DKD Associates Ltd – Privacy Notice
This privacy notice explains how DKD Associates uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
Data controller
DKD Associates is a data controller, because we make decisions about what data we collect and how it is used and with whom it is shared with. We can be contacted at dawndickens@dkdassociates.co.uk or telephone number 07824 888337
On what basis do we collect and process your data?
Data Protection law defines the basis by which we can lawfully collect and process personal data.
To enter into or in pursuance of a contract:
We will collect personal data on the basis of entering into a contract. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.
Where we have a legal obligation:
We will collect personal data when we are required to through a legal obligation.
In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of DKD Associates to do so and where we have ascertained that the rights of the data subject are not outweighed by that interest.
For the data we act directly as data controller for, we have determined the following basis:
Clients
| Purpose | Data Category | Data Type | Legal Basis |
| Entering into Contract | Identity Details | Full Name | Contract |
| Entering into Contract | Contact Details | Address | Contract |
| Entering into Contract | Contact Details | Phone numbers | Contract |
| Entering into Contract | Contact Details | Email address | Legitimate Interest |
| Entering into Contract | Operational data | Signature | Contract |
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we process as data controllers from our data subjects is obtained directly from the data subject themselves. Other personal data where we act as data controllers or joint data controllers is transferred to us as part of an outsourced commercial agreement to provide professional services.
Data recipients and data transfers
We do not sell any of your personal data to any third party. Where required, DKD Associates share personal data with service providers such as our accountants, solicitors, insurance companies, web hosting and IT support companies and partner advisory organisations. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud and anti money laundering or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
As a professional services company and advisors, we will at times be considered joint data controllers or data controllers alongside our clients. It is likely that those clients, will share personal data with us in order to perform a contractual obligation. In entering into a data sharing scenario, DKD Associates recognises that we have obligations to process the data lawfully and to ensure we have technical and organisational measures in place to keep that data secure.
Personal data in electronic form is held in EU or UK accredited data centres. If there is a requirement to transfer data outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through a mechanism such as standard contractual clauses as approved by the EU.
Retention policy
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Information placed on our system will be deleted in accordance with legal obligations, such as HMRC requirements or in compliance with the CIPD’s guidance. DKD Associates will ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected.
Personal data collected for the purposes of engaging with clients will be maintained for the duration of the commercial relationship and for a further 7 years thereafter.
Personal data shared with us will be deleted following completion of contract unless there is a legitimate interest or legal obligation reason to retain it.
Data Storage and Security
DKD Associates follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission or other lawful purpose and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures.
We utilise the services of Microsoft ‘One Drive’ to store personal data. This provides enhanced inherent security controls on Microsoft’s infrastructure. In addition, this provides data backup processes and disaster recovery redundancy. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data.
Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. DKD Associates is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
- Right of Access – you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object – You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
DKD Associates does not use automated decision making to process personal data.
Third party websites
Our website may contain links to other websites. This privacy policy only applies to DKD Associates so if you follow a link to another website, you should read that organisations own privacy policy.
Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in January 2021
How to contact us
You can write to us at this address:
DKD Associates Ltd
35 Sherwood Street, Warsop,
Mansfield, Nottinghamshire,
England, NG20 0JR
You can telephone us on this number:
07824 888337
Or email: dawndickens@dkdassociates.co.uk