Privacy Policy

CAS Ltd in acting as a data controller / processor is committed to protecting and respecting your privacy. We value the trust you place in us by providing the personal information we need to provision our services.

The statement below details when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Personal information is any information that can be used to identify you, or that which we can link to you.

We may change this policy from time to time to reflect updated regulations, so please check this page regularly. By using our services, you are agreeing to abide by this policy.

Who are we

CAS Ltd is a Corporate Accountancy company which specialises in working with organisations to realise their strategic and financial goals and to be the business they could be.

We are a company limited by shares (No03788043). Our registered address is Georges Court, Chestergate, Macclesfield SK11 6DP.

What information do we collect and why?

The personal information we collect you provide voluntarily. We process this personal information to allow us to enter into an agreement to provide you with our services.

A summary of the information we collect and why is listed below.

In providing you with our services we may collect:

Personal details such as – Your name, address, phone numbers, email address, date of birth, passport details, driving licence details, utility bill, credit history.

Personal tax details – NI Number and Unique Tax reference.

Your business details – Business name, address, phone number, email address

Your financial details – Banking information.

CCTV images

Why do we collect this information?

In order to provide you with quotes for our services, we need your contact information such as name, address, phone number and email to engage in correspondence.

We will also correspond with you to tell you about changes to our services and products.

Prior to providing you with our services, we have a legal obligation to undertake a know your customer check. During this check we are required to confirm your identity. To achieve this, we process items which contain personal data such as name, address, date of birth, passport details, driving license details and utility bill details.

In the course of providing our clients with day to day accountancy and financial services we also make use of tax, financial and banking information such as NI number, unique tax reference number and banking transactions / details.

We do collect some personal information automatically from you when you visit our website using cookies and google analytics. Please refer to our cookie policy for further details. In using this technology, we may therefore collect details about the type of device you use to access our website, its operating system and version, your IP address, your general geographic location, your browser and the webpages / content you view.

We work with third party organisations to perform anti money laundering and credit checks on our clients. We will always ask your permission before undertaking these checks and any data we obtain from these sources will be protected in line with the GDPR. These services may use automatic decision making.

Our office entrances and car park are monitored by CCTV cameras which record continuously. We also use CCTV cameras within the building.

If an incident requires specific recordings to be retained for use as evidence of an incident or to assist with an investigation, such recordings will be retained until they are no longer required for the investigation.

If the investigation becomes a legal matter, recordings may be submitted as evidence and retained as part of the collateral for that case by the justice system.

We will endeavour to keep your information accurate, up to date and not keep it for longer than is necessary.

Will CAS Ltd share my personal data with anyone else?

We may pass your personal data to third-party service providers contracted to CAS Ltd. This is strictly for the purposes of providing services to you or improving them.

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide to you on our behalf.

We have contracts in place with our suppliers which detail the services that are to be provided and any additional sub-processors they may use to deliver these services.

If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

If you have any questions regarding the details of third parties we use, please contact dataprotection@caslimited.com

Transferring your data outside the EU

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) to third-party suppliers. We will take reasonable steps to ensure your data is held securely and in accordance with this privacy policy.

We’ll only transfer your data to a recipient outside the EEA where we’re permitted to do so by law.

The legal bases for using your personal information

There are different legal bases that we rely on to use your personal information, these are:

  • Performance of a contract to clients to provide accountancy and financial services – We undertake processing necessary to meet our contractual obligations to clients as the lawful basis for processing personal data.

  • Legal Obligation – We undertake processing necessary to meet our legal obligations as a data controller as the lawful basis for processing your personal data. In particular our obligations to HMRC and Know Your Customer.

  • Consent – We may contact you to invite you to upcoming CAS events where you’ve provided your consent for us to do so.

How long do we hold your data for?

CAS Ltd will only hold your personal information for as long as is necessary to provide you with our services. We also retain data so as to meet our legal obligations to regulatory bodies such as HMRC. As such should you use our services we will retain your personal data for 7 years unless there is a legitimate or legal obligation to retain for longer.

All personal data we hold is subject to this privacy notice and our internal data retention policy. If you have a question about a specific retention period for certain types of personal information we process about you, please send an email to dataprotection@caslimited.com

Security

CAS Ltd is committed to protecting the personal information you entrust to us.

While we take reasonable precautions to guard the personal information we collect, no system is impenetrable.

Unfortunately, sending information via e-mail is not completely secure; anything you send is done so at your own risk. Once received, we will secure your information in accordance with our security procedures and controls.

CAS Ltd takes measures to prevent information about you being subject to loss, theft, misuse, unauthorised access, disclosure, alteration and destruction. For example, we store the personal data you provide to us on computer systems that have limited access and are located in controlled facilities.

We also ensure that our third-party suppliers provide adequate security measures.

Your rights

CAS Ltd wants you to be in control of how your personal data is used by us, you can do this by exercising the rights granted to you under the GDPR.

  • Right of access – you have the right to request a copy of the information that we hold about you.

  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. We rely on you to ensure that your personal information is complete, accurate and up to date. Please inform us promptly of any changes to or inaccuracies in your personal information by contacting dataprotection@caslimited.com

  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.

  • Right of portability – you have the right to have the data we hold about you transferred to another organisation. Please address such requests to dataprotection@caslimited.com and we will be happy to work with you to provide this information in a machine-readable format.

  • Right to object – you have the right to object to certain types of processing such as direct marketing.

  • Right to object to automated processing – including profiling.

  • Right to judicial review – in the event that CAS Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

CAS Ltd wishes to be as open as it can be in terms of giving people access to their personal data. Individuals can find out if we hold any personal information by making a ‘subject access request’ in doing so, you can request the following information:

  • The purpose of the processing we undertake as well as the legal basis for doing so.

  • The categories of personal data collected, stored and processed.

  • Recipient(s) that the data will be disclosed to.

  • If we intend to transfer the personal data to a third party or international organisation, information about how we ensure this is done securely and in line with GDPR requirements.

  • How long the data we hold on you will be stored.

  • Details of your rights to correct, erase, restrict or object to such processing.

  • Information about your right to withdraw consent at any time (if applicable).

  • How to lodge a complaint with the supervisory authority.

  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

  • The source of personal data if it wasn’t collected directly from you.

  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

What forms of ID will I need to provide in order to access this?

CAS Ltd accepts the following forms of ID when information on your personal data is requested:

Passport or Driving Licence

How do I make a Subject Access Request?

Please send an email to dataprotection@caslimited.com and our team will provide you with a subject access request form and facilitate the request. We will respond to your request as soon as possible and within 30 days of your request being formally submitted.

Should you have a complaint

CAS Ltd is committed to working with you to reach a fair resolution of any complaint or concern you may have about our use of your personal information. Please contact us in the first instance to discuss your concerns.

If you believe that we have not been able to assist with your complaint, you may have the right to file a complaint with the Information Commission.

The details for each of these contacts are:

CAS Ltd complaints contact details

Information Commission contact details

Contact Name:

John Kearney

Information Commissioners Office

Address line 1:

CAS Ltd Georges Court,

Wycliffe House, Water Lane

Address line 2:

Chestergate, Macclesfield

Wilmslow Cheshire

Address line 3:

SK11 6DP

SK9 5AF

Email:

dataprotection@caslimited.com

Use of ‘cookies’

Like many other websites, the CAS Ltd website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. This helps us to improve our website and deliver a better more personalised service. We may therefore collect details about the type of device you use to access our website, its operating system and version, your IP address, your general geographic location, your browser and the webpages / content you view.

It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website. Please refer to the following guides below if you wish to disable cookies.

http://www.allaboutcookies.org/manage-cookies/

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

Review of this Policy

We keep this Policy under regular review so please check often for changes. This Policy was last updated in May 2018.

Document owner and approver

The GDPR owner is responsible for ensuring that this policy is reviewed annually.

Telephone: 01625 613893