access, loss, destruction, or damage.

4. Lawful Basis for Processing

The Company processes personal data based on one or more of the lawful bases provided by the GDPR, including:

• Consent: We obtain explicit and informed consent from individuals before processing their personal data, and individuals have the right to withdraw their consent at any time.
• Contractual Obligations: We process personal data as necessary for the performance of contracts with our clients or to take steps at their request prior to entering into a contract.
• Legal Obligations: We process personal data to comply with our legal obligations, such as tax and accounting requirements.
• Legitimate Interests: We process personal data based on our legitimate interests, provided that such interests are not overridden by the rights and freedoms of the individuals concerned.

5. Rights of Data Subjects

The Company respects the rights of individuals in relation to their personal data, including the right to:

• Access: Request access to their personal data and obtain information about how it is being processed.
• Rectification: Request the correction of inaccurate or incomplete personal data.
• Erasure: Request the deletion or removal of personal data under certain circumstances.
• Restriction: Restrict the processing of personal data under certain circumstances.
• Portability: Request the transfer of personal data to another organization or receive it in a structured, commonly used, and machine-readable format.
• Object: Object to the processing of personal data in certain situations, including direct marketing.
• Automated Decision-Making: Be informed about any automated decision-making processes, including profiling, and the logic involved.

6. Data Breach Management

In the event of a personal data breach, the Company has established procedures to promptly assess and mitigate the impact of the breach. We will notify affected individuals and the appropriate supervisory authority as required by law.

7. Data Protection Officer

The Company has appointed a Data Protection Officer (DPO) to oversee data protection activities and ensure compliance with applicable data protection laws and regulations. The DPO can be contacted at:

Name: Mr Tanvir Rahman, FCCA

Address: 63 St Mary Axe, London EC3A 8AA

Email: tanvir@taxconnectaccountants.co.uk

8. Training and Awareness

The Company provides regular training and awareness programs to employees and contractors who handle personal data, ensuring they understand their obligations and responsibilities under the GDPR.

9. Review and Update

This GDPR Policy is regularly reviewed and updated to reflect changes in legal and regulatory requirements, as well as best practices in data protection.

If you have any questions, concerns, or requests regarding the processing of your personal data by TaxConnect Accountants Ltd, please contact our Data Protection Officer.