We may use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit: http://www.aboutcookies.org for detailed guidance.
The list below describes the cookies we may use on this site and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
First Party Cookies
These are cookies that are set by this website directly.
You can find out more about Google’s position on privacy as regards its analytics service here: https://support.google.com/analytics.
We may use a session cookie to remember your log-in for you if you are a registered user and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken.
More information on session cookies and what they are used for can be found here: http://www.allaboutcookies.org/cookies/session-cookies-used-for.html.
Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by Facebook and Google+. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
The information contained in this website is for general information purposes only. The information is provided by Commercial Accounting and Taxation Ltd and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose.
Any reliance you place on such information is therefore strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under the control of Commercial Accounting and Taxation Ltd. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Commercial Accounting and Taxation Ltd takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
What is this document and who is it for?
This document is intended to provide you with important information about how we process your personal data. This includes details of what personal data we hold, how we store it, what we do with it, why we hold it and how long we hold it for.
The contents of this document apply to both clients and prospective clients of Suttle & Co. (Commercial Accounting and taxation Limited.)
The below ‘summary information’ section provides some general summary information about what we do with your personal data. Full details can be found in the "Personal Data Held" section below.
In order to provide you with the services detailed in our letter of engagement Suttle & Co must hold and process personal data. We use this information to; conduct Customer Due Diligence (CDD) checks we are obliged to conduct under law; meet our obligations detailed under our letter of engagement; and, provide you with any additional services we may agree with you to provide.
We hold your personal data on varying systems including cloud-based accountancy software, accountancy software stored locally on our computers, our outlook emails systems, as spreadsheets stored locally on our computers and, in some instances, as physical printouts stored in our office.
Data Protection Policy
You should read this privacy notice in connection with Suttle & Co’s data protection policy. A copy of our data protection policy can be requested at any time from us, also available below.
Data controller’s and data protection officer’s details
Data Controller: Suttle & Co (Trading name of Commercial Accounting & Taxation Ltd Incorporated in England under company number: 10061360)
Data Protection Officer: Helen Christopher
How to contact us with any questions
If you would like to contact us, please use the below methods. Please note that our office closes on weekends and English bank holidays. We normally close the office over the Christmas period, including some normal working days, please contact us for more information. If your contact relates to exercising your rights under data protection legislation it will help us if you make your communication in writing (either post or email).
Telephone: 01929 422093
Post: Unit 1 The Sidings, Victoria Avenue Industrial Estate, Swanage, Dorset BH19 1AU
Under data protection legislation you have eight main rights relating to your personal data:
1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights related to automated decision making including profiling
For more information on your rights and how we uphold your rights, please visit the Information Commissioner’s Office’s website (www.ico.org.uk) and review our data protection policy, which can be accessed from the relevant sections of our website or can be provided on request.
If at any time you would like to exercise one of your rights under data protection legislation, please contact us. We recommend that you consult our data protection policy before contacting us.
If you would like to make a complaint about the Association’s handling of personal data and how we have met our obligations under data protection legislation you can contact the Information Commissioner’s Office (www.ico.org.uk). Though we would always encourage you to contact us in the first instance so that we can attempt to resolve your complaint.
Personal Data Held (With Lawful Basis for Processing)
NAME (Contract, Legal)
ADDRESS (Contract, Legal)
DOB (Contract, Legal)
NI NUMBER (Contract, Legal)
UTR NUMBER (Contract)
VAT NUMBER (Contract)
PAYE REFERENCE NUMBERS (Contract)
TELEPHONE NUMBER (Contract, Legal)
EMAIL ADDRESS (Contract, Legal)
COPY OF PHOTO ID (Contract, Legal)
BANK STATEMENTS (Contract)
BOOK KEEPING RECORDS (Contract)
This information is stored on our local server/desktop PC's, unencrypted, password protected, within client paper files and cloud based software which is password protected.
Who has access to the data?
All employees (and occasionally, sub contractors) of Suttle & Co have access to the data for processing purposes.
Anyone with access to the data has received appropriate training in the GDPR.
Who is the data shared with?
In order for us to fulfil our contract with you the data may be shared with the following organisations:
- Companies House
- Other third parties such as Mortgage Lenders/Banks (upon request from you only)
In order for us to meet the necessary requirements and obligations of the professional bodies to which we belong, data may be shared with the following organisations:
- Professional Indemnity Insurers
- Our Professional bodies - CPAA, AAIA, ATT
How long is this data stored for?
In accordance with the recognised good practice within the tax and accountancy sector, we will retain all of
our records relating to you as follows:
Where accounts and tax returns have been prepared it is our policy to retain the records relating to their preparation for seven years from the end of the tax year to which they relate. This applies whether our business relationship is ongoing or has ended.
Whilst our client relationship is ongoing we may retain data, such as Capital Gains base costs and HMRC claims or elections, for the duration of our relationship.
At the end of our business relationship, if moving to a new accountant, we will share data with them once we have received the necessary professional clearance and instructions from yourself. We will retain data relating to preparation of accounts and tax returns submitted by ourselves for seven years, as detailed above, and will return any other data we hold to yourself, or destroy it if instructed by you to do so.
NOTE: You are required by law to retain documents and records relating to your tax affairs as follows:
Individuals, Trustees and Partnerships :
- with trading income or rental income - five years and 10 months after the end of the tax year.
- otherwise - 22 months after the end of the tax year.
Companies, LLPs, other corporate entities :
- Six years from the end of the accounting period.
Suttle & Co takes its responsibilities under data protection legislation extremely seriously. Breach of our data protection responsibilities can result in significant financial and reputational damage. We therefore endeavour to implement practices which ensure that we are constantly upholding our responsibilities under data protection legislation and allow us to meet our clients’ expectations in terms of privacy.
General Data Protection Regulations (GDPR) and Data Protection Act 2018
The primary legislation in the United Kingdom governing data protection is the GDPR and the Data Protection Act 2018. The legislation covers personal data. Personal data means any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.
The six principles established under this legislation, require personal data to be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest shall not be considered to be incompatible with the initial purposes
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of individuals; and
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Privacy Notices (Right to be Informed)
We maintain a privacy notice which all clients have been provided a copy of. This notice details important information relating to why and how data is processed. In particular our privacy notice contains details of; the identity and contact details of the controller and the data protection officer; what data is being collected; why the data is being processed and the lawful bases for the processing; who has access to the data; where the data will be stored; who the data will be transferred to, including details of any third country and applicable safeguards; where the data has been obtained, if the Association has not collected the data directly; how any automated decision has been made; the individual’s rights.
Access Requests (Right of Access)
All individuals have a right to obtain; confirmation that their data is being processed; access to their personal data; and, other supplementary information (which can largely be found in the applicable privacy notice).
All access requests will be completed free of charge, unless the request is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and details of costs associated with fulfilling the request. The fee charged will be based upon; administration time costs; postage costs; printing costs; and, any other delivery cost.
In exceptional circumstances we may refuse an access request. An access request will only be refused if it is manifestly unfounded or excessive. If the request is deemed by us to be manifestly unfounded or excessive, the individual will receive a written explanation as to why and a statement that the request cannot be processed.
Inaccurate or Incorrect Data (Right to Rectification)
Suttle & Co aims to ensure that all data it holds is accurate and correct. However, from time to time, this aim may not be met. All individuals have a right for inaccurate or incorrect data to be corrected or rectified.
Where data has been transferred to a third party and subsequently it has been rectified, we will notify the third party without delay of the rectification.
In some instances, we may not take action to a right to rectification request (for example, if it is believed that the request has malicious intent or is inaccurate). If no action is to be taken, a written explanation will be provided to the individual who made the request.
Request to Delete Data (Right to Erasure)
Suttle & Co aims to retain data for only as long as it is needed. However, from time to time, this aim may not be met, or a valid reason as to why the data no longer needs to be retained maybe presented which had not been considered by us. All individuals have a right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
In limited circumstances we will not be able to comply with a request to delete or remove data. This will normally be because the data is being used to; comply with a legal obligation for the performance of a public interest task or in exercising official authority; or, to exercise or defend legal claims. If no action is to be taken, a written explanation will be provided to the individual who made the request.
Request to Suppress Processing of Data (Right to Restrict Processing)
Restricting processing means Suttle & Co will continue to store the personal data, but will not ‘use’ the data or transfer it to third parties.
We will restrict processing; if you contest the accuracy of the personal data we hold, the restriction will apply until such a time as we have verified the accuracy of the data; if you have objected to the processing and we are considering if we have legitimate grounds not to act on your objection; if the processing we are conducting is found to be unlawful, but you oppose erasure; if we no longer require the data, but you require the data to establish, exercise or defend a legal claim.
If data has been passed to third parties, we will inform them of any restriction to processing as soon as possible.
We may have to retain certain personal data, either for a defined period of time or indefinitely, to ensure that a restriction on processing is enforced. This will always be explained in writing to the relevant individual.
Reusing Personal Data (Right to Data Portability)
Personal data can, on the request of the individual, be transmitted to other organisations, or, provided to the individual in a format which they can reuse. All individuals have a right to obtain and reuse their personal data across different services.
Before providing data, we will take reasonable steps to ensure that the individual making the request has a right to the data they are asking for. This may include providing a copy of government issued ID.
Data provided as part of the right to data portability will always be provided in a structured, commonly used and machine-readable format.
Suttle & Co welcomes information which clients have transferred from other organisations. All reasonable measures will be taken to facilitate the right to data portability.
In some cases, where the request is complex, or we have received a number of requests, we may require an additional two months to comply with a request to be processed. If this is the case a written explanation will always be provided to the individual concerned within one month of receiving a request.
Objections to Data Processing (Right to Object)
If Suttle & Co is processing data based on legitimate interests, for direct marketing or for statistical purposes individuals have the right to object. To object the individual must have grounds relating to your situation.
If the objection relates to Suttle & Co using an individual’s personal data for direct marketing purposes, then we will cease to process the data immediately.
Training and Communication
A copy of this policy is given to all employees, contractors, apprentices, trainees and other official agents of Suttle & Co. In some cases, as an additional control, some employees, contractors, apprentices, trainees and other official agents may be required to sign a copy of this policy.
All employees, contractors, apprentices, trainees and other official agents will be given training on this policy before being given access to personal data or being involved in a role related to the processing of personal data.
Significant breaches of this policy can result in disciplinary action.
Ultimate responsibility for this policy rests with the principles of Suttle & Co. Day to day responsibility for this policy is held by Helen Christopher.
Monitoring and Review
This policy is kept under constant review to ensure its suitability, adequacy and effectiveness. Any improvements identified will be made as soon as possible.
Comments from employees, contactors, officials, clients and regulators are welcome and will be taken into consideration.
Contacting Suttle & Co
To contact Suttle & Co regarding any aspect of this document:
Telephone : 01929 422093
Email : email@example.com
Write to :
Suttle & Co
Unit 1 The Sidings
Victoria Avenue Industrial Estate
Suttle & Co is the trading name of Commercial Accounting & Taxation Ltd
Registered Office: as above
Company Number: 10061360
Director: Gary Suttle
Latest on the Workplace Pension and Minimum Wage as well as updates regarding Making Tax Digital
If you have any questions about our services or would like to get in touch please use the contact form and someone will reply as soon as possible.
If you prefer to talk to someone please call our offices on:
Our offices are open Monday to Friday 9 am to 5pm.