GDPR Policy 
 

1. Introduction

 

At Business Finance Advice Ltd, we are committed to protecting the privacy and personal data of our clients and website visitors. This GDPR (General Data Protection Regulation) policy outlines how we collect, use, process, and store personal data in accordance with the regulations set forth by GDPR.

 

2. Data Controller and Contact Information

 

Business Finance Advice Ltd acts as the data controller and is responsible for the processing of personal data. If you have any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer (DPO) at:

 

Name: Indy Randhawa

Email: info@businessfinanceadvice.com

Address: 2 Infirmary Street, Leeds,LS1 2JP

Phone: 03301 337 960

 

3. Types of Personal Data Collected

​

We may collect and process various types of personal data in order to provide our chartered accountancy services and enhance user experience on our website. The types of personal data we may collect include but are not limited to:

 

Contact information (name, address, email, phone number)

Financial information (bank details, income, expenses)

Identification information (passport, ID, driver's license)

Business information (company details, tax IDs)

 

4. Legal Basis for Processing

 

We process personal data under the following legal bases:

 

Performance of a contract: Processing necessary to fulfil a contract with our clients.

Legal obligation: Processing necessary to comply with legal obligations, such as tax requirements.

Legitimate interests: Processing necessary for our legitimate interests, as long as they are not overridden by the interests or fundamental rights and freedoms of the data subjects.

Consent: Processing based on explicit and informed consent, where applicable.

5. Purposes of Processing

 

We process personal data for the following purposes:

 

Providing chartered accountancy services to clients.

Managing and administering client accounts.

Responding to client inquiries and requests.

Complying with legal obligations, including tax regulations.

Improving and customizing our website and services.

 

6. Data Retention

 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, as well as to comply with legal obligations. Once the retention period has expired, the data will be securely deleted or anonymized.

 

7. Data Security

 

We implement technical and organizational measures to ensure the security of personal data. This includes encryption, access controls, regular security assessments, and staff training on data protection.

 

8. Data Sharing

 

We may share personal data with third parties, such as regulatory authorities or service providers, when necessary to fulfil our services and legal obligations. We ensure that any third party with whom we share data also maintains an adequate level of data protection.

 

9. Data Subject Rights

 

Individuals have certain rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Requests related to these rights should be directed to our DPO.

 

10. Changes to the GDPR Policy

 

We may update this policy from time to time to reflect changes in legal or regulatory requirements. Any updates will be posted on our website, and the revised policy will apply to all personal data collected after the effective date.

 

By using our website and services, you acknowledge that you have read and understood this GDPR policy and consent to the processing of your personal data as described herein.

 

Last Updated: 17th March 2023