Khan Thornton's Privacy Policy
Khan Thornton are committed to keeping personal data safe and protected.
This is a copy of our Privacy Policy which explains how we collect and process your personal information, as well as inform you of your privacy rights. This policy complies with the Data Protection Act (2018) and the EU's General Data Protection Regulation (GDPR). Both came into effect on 25 May 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us informed of any relevant changes to your personal information during your relationship with us.
If you have any queries, complaints or requests to exercise your legal rights, please contact our Data Protection Officer. You have the right to make a complaint about us to the Information Commissioner's Office (ICO). The ICO is the UK supervisory authority for data protection issues. www.ico.org.uk We would however, appreciate the chance to deal with your concerns before you approach the ICO.
Summary of Contents
- Who are we?
- Glossary of Terms
- Data we collect from you
- Using your information in accordance with data protection laws
- How long do we keep your information for?
- Who do we share your personal information with?
- Fraud Prevention
- Keeping your data secure
- Transferring your data outside the EU
- Your Rights
- Contacts and Complaints
- Data Protection Officer
- Visitors to our website
- Visitors to our office
- Changes to our Privacy Policy
Who are we?
Khan Thornton Limited is a limited company registered in England with the company number 12883154. It is a wholly owned subsidiary of The Accounting Centre Limited which is registered in England with the company number 04692731. Our registered office is Khan Thornton, 14-18 Heralds Way, South Woodham Ferrers, Chelmsford, Essex, CM3 5TQ. Khan Thornton is registered as a data controller with the registration number ZB210786.
Glossary of Terms
- What is personal information?
- Personal information is defined as any information that can be used to identify a natural, living person.
- What is sensitive personal data?
- Sensitive personal information is special categories of personal data such as medical conditions, genetic data and biometric data.
- What is a data controller?
- A data controller determines the purposes and means of processing personal data.
- What is a data processor?
- A data processor is responsible for processing personal data on behalf of a controller.
- Data Subject
- A data subject is a natural person.
- Processing
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, analysis, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Third Party
- Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under direct authority of the controller or processor, are authorised to process personal data.
Data we collect from you
We may collect and process the following information about you:
Voluntary Provision of Data
We receive information directly from you when you fill in forms or contact us by phone, email, post, electronically etc. The information we collect from you may include your name, home address, business address, email address, company, job title, telephone number, date of birth and financial information. This information will be used to carry out responsibilities resulting from any agreements you've entered into with us and to provide you with the information, products and services that you've asked of us (as defined in our Letter of Engagement and supporting Schedules). It may be used to tell you about changes to our services or products or for any other purposes that we've agreed with you from time to time. The exact personal data we hold will depend on the details you volunteer and the nature of the services that you engage us to provide.
When you apply for a product or to receive a service from us, the application forms you fill out or the resulting contract may contain additional clauses relating to the way we use and process your personal information. These will apply in addition to the above uses.
Anti-Money Laundering and Background Checking
All Accountancy Service Providers (which includes tax advisers, bookkeepers, payroll bureau) must comply with duties imposed by the Terrorism Act 2000, the Proceeds of Crime Act 2002, the Fraud Act 2006, The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the "Anti Money Laundering Legislation"), which are intended to inhibit the activities of terrorists and other criminals by denying them access to technical expertise. If we fail to perform these duties, we risk imprisonment.
Before we accept your instructions, we need to obtain 'satisfactory evidence' to confirm your identity. These procedures may cause us to obtain additional personal information which will be held alongside information you have provided directly. In certain circumstances, we may need to obtain evidence confirming the identities of third parties, the source of funds or other property, the purpose of any instructions or any other matter. We may also need to obtain further evidence after we have begun to act on your instructions and the evidence may include searching by electronic means.
We assume that our clients are honest and law abiding. However, if at any time, there appear to be grounds to suspect (even if we do not actually suspect) that your instructions relate to 'criminal property', we are obliged to make a report to the National Crime Agency (NCA) but we are prohibited from telling you that we have done so. In such circumstances, we must not act on your instructions without consent from NCA. If NCA do not refuse consent within 7 working days we may continue to act. If NCA issue a refusal within that time, we must not act for a further 31 days from the date of the refusal.
'Criminal property' is property in any legal form, whether money, real property, rights or any benefit derived from criminal activity. It does not matter who carried out the criminal activity or how removed the property is from the original crime. Even if you are honest in your dealings, if your property represents a benefit from someone else's crime, we must still make a report. Activity is considered 'criminal' if it is a crime under UK law, no matter how trivial, and whether carried out in the UK or abroad. For example, tax evasion is a criminal offence but an honest mistake is not an offence.
Open Data, Public Records & Third Party Resources
Information we collect about you or receive from other sources:
This could be information from a third party or from publicly available sources such as the electoral register and Companies House. We may also receive information from third parties nominated by yourselves (IFA's and banks).
We may use this information to comply with any applicable legal or regulatory requirements, including "know your client" checks or to comply with any applicable regulatory reporting or disclosure requirements
We do not use any form of automated decision making in our business. Please see the Visitors to our website section for what information may be automatically collected when you visit our website.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
We do not use any form of automated decision making in our business. Please see the Visitors to our website section for what information may be automatically collected when you visit our website.
Using your information in accordance with data protection laws
Data Protection Laws require us to meet certain conditions before we're allowed to use your personal information in the way we describe in this privacy policy. Khan Thornton take these responsibilities very seriously.
When processing personal data, the reason for processing must fall into one of these legal bases:
- The person gave explicit consent
- To fulfil or prepare a contract
- A legal obligation (excluding a contract)
- To save someone's life or in a medical situation
- To carry out a public function
- Some other legitimate reason
How long do we keep your information for?
We will keep your personal information in accordance with our internal data retention policies. We'll determine the length of time we keep it based on the minimum retention periods required by law or regulation. We'll only keep your personal data after this period if there is a legitimate and provable business reason to do so. Please contact our Data Protection Officer if you would like further information on our Data Retention Policy.
Who do we share your personal information with?
Khan Thornton only shares your personal information with:
- Third-party suppliers, contractors and service providers for the purposes listed under the 'How do we use your information?' section above.
- Our regulators, government (e.g. HMRC) and law enforcement or fraud prevention agencies
- Third parties when we have your explicit consent in writing
We will not share your information with third parties for marketing purposes.
Fraud Prevention
Khan Thornton may check your details with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details will be passed along to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police, and we may check and/or file your details with fraud prevention agencies and databases.
Khan Thornton and other organisations may access and use this information to prevent fraud and money laundering and terrorist financing. Khan Thornton may also check the details of other parties relating to your contract, including verification of identity.
Keeping your data secure
All reasonable and necessary steps are taken to ensure your data is treated in accordance with this privacy policy. Khan Thornton has in place appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, contractors and other third parties who need to know. They will only process your information on our instructions, and they are subject to a duty of confidentiality.
Unfortunately sending information electronically is not completely secure. Anything you send is done so at your own risk.
There is also an inherent risk involved when sending personal information through the post. Anything you send is done so at your own risk.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. If you do not think that any part of our process is not secure, please contact our Data Protection Officer.
Transferring your data outside the EU
The data that we collect from you will largely not be transferred to or stored at a destination outside the European Economic Area. Some of our third-party suppliers may be located or store information outside the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.
The data that we collect from you will largely not be transferred to or stored at a destination outside the European Economic Area. Some of our third-party suppliers may be located or store information outside the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside of the EU, your information may be transferred outside the EU to give you those services.
Your rights
The new data protection regulations provide the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Individuals can make a request regarding their rights verbally or in writing. We have one month to respond to such a request.
This means that you have the right to be informed about the collection and use of your personal data and you have the right to access it. This is commonly referred to as subject access.
You have the right to make us correct any inaccurate information we hold about you or complete it if it is incomplete. This right has close links to the accuracy principle of the GDPR. You also have the right to make us erase any personal data we hold about you. This right will only apply where, for example:
- We no longer need to use the personal data to achieve the purpose we collected it for.
- You withdraw your consent if we're using your personal data based on that consent.
- Where you object to the way we use your data, and there is no overriding legitimate interest.
You have the right to restrict our processing of your personal information. This right will only apply where for example:
- You dispute the accuracy of the personal data we hold.
- You would like your data erased, but we require to hold it in order to stop its processing.
- You have the right to require us to erase the personal data but would prefer that our processing is restricted instead.
- Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for legal claims.
You have the right to obtain and obtain and reuse your personal data for your own purposes across different services. This right only applies to information you provided to us. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
You have the right to withdraw consent, where we're relying on it to use your personal data, for example, to provide you with marketing information about our services or products.
Solely automated individual decision-making, including profiling with legal or similarly significant effects is restricted under GDPR. Automated individual decision-making is a decision made by automated means without any human involvement. We do not use any form of automated decision making in our business.
If you wish to exercise any of these rights, please contact our Data Protection Officer. Contact details can be found in the Data Protection Officer section of this privacy policy.
More information on these rights can be found on the Information Commissioner's Office (ICO) website: www.ico.org.uk
Contacts and Complaints
If you have any questions regarding to this Privacy Policy, a complaint, or wish to exercise your Data Protection rights, please contact our Data Protection Officer at [email protected].
If you have any concerns with how we process your personal data or are not happy with the way we have handled a request made by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office (ICO).
Information Commissioner's OfficeWycliffe House
Water Lane
Wilmslow
Cheshire
England
SK9 5AF
Data Protection Officer
Khan Thornton Limited has appointed a Data Protection Officer to answer your queries regarding Data Protection and to monitor our compliance with data protection laws:
Tejas Somaiya
Khan Thornton Limited14-18 Heralds Way
South Woodham Ferrers
Chelmsford
Essex
CM3 5TQ
Visitors to our website
When you visit our website (khan-thornton.co.uk) we may collect standard information and details of visitor behaviour patterns. This information is only processed in a way that does not identify anyone.
Messages & Contact Forms
When visitors send messages through the site we collect the data shown in the comments form, and also the visitor's IP address and browser user agent string to help spam detection.
Cookies
By using or accessing Khan Thornton's website, you agree to Khan Thornton's use of Cookies as outlined below.
"Cookies" are text-only pieces of information that a website transfers to an individual's hard drive or other website-browsing equipment for record-keeping purposes. Cookies allow the site to remember important information that will make your use of the site more convenient. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a randomly generated unique number or other value.
Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave the site.
Persistent Cookies remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie). When we use session cookies to track the total number of visitors to our site, this is done on an anonymous aggregate basis (as cookies do not in themselves carry any personal data). We may also employ cookies so that we remember your computer when it is used to return to the site to help customize your Khan Thornton web experience. We may associate personal information with a cookie file in those instances.
How We Use Cookies
We use cookies, web beacons, and other storage technologies from our third-party partners, Google, for measurement services, better targeting ads, and for marketing purposes.
Managing cookies in your browser
Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. You can easily delete and manage any cookies that have been installed in the cookie folder of your browser by following the instructions provided by your particular browser manufacturer.
If your browser is not listed here, consult the documentation that your particular browser manufacturer provides. You may also consult your mobile device documentation for information on how to disable cookies on your mobile device. If you disable all cookies, you may not be able to take advantage of all the features of this site. Please note that if you have not cleared your cookies or cache, the contents of which may affect autofill functions on the Khan Thornton site and you are responsible for any such actions.
To opt out of the collection and use of information for ad targeting please feel free to exercise your rights by contacting our Data Protection Officer.
Khan Thornton uses the AdWords and Remarketing Lists features of Google Analytics for Display Advertisers. Khan Thornton and Google use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to our Site. This means that vendors including Google may display Khan Thornton promotional material on other sites you visit across the Internet.
You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager. To provide website visitors more choice on how their data is collected by Google Analytics, Google has developed an Opt-out Browser add-on, which is available by visiting Google Analytics Opt-out Browser Add-on, to enable you to opt-out of Google's programs. To opt out of the collection and use of information for ad targeting please feel free to exercise your rights by contacting contacting our Data Protection Officer.
The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. We are processing information for our legitimate interests.
Visitors to our office
When you visit our office, we ask all visitors to sign in and out at reception and show a form of ID if necessary. The ID is for verification purposes only; we do not record this information. A record is kept for a short period of time. This information is necessary for your safety in case of an emergency, so that we know you are in the building as well as for the security of our staff, visitor's and the firm's assets.
CCTV is used in our offices to maintain security. The images are stored securely and only accessed when necessary, such as investigating an incident.
The purpose for processing this information is for security and safety reasons. The legal basis we rely on is for the purpose of our legitimate interests.
Changes to our Privacy Policy
We keep our Privacy Policy under regular review. This version of the Privacy Policy was last updated August 2023.