LCS Bookkeeping and Payroll Services Privacy Policy
This notice has been sent to existing clients and future clients.

GPDR Data Controller Privacy Notice 18.06.20
Complying with the GDPR law will safeguard my clients, and myself from the catastrophic damage that could damage a business/person from a data breach.

Lawfulness, fairness and transparency
I have conducted an information audit to map data flows.

(1) Contact Data - Clients make contact in writing/telephone and an engagement letter including a Client Details Form are sent, for the client to read and sign and complete, along with a face to face meeting or a Skype/equivalent conversation. I make a folder for each client, storing their information within my home. The returned Letter of Engagement/Client details form is stored in the client folder.

(2) Identity Data - I request photo Identification from the client and proof of residency, and if a Limited Company, a copy of their Incorporation Certificate and proof of residency if different to the registered address. If more than one Director/Partner, I obtain ID/Proof of residency from all. If sent to me via email, I print out and delete, and hard copy is stored in client folder.

(3) Identity Data - New Client is Risk Assessed according to Money Laundering Laws using the AMLCC software. I set up a client account, and it runs through a risk assessment process. Client details such as Name and Address are held here, and there is a tick box list with questions such as the duties that I carry out, do I hold client money? does the client have dealings with foreign countries? or do I have full details of client’s trading address? Have I seen ID? The software will then calculate if the client is high risk/low risk. If I have any concerns in relation to the identity of a client, I can carry out a Verification of Residency, electronically. Any reports produced from the above are saved on the AMLCC software, and I also print them out and store in client file. I am reminded annually to reassess, or amend records with changes to client address etc. If there was a negative result in the above, I would have to consider my engagement with the client. The electronic searches have no affect on client’s own financial searches with companies such as Experian. Clients can request copies of information held about them.

(4) Client’s signing my letter of engagement gives their permission for me to store and process their data lawfully, following this policy.

(5) Financial Data - Clients are given the option to prepare their own Returns or authorise myself to act as their HMRC Agent. Information is sent to me using New Client Form, (in writing or emailed) which may contain personal information eg National Insurance number, Tax UTR Reference, and contact details. This information is only given at the Client’s consent, with the purpose of doing the job required. If acting as their Agent, client permission is granted, which goes through the secure HMRC system, via code generation.

(6) Transaction Data - Clients send paperwork to me on a regular or annual basis via email, receipt apps, Dropbox or in paper form.

(7) Required works are carried out, and paperwork is returned if works have completed, or are held until the year end.

(8) Communication Data - The data held by myself is legitimately collected for the job intended and is used only to complete the job. I handle client’s personal data in ways they would reasonably expect, and data is not used for anything unlawful.

Storage
Client Data is to be stored using Cloud software or Cloud Storage.
Prior to using new software, the Provider’s own Privacy Statement will be viewed, and will be checked that they are GPDR compliant.
I will not use software/apps which are not compliant
My email account is on a Cloud Server, and emails not containing valuable information are deleted, and any personal information is printed out and delated. Any emailed Passports/Driving licences are deleted after printing. It is business only and does not have any subscriptions to anything other than HMRC updates, IAB licence updates etc..
Tax Returns are sent via HMRC software and Tax Filer, so data will be saved in Tax Filer.
Data flows out of my business via email, in person, or remains in storage of the above.
Any spreadsheet data is stored on my laptop via the cloud.
Client work is backed up to USB Stick, stored in lockable cabinet.

Areas which have been implemented following audit

My Work Laptop
Laptop is used for work only.
I have purchased an improved virus checker / scanner/ fire wall, encryption and pin. Software Passwords are going to be changed fortnightly. Payslips will have a double password system.
My laptop is used within my home. I occasionally work in the local café, but it is usually admin/marketing/spreadsheet work, using their wi-fi. No client paperwork is taken with me.
I log out of all accounts after use.

Mobile Phone
My mobile phone has AVG protection, encryption, fire wall and scanner.

Types of Documents I might need/use/store in order to complete the job required
This list is always changing, but examples are as follows; invoices, receipts, paying in books, cheque books, bank statements.

Email
To date, I store documents within sub-folders. Clients often send over copies of purchases made, and I will print out and delete, although I have asked advice about this, and as long no client bank details are on the invoices, they are ok. For added security, you can also use Drop Box, 1tap etc..

Storage of paper documents
If an annual client, all paper documents are returned when the job is complete.
If a monthly client, paperwork is either returned at year end, or when next lot of work is collected.
Paperwork and folders are stored upstairs in my house.
When working on a client’s accounts, I have a workstation downstairs. Work is put away at the end of each day, and unwanted paperwork is shredded. Visitors respect that I am working during the day, so do not call in unexpectedly.
I am now limiting client meetings at my house except for dropping off work. I can meet in a local café or at client’s premises/home or can Skype/Facetime. In the event of an unexpected call in, I will make sure work is covered, or client is in a different room to the work.

Sub-Contracting/taking on Assistance
In the possible event of busy periods where I required assistance, or in the event of sickness preventing me from working, I will always ask the client’s permission prior to sub-contracting work and take the client’s opinion of this extremely seriously. I would have to make sure that a sub-contractor follows the same AMLCC regulations, is GPDR compliant, and work would be checked by myself. In the event of taking on assistance, I would have to train staff to follow these standards.
In the event of my being too ill to work or death, my husband Paul Shakesheff will contact you personally and there will be an option to pick up work to date, or work to be sent to an alternative Bookkeeper who has signed my continuity of practice policy. It would be optional to pass your details to her to continue the works.

Disengagement
If you no longer wish to use LCS Bookkeeping and Admin Services, please contact me in writing. I will send out an official letter and will return any physical paperwork which I hold.
I will print out any accounts/returns/letters to go into storage for 6 years, and close down / archive any online accounts, cancel any software subscription, or archive your account on the AMLCC software.

Lawful Bases for Processing Personal Data
Special Offers/Information/Updates
Over time I might some great software offers, or I will want to update you on any courses I have completed, or communicate how the business is growing/changing.. This now requires your signed consent, so in future, I won’t send any you anything personally. Instead I will regularly update you on;
https://www.facebook.com/groups/lcsbookkeeping/
https://www.linkedin.com/in/lorna-shakesheff-fiab-940865158/
I also have an Instagram Account lcsbookkeepingledbury
I will be setting up a website soon, and will put links on the above
From work/advisory point of view, if a client wishes to talk about the above, they can approach me. I have decided, that instead of seeking permission to use client data other than for the job intended, all marketing will be posted to the public, not individually.

Closer to year/month end, I will send reminders of deadlines to clients, or a list of what paperwork I need, which relates to getting the job done.

Confidentiality
All data held by LCS Bookkeeping and Admin Services will never be disclosed to a third party.
I will not disclose my client’s name, or financial details to any other person.
In the event of sub-contacting, full details will be given to the client and client permission will be granted prior.
In the event that Limited Accounts need to be finalised by an Accountant, I will obtain your permission prior to contacting the Accountant, and copy you in on all communications.
In the event I request advice from an Accountant, I do not disclose any names or addresses of the client, I speak hypothetically.
When preparing accounts/tax returns, I might have to share your personal data with HM Revenue and Customs (If I am acting as an Agent with your prior consent), and any accounting software providers, but the Accounting Providers will only be used if GPDR compliant.

Other Info
New Clients will receive this notice in addition to their Letter of Engagement.
My business is registered with the Information Commissioner’s Office, paying an annual registration fee and abiding by their regulations.

Client Accessing Data Procedure
Please apply in writing to Mrs Lorna Shakesheff, LCS Bookkeeping and Admin Services, 6 Poplar Close, Ledbury, Herefordshire, HR8 2GH.
I will respond promptly to your request and send everything to the client, by post, within 40 days.
If you have disengaged from my services, data can be accessed up to 6 years following disengagement.

--

I have read the Privacy Policy understand and agree with everything, and give my consent to paperwork and data to be collected, stored and processed by LCS Bookkeeping and Admin Services.