Privacy Policy

​

​

Introduction
We are committed to respecting the privacy and confidentiality of personal data and complying with data protection legislation. When we process personal data we do so in compliance with the Data Protection Act 2018 and the UK GDPR. 

This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may process personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

​

About us
Barford Owen Davies Limited is registered in England and Wales with company number: 10477924. 
Its registered office is: Sophia House, 28 Cathedral Road, Cardiff, Wales, CF11 9LJ.

​

How to contact us - Data Protection Officer
If you wish to discuss any data protection matter please contact us: info@barfordowendavies.co.uk 

​

Our Role
Our role as a controller or a processor depends upon the nature of our engagement with you. If you are a customer this will be defined in your letter of engagement and associated schedules and Terms of Business which form our contract with you. But generally:
•    Where we decide the purpose and means of processing, we are a controller.
•    Where we jointly decide the purpose and means of processing with you, we are a joint controller.
•    Where we process personal data according to your explicit written instructions, in a contract that satisfies Article 28 of the GDPR, we are a processor.

​

How we obtain personal data
Personal data is any information relating to an identified or identifiable living person. We only collect such personal data that is necessary for us to perform our services and we ask customers only to share such personal data as required for that purpose. Where we identify that a customer has provided us with unnecessary personal data, we either return that information to its source or destroy it, considering the customer’s preference wherever possible.

​

Personal data that you provide to us by:
•    Filling in forms on our website, www.barfordowendavies.co.uk;
•    Corresponding with us by telephone;
•    Corresponding with us by email;
•    Corresponding with us by letter;
•    Personal messaging services such as WhatsApp®, Facebook Messenger® and SMS;

​

Personal data that we collect from publicly available sources:
•    From credit reference agencies and other company information providers;
•    From national business administration authorities, such as Companies House in the UK;
•    From social media such as LinkedIn®;
•    From our own research activities such as reviewing websites.

​

Personal data that we receive from referrals:
•    We may receive unsolicited personal data in the form of a business-to-business referrals. We will seek consent before processing such personal data any further;
•    We may receive personal data submitted as a referral from one of our own employees. We will seek consent before processing such personal data any further.

​

The personal data that we process about you
If you are a prospective customer, we process the following:
•    First name;
•    Last name;
•    Job title;
•    Company name;
•    Web site address;
•    Email address;
•    Telephone number;
•    Banking details (if relevant to the service)
•    Tax filing details (if relevant to the service)
•    Any further personal data that you choose to provide in your initial enquiry;
•    Any further personal data that you choose to provide during subsequent discussions whether by phone, email or letter.

 

If you are a personal or sole trader customer, we may process the following:
•    Your name, home address and date of birth;
•    Name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties;
•    Employment status;
•    Financial details such as salary, other income and investments, tax status and debt level.

​

If you are a business customer, we also process the following:
•    Company name and registration number;
•    Business type and industry sector;
•    Name, business address, job title, email address and telephone number(s) of all employees who may engage directly with us;
•    For officers of the company, beneficial owners and persons of significant control:
•    Contact details (name, home address);
•    Date of birth;
•    PEP (Politically Exposed Persons) status;
•    SIP (Special Interest Person) status.

​

If we are providing payroll services or tax return services for your employees, we will process the following personal data concerning your employees:
•    Contact details (name and address);
•    Unique identification number such as National Insurance (NI) number, unique Taxpayer Reference (UTR) or social security number;
•    Salary, tax and deduction information.

​

If you are a supplier, we process the following:
•    Company name and registration number;
•    Business type and industry sector;
•    Company address(es);
•    Company telephone number(s);
•    Name, address, job title, email address and telephone number(s) of all employees who may engage directly with us.

 

If you contact us concerning employment whether by letter, email, LinkedInTM or via our careers pages you may provide:
•    Your Curriculum Vitae (CV) containing personal data;
•    Further personal data in a covering letter.

 

If a recruitment agency contacts us concerning employment whether by letter, email or via our careers pages they may provide:
•    Your Curriculum Vitae (CV) containing personal data;
•    Further personal data in a covering letter.

 

If you visit our website, we collect information about your computer:
•    IP address (where available);
•    Geographic location (if you allow this when prompted by your browser);
•    Operating system;
•    Browser type;
•    To enable our systems to recognise your device and to provide features to you, we use cookies.

 

Special Category Personal Data
We do not normally collect special category personal data such as health, race or ethnic origin. However, for certain services or activities, and when required by law or with an individual’s consent this may be necessary. We always seek to minimise our processing of special category personal data.

​

Purpose for the processing and the legal basis for the processing
We provide a wide range of business services. Most of these services require us to process personal data to provide advice and deliverables. The legal basis for processing personal data for the purpose of providing services to our customers depends upon the context. We use one or more of the following legal bases for processing:
•    Processing necessary for the performance of a contract, or steps taken to enter into a contract with our customers;
•    To address our legitimate interests;
•    To satisfy a legal obligation.

Complying with any requirement of law, regulation or a professional body of which we are a member
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We keep records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence measures to comply with anti-money laundering regulations we carry out searches to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular customer, such as sanctions, criminal convictions (including in respect of company directors and beneficial owners), conduct or other reputational issues. Where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory obligations.

 

If you wish to become our customer (and periodically thereafter), we have a legal obligation to verify your identity. We do not need to obtain your consent to do this because it is a legal obligation imposed upon us. However, we are obliged to inform you that this will take place. We may achieve this by:
•    performing a search with a credit reference agency. This will leave a footprint on your credit file as evidence that the check has taken place. This footprint is not the same as a credit check footprint and has no impact at all on your credit rating. It just leaves a footprint that proves we have satisfied the legal obligation to verify your identity. Even when these identity checks are performed periodically their repetition has no impact on your credit rating; and/or
•    evaluation of traditional ID-check documents (passport, drivers’ licence etc) and the use of an electronic signature complying with the European Union Trusted Lists (EUTL).

 

Administering, managing and developing our businesses and services
We process personal data to run our business. This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services. Such processing includes:
•    managing our relationship with customers;
•    developing our businesses and services (such as identifying customer needs and improvements in service delivery);
•    maintaining and using IT systems;
•    hosting or facilitating the hosting of events; and
•    administering and managing our websites, systems and applications.

Recruitment
The legal basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.

When an applicant becomes an employee, their personal data is processed subject to our Internal Privacy Policy.

Personal data collected from unsuccessful employment applicants is retained for 6-12 months after which it is securely destroyed.

 

Procurement of services from suppliers
The legal basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.

​

Retention of Personal Data
The retention period for the personal data we process is always in accordance with legal, regulatory and contractual requirements.

 

Data sharing - introduction
We only share personal data with other organisations when we have a lawful basis to do so. When we share data with other organisations, we put contractual arrangements and security mechanisms in place to protect personal data and to comply with our data protection, confidentiality and security standards.

 

Data sharing with other controllers
Depending upon the nature of the service being provided to you we may lawfully share personal data with other organisations. This may change from time to time, so for the latest information please contact us.

 

Table of organisations or types of organisations with which personal data may be shared in the UK: