To enable us to discharge the services agreed in our engagement letter, comply with related legal and regulatory obligations and for other related purposes including updating and enhancing client records and analysis for management purposes, as a data controller, we may obtain, use, process and disclose personal data about you and your business including its shareholders/members/officers and employees where appropriate as described in our privacy policy. We confirm when processing data on your behalf that we will comply with the provisions of all relevant data protection legislation and regulation.
You are also an independent controller responsible for complying with data protection legislation and regulation in respect of the personal data you process and, accordingly where you disclose personal data to us you confirm that such disclosure is fair and lawful and otherwise does not contravene relevant requirements. Nothing within our engagement letter relieves you as a data controller of your own direct responsibilities and liabilities under data protection legislation and regulation.
Data protection legislation and regulation places obligations on you as a data controller where we act as a data processor to undertake the processing of personal data on your behalf, for instance where we operate a payroll service for you. We therefore confirm that we will at all times take appropriate measures to comply with relevant requirements when processing data on your behalf. In particular we confirm that we have adequate security measures in place and that we will comply with any obligations equivalent to those placed on you as a data controller.
Our privacy policy, which can be found on our website at www.rtaccountants.co.uk explains how we process personal data in respect of the various services that we provide.