Privacy

Introduction

At Wyatt Morris Golland Ltd we are committed to protecting personal data and to fair and transparent processing. Please read our privacy statement: it will help you to understand how we collect and use personal data from individuals, our clients, suppliers or others during the course of our business. We will only use personal data for the purposes described in this privacy statement or as stated at the point of collection.

We regularly review this privacy statement and may make changes at any time without giving notice.

Who we are

Wyatt Morris Golland Ltd is a company registered in England & Wales, number 12914277, whose registered address is Park House 200 Drake Street Rochdale OL16 1PJ and whose main trading address is Park House 200 Drake Street Rochdale OL16 1PJ.

This privacy statement only applies to Wyatt Morris Golland Ltd. We are not responsible for the privacy practices of any other organisation our website may link to.

Our lawful basis for processing

We rely on several lawful basis of processing when we collect and use personal data to operate our business and provide products and services to our clients. These include:

• Public interests – where the processing of data is necessary for providing certain services to clients (eg statutory audit) or for certain requirements we are subject to.
• Legal obligations – in order to comply with the legal and regulatory obligations we are subject to as a provider of regulated services and as a commercial business.
• Contract – in order to perform contractual obligations we may have with an individual or to take steps to enter into a contract with an individual.
• Consent – where an individual has freely given consent at the time their personal data was provided to us.
• Legitimate interests – the legitimate interests can be ours, our clients or other third parties (eg to provide our services, to develop or protect our business, or to keep people informed about relevant products and services) and we always balance the rights of individuals with ours’ and others’ legitimate interests.

To find out more please see below for Client service activity & Suppliers.

How we keep data secure

Security is of the upmost importance to us. Whilst no data transmission over the internet or any other network can be guaranteed as 100% secure, we take all reasonable steps to safeguard the personal data we hold and we have in place appropriate technical and organisational measures. These include policies, procedures and training of our people relating to data protection, confidentiality and information security. These are regularly reviewed to ensure they are effective and fit for purpose.

Who we share data with

We only share personal data with others when absolutely necessary for the purposes for which we hold it and where appropriate contractual arrangements and security mechanisms are in place.

We may pass your personal data to:

• Other professional firms where needed to provide services to our clients and for administrative purposes
• suppliers that support us and help provide services to our clients, such as providers of cloud-based software, IT systems, security, archiving storage, recruitment, marketing and payment services
• professional advisors, auditors or insurers, where we are required by law or as reasonably required in the management of our business
• law enforcement or other government and regulatory agencies or to other third parties, where we are required by law, the courts or any legal or regulatory authority we are subject to. We will only provide personal data in these circumstances where permitted or there is a legal requirement.

We store personal data on servers within the European Economic Area (EEA). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.

How long do we keep personal data?

We keep personal data only for as long as necessary and this will reflect the requirements of:

• the activity or service for which it is being processed
• any legal, regulatory or contractual requirements
• the time in which any litigation or investigations might arise from providing a service.

Individuals’ rights

Individuals have certain rights over their personal data that we process as data controllers.

If we process your personal data and you exercise any of your rights we will aim to respond promptly and within any required time limit. However, please note that the length of time it will take us to respond will be dependent on the nature and extent of your request.

You have a right to:

• access – you can ask us for a copy of the personal data that we hold on you
• rectification – if you become aware of any errors or inaccuracies concerning your personal data, please let us know either by updating your details on the website or applications you are registered with or contacting us
• withdraw consent – where we process personal data based on consent, you have a right to withdraw consent at any time. To stop receiving direct marketing emails from us, please click on the unsubscribe link in the relevant email or update your preferences. For any other withdrawals of consent please contact us
• erasure/deletion – you can ask us to erase or delete your personal data when we no longer need it for the purposes it was obtained
• data portability – you can ask for your personal data to be sent to you or to another organisation
• review automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed
• restrict or object to our processing – you can ask to restrict or object to our processing of your personal data (eg removal from a marketing subscription list).

If you wish to exercise any of your rights, please contact us.

Who to contact

If you have any questions about this privacy statement, wish to complain about our use of personal data or exercise one of your rights, please send your correspondence to our Contact for data enquiries:

Data Enquires
Wyatt Morris Golland Ltd
Park House
200 Drake Street
Rochdale
OL16 1PJ

Email: info@e-wmg.co.uk

You also have the right to report concerns or make complaints to the Information Commissioner’s Office (ICO). For more information on your rights and how to contact the ICO, please refer to their website.

Client service activity

Corporate and Business clients (and individuals associated with them)

We only ask our clients to share personal data with us where it is necessary in order to provide our services or other agreed purposes. We rely on our clients providing any necessary information to the individuals whose data is shared with us regarding its use.

In providing a range of services to our clients, we may need to process many categories of personal data about individuals associated with them (such as employees, directors, senior management, trustees, members and their beneficiaries, professional advisors, suppliers), which could include personal identification and contact details, employment related information or financial data.

Generally, for our services we do not expect our corporate and business clients to share special categories of personal data (defined as race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sex life or sexual orientation) and criminal records. Where this is the case we rely on our clients having gained the explicit consent of individuals, it being a legal obligation or other lawful basis.

Typically, we will collect personal data directly from our clients or from third parties acting on their instructions (eg their suppliers, professional advisors or former service providers).

We use such personal data collected for the following purposes:

• Providing professional services: we offer many different services to our clients (see dropdown list at the top of this page) and many of these services require us to process personal data in order to give advice and deliver reports to our clients.
• Managing our business: in order to run our business effectively we may need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
• Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do personal data may be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this may involve processing personal data held on the relevant client file. As a part of our client take-on procedures we will process personal data obtained from publicly available sources (eg sanctions lists, criminal convictions databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from working with a client or providing a particular service.
• Providing information about our services: we may use business contact details to provide information about us, our services and activities, including events that may be of interest.
• Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that may require us to keep records which may contain personal data.

Personal clients

We only ask our clients to share personal data with us where it is necessary in order to provide our services or other agreed purposes. We rely on our clients providing the necessary information to the other affected individuals regarding its use (eg family members).

In providing a range of services to personal clients, we process many categories of personal data as appropriate for the type of service including personal identification and contact details, business activities, family information and financial data (eg income, taxation, financial interests and investments).

When required by law or with an individuals’ explicit consent for certain services we may need to process special categories of personal data (defined as race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sex life or sexual orientation) and criminal records.

Typically, we will collect personal data directly from our clients or from third parties acting on their instructions (eg their professional advisors or former service providers).

We use such personal data collected for the following purposes:

• Providing professional services: we offer many different services to our clients (see dropdown list at the top of this page) and many of these services require us to process personal data in order to give advice and deliver reports to our clients.
• Managing our business: in order to run our business effectively we may need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
• Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do personal data may be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this may involve processing personal data held on the relevant client file. As a part of our client take-on procedures we will process personal data obtained from publicly available sources (eg sanctions lists, criminal convictions databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from working with a client or providing a particular service.
• Providing information about our services: we may use contact details to provide information about us, our services and activities, including events that may be of interest.
• Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that may require us to keep records which may contain personal data.

Suppliers

Suppliers (and individuals associated with our suppliers)

We only process personal data about our suppliers (this includes subcontractors and any individuals associated with them) where it is necessary for us to receive goods and services, contract, manage our relationship and help provide services to our clients (where relevant).

Typically, we will collect personal data directly from our suppliers but sometimes from third parties as a part of due diligence.

We use personal data in these circumstances for the following purposes:

• Providing professional services: where a supplier helps us to deliver services to our clients, we process the personal data of its people involved to help manage our relationship and to deliver those services to our clients.
• Managing our business: in order to run our business effectively we may need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
• Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do personal data may be processed (eg automated scanning of emails to identify threats). We monitor the services we provide to our clients for quality purposes this may involve processing personal data held on the relevant client file. As a part of our client take-on procedures we will process personal data obtained from publicly available sources (eg sanctions lists, criminal convictions databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from working with a client or providing a particular service.
• Providing information about our services: we may use business contact details to provide information about us, our services and activities, including events that may be of interest.
• Complying with legal, regulatory or professional obligations: as a regulated business, we are subject to various legal, regulatory and professional obligations that may require us to keep records which may contain personal data.