This is the privacy statement of Aston Hughes Limited. At Aston Hughes Limited (“Aston Hughes & Co” or “we”) we are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you; that you provide us or that we receive from others about you will be processed by us. It includes data that we hold electronically and in paper files.
1 How and why we process personal data
We will process data to deliver the services Aston Hughes & Co are contracted to provide to you.
We confirm, when processing data on your behalf, that we will comply with the provisions of all relevant data protection legislation and regulation.
We do not sell, rent or lease any of the personal information collected from you to third parties. We do not use or disclose sensitive personal information, such as race, religion, or political affiliations (in the event that we become aware of any), without your explicit consent.
What personal information we collect
The personal information that we collect will vary depending on which product or service we deliver. These may include (the list is non-exhaustive):
• Personal Identifiable Information (Names, email address, postal information, DOB)
• IP addresses
Where we collect personal information from
• Through formal engagement to provide professional services
• Via our website (General enquiries; mailing list sign ups;event booking; questionnaires or surveys; submission of a job application)
• At marketing or recruitment events (event feedback/surveys; prize draws)
Legal bases for processing data
The legal bases for the processing of client data where a formal client engagement exists is under the following paragraphs of the General Data Protection Regulation (GDPR): Article 6 1.(b), the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, and Article 6 1.(f), it is in the legitimate interests of the data controller or a third party.
Our legitimate interest means the interests of our company in conducting and managing our business to enable us to give you the best service and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. Safeguards have been put in place to ensure we achieve the correct balance between both our interests.
Where no formal engagement exists, the legal basis for processing personal information is consent provided via our website; app or via formal consent at a marketing event.
How we use your personal data
The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive):
• Deliver services and meet legal responsibilities
• Verify identity where this is required
• Communication by post, email or telephone
• Understand needs and how they may be met
• Maintain records
• Process financial transactions
• Prevent and detect crime, fraud or corruption
• Send information about events, topical news and changes to legislation
Who has access and why?
Data will be held and processed for the purpose of providing the service that we are contracted under our Terms of Engagement; or where you have provided your information via our website or at a marketing event.
Only those staff who have a legitimate need to access data will be authorised to do so. We may also be required to share your data with some third parties. For example, if we have a problem with some software it may be necessary to provide the software supplier with specific data. However, where this is necessary we only disclose the information that is required to resolve the issue, and we have a contract in place that requires them to keep your information secure and not to use for their own purposes. Examples of third parties could include (this list is non-exhaustive):
• Software providers
• Website hosting provider
• Electronic communication providers
How long we retain your personal data
To meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it and for the purposes we acquired it for in the first place.
Where we have a formal engagement, we will collect personal data and retain for as long as required under current legislation as detailed in our Terms of Engagement.
Where we don’t have a formal engagement and you have submitted your data via our website or other marketing channels, we shall keep your personal information on our database, subject to an individual’s right to unsubscribe or be forgotten at any time. Please see the Your Rights section below.
2 Using our website & social media
We may collect information about the software on your computer (your browser version etc) and your IP address (your connection with the internet) in order to improve your interaction with our website. This may happen automatically without you being aware of it.
improve the way your searches are processed. This helps us to better manage and develop our website, to provide you with a more enjoyable, customised service and experience in the future, and to help us develop and deliver better products and services tailored to your individual interests and needs.
Cookies also enable us to generate statistics about the number of visitors we have and how they use the website and the internet to improve the service we provide. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites. For more information about cookies.
Any social media posts or comments you send to us (on our Facebook page, Twitter or LinkedIn) will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you should review the terms and conditions and privacy policies of the social media platforms you use.
3 Your Rights
You have a number of rights under GDPR:
Right of Access
You have the right, subject to a number of exceptions, to know what information we hold about you.
Right to Rectification
You have the right to have any information we hold about you corrected if inaccurate or incomplete.
Right to Erasure
You have the right to ask us to delete personal information about you where:
• You consider that we no longer require the information for the purposes for which it was obtained.
• We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent.
• You have validly objected to our use of your personal information – see Right to Object.
• Our use of your personal information is contrary to law or our other legal obligations.
Right to Object
You have the right to object our processing of your personal data on the basis of legitimate interest, for direct marketing or for processing event bookings.
We will stop processing your data on the basis of legitimate interest unless there are compelling legitimate grounds for us to continue.
We will stop any processing of your data for direct marketing as soon as we receive an objection.
Right to Restrict Processing
You have the right to restrict processing of your data in certain circumstances, such as when there is a question over the way in which we are using it.
Right to Data Portability
You have the right to obtain and reuse your personal data for your own purposes, subject to terms detailed in our Terms of Engagement where a formal client relationship exists.
We will not make any decision regarding you by purely automated means.
Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us by emailing firstname.lastname@example.org if you wish to exercise any of these rights.
We keep this privacy statement under regular review and will place any updates on this page.
This privacy statement was last updated on 24/5/18.
Contact information and further advice
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
T : 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns
General practice registration
We are registered with the Institute of Chartered Accountants in England and Wales as Chartered Accountants and can be found on the register at http://find.ICAEW.com/ using our firm name and location.
Audit Regulations & Guidance
Registered to carry on audit work in the UK and regulated for a range of investment business activities by the Institute of Chartered Accountants in England and Wales. Details about our audit registration can be viewed at http://www.auditregister.org.uk/for the UK, and ‘cro.ie/auditors’ for Ireland, under reference number C004161440.
Professional Indemnity Insurance
In accordance with the disclosure requirements of the Provision of Services Regulations 2009, our Professional Indemnity Insurer is PI Protect Legal Services, King’s House, 42 King Street West, Manchester, M3 2NU the policy is underwritten by Barbican syndicate 1955 at Lloyd’s under Binding Authority No: B60530104130115. The territorial coverage is Worldwide excluding professional business carried out from an office in the United States of America or Canada and excludes any action for a claim brought in any court in the United States of America or Canada.
Information on the Aston Hughes & Co website is not intended for use without professional advice. In the preparation of this site, every effort has been made to offer the most current, correct and clearly expressed information possible. Nonetheless, inadvertent errors can occur and applicable laws, rules and regulations often change. The information in this site is not intended to serve as legal, accounting, financial or tax advice. Users are encouraged to consult with professional advisors an Aston Hughes & Co office for advice concerning specific matters before making any decision.
In the event of dispute all matters will be subject to the jurisdiction of English courts. This disclaimer and all terms and conditions on this site are governed by and to be construed in accordance with the laws of England and Wales.
No part of the text or graphics on this site may be reproduced or transmitted in any form or by any means, electronic or mechanical, including by photocopying, facsimile transmission, recording, re-keying, or using any information storage and retrieval system, without permission in writing from Aston Hughes & Co.
Any reference the Aston Hughes refers Aston Hughes & Co.
Aston Hughes & Co is the practicing name of Aston Hughes Limited – Registered in England & Wales 08668456.
Directors: Andrew D Erasmus BSc, FCA, G Glenis Hickerton, BSc, ACA, ACIS, Gareth L Lowe BSc, ACA.
Registered Office Selby Towers, 29 Princes Drive, Colwyn Bay, Conwy, LL29 8PE