Home / Privacy Policy

Privacy Policy

How we use personal information about you

Amex Associates Ltd takes the protection of personal data extremely seriously and we always strive to ensure that, at all times, it is protected with appropriate procedural, organisational and technical measures, and that data is only collected and used for appropriate and legitimate purposes.

Amex Associates Ltd will only use your personal information to provide the services previously agreed with you in the Letter of Engagement and any supporting Schedules.  We will only use this information in accordance with your instructions and current data protection regulations.

We may receive personal information from you that falls into the category of sensitive personal data, required in order to complete money laundering checks.  This information will only be used for the purpose of preventing money laundering and terrorist financing, by any express consent from you, or as otherwise required by law.

What personal data we may collect about you

Amex Associates Ltd is bound by the requirements of the General Data Protection Regulation (GDPR).  As a client of Amex Associates Ltd, we may need to ask for personal information about you, your family, partners, associates and employees.  Depending on the services agreed to in the Letter of Engagement, this data may include:

  • Personal information including addresses, contact details, date of birth, marital status, national insurance numbers and tax references
  • Any sensitive personal details required to satisfy money laundering requirements
  • Accounting information
  • Payroll information
  • Pension details

How will this data be processed?

Personal information is only processed by Amex Associates Ltd in accordance with the services previously agreed in the Letter of Engagement and supporting Schedules with you. For example, this might include but may not be limited to:

  • Bookkeeping
  • Tax returns
  • Accounts preparation
  • Payroll
  • Pensions
  • Workplace benefits (P11D)

Please note that we may also process some of this personal information for the following purposes:

  • Updating our client records system
  • Analysis for management purposes
  • Statutory returns
  • Legal and regulatory compliance
  • Crime prevention

How long we keep your data for

We will typically hold your personal information for 7 years after the closure of your account in line with regulatory data retention requirements. Data may be retained longer than 7 years if required for legal purposes, for an on-going litigation (litigation hold), or where explicitly requested by you.

Sharing and transmitting personal data

Amex Associates Ltd will NEVER sell, rent, share or disseminate any of the controller’s data to any third party, except where necessary in order to provide the services agreed in the Letter of Engagement.

Your personal data may be transferred to appropriate third parties as follows:

  • HMRC for the purpose of complying with statutory requirements, e.g. filing tax returns, VAT returns, CIS returns and real-time reporting
  • Companies House for the purpose of statutory company reporting
  • Your payroll pension provider
  • To and from any of your cloud based systems such as accounting and invoicing platforms
  • Mortgage companies and landlord reference check agencies but only with your consent
  • Any other accountancy practice but only with your written consent

We may occasionally need to transfer your personal data to one of our software providers, where the data has become damaged and needs to be repaired. In these circumstances we will always request permission from you and ensure that the data is transferred in a secure and encrypted form.

How we communicate with you

Amex Associates Ltd may contact you using telephone numbers, email addresses or addresses ‘volunteered’ by you as part an initial communication with Amex Associates Ltd, or provided when agreeing services in the Letter of Engagement.

We may occasionally send text messages to your mobile phone number, but this will only be in relation to services agreed with you. These texts will never contain your personal details and will never be used for marketing purposes.

We will only send text messages to your mobile if you specifically agree to receive them.

We may also occasionally use your personal information to send you relevant information about third parties that we think you may be interested in. For example, we may send details about tax investigation insurance policies. However we will never send your details to these third parties without your express permission.

We will only send you these types of communications if you specifically agree to receive them.

Security of Data

Amex Associates Ltd is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place various physical, electronic and managerial procedures to safeguard and secure the information.

Right of access to data about you

GDPR gives you the legal right to access personal data about you that is held by Amex Associates Ltd.  It allows you to check the lawfulness of any data processing, to ask for incorrect data to be changed, and for data about you to be erased (within any legal or regulatory constraints).

To get a copy of this data, please make a Subject Access Request (SAR) to the data protection officer at Amex Associates Ltd.  Amex Associates Ltd will make a copy of the data available as quickly as possible, and this will be within one month of receipt of the SAR.

Subject Access Requests should be made in writing to:

Amex Associates Ltd,
85B Headstone Road,
Harrow, Middlesex,
HA1 1PG

The Amex Associates Ltd Website

Amex Associates Ltd do not collect or process any personal data from the website.  We do not monitor IP addresses from your computer, nor do we perform any form of analysis on visits.  The website does include some cookies but these are solely for the basic operation of the site. No monitoring, tracking or data collection is performed by the cookies.

Amex Associates Ltd do use some social networking sites. However, no personal information that is ‘volunteered’ by visitors, by liking and sharing content, is collected, used or analysed by Amex Associates Ltd.

Changes to our privacy policy

We regularly review this GDPR privacy policy.  Any changes will be applied to the GDPR section on our website, with ‘material’ changes being communicated directly to you at our next opportunity.

How to contact us

Please contact us if you have any questions about this privacy policy or about any of the information we hold about you:

By email to:
info@amexassociates.co.uk

By post to:
Amex Associates Ltd
85B Headstone Road,
Harrow, Middlesex,
HA1 1PG

 

Glossary of Terms

Personal Data

Personal data refers to any information that could identify an individual, or when combined with other accessible data, could make that person identifiable. This may include (but is not limited to):

  • Names and contact information, for example emails, addresses and telephone numbers
  • National Insurance Numbers
  • Employment history
  • Employee numbers
  • Credit History
  • Personal tax
  • Payroll and accounting data

Sensitive Personal Data

Sensitive personal data may include:

  • Convictions
  • Biometric data such as the photo in an electronic passport

Data Controller

For the General Data Protection Regulation (GDPR), the term ‘data controller’ refers to the person or organisation that determines what data is required and controls how this personal data is processed.

In this instance, the data controller is Amex Associates Ltd, 8 Blue Barns Business Park, Old Ipswich Road, Ardleigh, Colchester. CO7 7FX. The data protection officer is Bilal Alvi, Managing Director who can be contacted on info@amexassociates.co.uk or by calling 01206 273908.

Data Processor

For GDPR, the term ‘data processor’ refers to a person or organisation which processes personal data for the data controller. In the case of Amex Associates Ltd, this is likely to include HMRC, Companies House and pension providers.

Data Processing

Data processing is any operation performed upon personal data both manually and via an automated system. Example may include: collecting, recording, transmitting, storing, altering, using, disclosing, disseminating, erasing and destruction

Subject Access Request (SAR)

A subject access request is your legal right to request a copy of information about you held by the data controller. You can also ask the data controller, and through them, the data processor, to change personal information, where it is incorrect, or for the data to be erased (but this is within the constraints of any legal or regulatory requirements to retain the said data).

Website Terms

  • Cookies – Cookies are text files that a website may place on your computer to help it track and log activity (also see www.aboutcookies.org).  Most browsers allow you to disable cookies but this might impact the behaviour of a website.
  • Analytics – Some websites use analytics to store information about visitors accessing the web. For example, Google Analytics is one of these third-party providers, and they will collect information about you, the pages you visit, how long for, and so on.
  • IP Addresses – An IP address is a unique numerical address that can identify your computer or connection on the Internet.
Top