Our policy is to collect only the personal data to provide professional services such as tax advice, general or specific business advice as part of the range of services we offer. We also process personal data in the administration and management of our business.
Your business contact details are used to provide you with information about our services and other information which we think will be of interest to you, unless you tell us not to.
We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
Personal data processed is kept by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our retention policy period for records and other documentary evidence created in the provision of services is 7 years.
We take the security of your data we hold seriously. We have a policy, including procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect your data. We use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our clients are located. This includes countries outside the European Union (“EU”).
Under the DPA (2018) and GDPR, individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.
William Duncan (Business Recovery) Ltd
We confirm that we will comply with the provisions of the UK GDPR when processing personal data in relation to the administration of an insolvent estate, and that we have appropriate security measures in place.
Our Insolvency Practitioners are the data controllers only for the personal data that they are required to collect and process in order to meet their legal/regulatory obligations. For the processing of all other personal data the estate in administration will remain the data controller. In order to administer the insolvent estate we may have access to personal data and we will process, use and disclose personal data about you as is necessary to comply with the statutory requirements of the formal insolvency appointment, in accordance with the relevant insolvency legislation and associated guidance. Any personal data we hold on you will be stored securely on our systems for a period of time defined by our internal data retention policies.
Your personal data may be processed by third parties for the purposes of secure document storage and disposal. We take steps to ensure that these organisations are also looking after your data securely.
In relation to these organisations, we have in place a written contract which only permits them to use your data for specified purposes and in accordance with our instructions. The contract also requires that the organisation has in place appropriate security measures in relation to your personal data which are in line with our policies.
You have a right to apply for a copy of your information, to have any inaccuracies corrected and restrict processing of it. You have a right to have your personal data erased, subject to legal and regulatory compliance and crime prevention. You have a right to data portability, obtaining a copy of your data in a commonly used machine readable format where technically possible. You have the right to complain about the processing of your personal data and in the first instance please send any concerns you have to our Data Protection Officer Robert Fergusson. If you are still unsatisfied you have the right to complain to the Information Commissioner’s Office. Contact details can be found at www.ico.org.uk
Access to Data
You have a right to access your personal data held by us and you can exercise that right by contacting us via our website. https://williamduncan.co.uk/contact/
Our aim is to respond a request promptly and within the legally required limit of 30 days.
Update of Personal Data
If you wish to update personal data submitted to us, please contact us through our website contact form https://williamduncan.co.uk/contact/
Once we are informed that any personal data held by us is no longer accurate we will make changes based on your updated information.
Withdrawal of Consent
Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us below.
This statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights in relation to the personal data we hold, such as right to erasure/deletion to restrict or object to our processing of personal data and the right to data portability. For further information on these rights please contact us below.
If you do want to complain about our use of your personal data, please contact us below with the details of your complaint. You also have the right to register a complaint with the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO please refer to their website.
“The Partners of the firm are the Directors of William Duncan + Co Ltd and as such are subject to the obligations and responsibilities of directors within Part 10 of the Companies Act 2006. Client Directors of the firm are not statutory directors of William Duncan + Co Ltd, and are not subject to the obligations and responsibilities of directors within Part 10 of the Companies Act 2006.”