Privacy policy.

INTRODUCTION

NKC Business & Taxation Consultants Limited (“NKC”, “we”, “us” or “our”) understands that your privacy is important to you and we are strongly committed to protecting your privacy.  

All defined terms used herein shall have the same meaning as the Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”) and the Data Protection Act 2018 (the “Act”), together the “applicable laws”.  Terms such as personal data, data controller and data processor shall likewise carry the same meaning as the applicable laws.

For all personal data in respect of which we determine the categories and means of collection, we are a data controller. 

This Privacy Policy (the “Privacy Policy)”, unless indicated otherwise applies to all our website, domains, products, applications and services, regardless of how you access or use them, including through mobile devices. We will use your information for the purposes described in this Privacy Policy or as otherwise stated when we ask you for information. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our site. If you do not accept and agree with this Privacy Policy, you must stop using our site immediately.

1. Types of Personal Data we collect

We may (but do not necessarily) collect, use, store and transfer different kinds of personal data about you depending on your use case, which we have grouped together as follows:

  • Identity Data which may include first / last names, any previous names, username or similar identifier, marital status, title, date of birth and gender.

  • Contact Data which may include billing address, delivery address, email address and telephone numbers.

  • Financial Data which may include salary, income, pension details, tax returns, liabilities, bank account and payment card details.

  • Transaction Data which may include details about payments to and from you and other details of services you have purchased from us.

  • Technical Data which may include internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.

  • Profile Data which may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

  • Usage Data which may include information about how you interact with and use our website and services.

  • Marketing and Communications Data which may include your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

2. How we process personal data

For clients:

  • If you become a client, your personal data will become part of your file with us. If you do not become a client, we will delete your personal data three months after your last contact with us. At registration and engagement, you will provide us with information about you in the context of your engagement with us and your use of our services. We use the information we have about you in the following ways and for the following purposes:

  • Performance of a contract with you and / or providing services to you, e.g. tax, accountancy, payroll, business advisory services or similar.

  • We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

  • We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

  • Maintaining and using relevant IT systems which we use to enable us to deliver the Services;

  • Communicating with you, including providing information about us and our range of services;

  • Quality and risk management reviews, undertaken either by our regulators or internally by us for compliance purposes;

  • Legal obligations such as to comply with any requirement of law, regulation, or professional body of which we are a member.

For people who contact us through our website:

  • Registration is not required for you to use our site. If you are merely a visitor, we do not collect any personal information about you, except to the limited extent through the use of cookies. However, we use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm.

  • As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

  • This website is not intended for use by children.  We understand the importance of protecting children’s information, especially in an online environment, and we do not knowingly collect or maintain information about children.

For people who sign up for any newsletter we may issue:

  • We use the contact information you have provided us to send you our newsletter and other updates. Our legal basis for this processing is the consent that you provided when you signed up. We always include an unsubscribe option in our marketing communications, so you can opt-out of receiving such communications at any time. We will retain your contact information until you unsubscribe or opt-out.

When submitting a curriculum vitae (CV):

  • You provide us with certain information when you send us your CV so that we can consider you for roles at NKC.

For people whose information we received from one of our clients:

  • If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of seven years because we believe we have a legal responsibility to retain it for this period.

For more general interactions not specifically covered above:

  • Your interactions with us: you may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise.

  • Third parties or publicly available sources: We may obtain or receive personal data about you from various third parties and public sources.

3. Whom we share data with

We share your personal data with various processors such as our IT service providers and our cloud data storage provider. A full list of our data processors / third parties with whom we share your data is available on request.  These providers are not permitted to use this data, except on our behalf. We may share your personal data with advisors who are subject to rules of confidentiality and data protection protocols. We may also be obliged to provide access to your personal data to regulators, including our professional body.

We may also process, retain and share information if we believe in good faith that it is reasonably necessary to protect the safety of any person, to address fraud, security or technical issues, to protect our rights or property, and/or to investigate or assist in preventing any violation or potential violation of the law or this Privacy Policy.

Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data as a client with third party sub-contractors and service providers including third parties outside the EU and the EEA.  In such circumstances, any such data transfers are governed by appropriate data export mechanisms in compliance with GDPR.  This includes appropriate and proportionate access controls and security measures by us and/or said sub-contractors/third parties.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not collect or compile information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.

4. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

5. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years as a general rule of thumb.  If you have a query about your specific personal data, please contact us.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. Automated decision-making and profiling

 We do not use any personal data for the purpose of automated decision-making or profiling.

7. Special Categories of Personal Data

The following special categories of personal data are considered sensitive and may receive special protection:

  • Racial or ethnic origin.

  • Political opinions.

  • Religious or philosophical beliefs.

  • Trade union membership.

  • Genetic data.

  • Biometric data.

  • Data concerning health.

  • Data concerning sex life or sexual orientation.

Data relating to criminal convictions and offences may also receive special protection under the laws of your jurisdiction.

We may collect and process the following special categories of personal data when you voluntarily provide them for the following legitimate business purposes, to carry out our obligations under employment law, for the performance of the employment contract, or as applicable law otherwise permits:

  • Physical or mental health information or disability status to comply with health and safety obligations in the workplace, to make appropriate workplace accommodations, as part of sickness absence monitoring, and to administer benefits.

  • Race or ethnic origin, religious affiliation, health information and sexual orientation to ensure meaningful equal opportunity monitoring and reporting.

Where we have a legitimate need to process special categories of personal data for purposes not identified above, we will only do so only after providing you with notice and, if required by law, obtaining your prior, express consent.

We will always treat special categories of personal data as confidential and we will only share such data internally where there is a specific and legitimate purpose for sharing the data. As set out below, we have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure.

We will only retain special categories of personal data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. We will typically apply the following retention periods:

1.         Health information: term of employment plus six years.

2.         Diversity information: term of employment plus six years.

3.         Criminal record information: term of employment plus six years.

4.         Contracts of employment: term of employment plus six years

5.         Payroll records: term of employment plus six years

6.         Working time records: three years from creation

7.         Employment permit records: five years or duration of employment, whichever is longer

8.         Accident reports and related documents: ten years post-incident

8. Your rights

 You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:

Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

Right to rectification– you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.

Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.

Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.

Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.

9. Conclusion

In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at info@nkc.ie or by post at The Directors, NKC Business and Taxation Consultants, Unit 9, 4075 Kingswood Road Citywest Business Campus, Dublin 24.

You also have the right to lodge a complaint with the Data Protection Commission, whose contact details are as follows:

Data Protection Commission

21 Fitzwilliam Square S,

Dublin 2,

D02 RD28

Ireland.

Telephone +353 (57) 868 4800

Website www.dataprotection.ie

Email info@dataprotection.ie