Who we are
MHA Henderson Loggie is a professional firm of Chartered Accountants, regulated by the Institute of Chartered Accountants of Scotland (ICAS). This Privacy Notice applies to the MHA Henderson Loggie group of companies comprising MHA Henderson Loggie Chartered Accountants and MHA Henderson Loggie Planning Service, collectively known as MHA Henderson Loggie within this notice. We have offices in Aberdeen, Dundee, Edinburgh and Glasgow with our head office at the Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom.
This notice explains MHA Henderson Loggie’s approach to the personal information we handle in carrying out our duties as a professional firm of Chartered Accountants.
MHA Henderson Loggie is fully committed to handling personal information in accordance with data protection legislation and best data protection practices. This means that your personal information will be:
Processed lawfully, fairly, and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Only collected so far as required for our lawful purposes.
- As accurate and up to date as possible.
- Retained for a reasonable period of time, in accordance with retention policies.
- Processed in a manner which ensures an appropriate level of security.
Whether through this notice or otherwise, we hope to ensure that everyone has a good understanding of why Henderson Loggie processes personal information and, where we do, the rights they may have.
Why do we need to process personal information?
As explained in this notice, there are various ways in which we must process personal data to allow us to fulfil our role as a professional firm of Chartered Accountants.
How do we collect personal information?
Like most organisations that handle personal information, there are various ways in which we collect information from the people we deal with:
- Email and written correspondence.
- Telephone discussions.
- Visitors to our website.
- Social media.
- Application forms and other information requests.
- Direct personal contact at our offices and elsewhere.
In nearly all instances, it should be obvious to you that Henderson Loggie is collecting your personal data.
What personal information do we collect?
We collect personal information to fulfil our role as a professional firm of Chartered Accountants. As there are many different aspects to this role, the information requested and collected will vary from person to person.
The personal information most commonly collected from our clients is as follows:
- Contact details (including home and business addresses, email address, telephone number).
- Date of birth.
- Employment details (including current and previous employers).
- Regulatory information (including applications for licenses and regulatory monitoring).
- Information regarding investigation and disciplinary processes.
- Records of enquiries, meetings and other direct engagement.
- Copies of physical and electronic correspondence.
- Financial information.
What is the lawful basis for MHA Henderson Loggie’s processing activities?
We will only process personal information where we believe we have a lawful basis to do so. The basis for processing will vary from activity to activity. In some instances, processing may have more than one lawful basis.
The information below summarises the basis on which we process personal information.
Do we share personal data with third parties?
Some of the processing activities set out above require us to share personal information with third parties. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party.
The following is a list of the main third parties with whom we share personal information:
- ICAS, which assist us in fulfilling our role as a professional firm of Chartered Accountants.
- Oversight regulators and statutory bodies (e.g. HMRC, the FRC, the Insolvency Service).
- Software providers which allow us to operate efficient digital processes, including:
- Campaign Monitor
- Watermark Volume
For practical reasons, this is an indicative, but not exhaustive list. Please also note that the list may be updated from time to time.
How long do we retain personal information?
The periods for which we retain personal information depends on the purpose for which the information was obtained but, in general terms, we will retain personal data for so long as required by law, or as may be required for record keeping and legal claims purposes.
Where do we store personal information?
Personal information is mostly processed by our staff at our offices in the UK. To allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but in the majority of cases this will remain within the European Economic Area (EEA).
MHA Henderson Loggie is a gold partner for Xero cloud based accounting software which is used by a number of our clients. Xero holds users personal information on servers located in New Zealand and the United States of America (the U.S.). New Zealand is recognised by the EU as an ‘adequate’ country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. To ensure that our client’s data is protected Xero use top tier, third party data hosting providers’ (Rackspace, AWS, and Microsoft Azure) to host its Services on servers located in the U.S. For EU residents, this means that your personal information will be transferred to New Zealand or the U.S. Xero has in place transfer mechanisms with all its third-party data hosting providers that satisfy the requirements relating to Xero’s transfer of data from the European Union to the U.S.
By entering personal information into the Services, you consent to that personal information being hosted on servers located in New Zealand or the U.S. While your personal information will be stored on servers located in New Zealand or the U.S., it will remain within Xero’s effective control at all times. Each data hosting provider’s role is limited to providing a hosting and storage service to Xero, and Xero have taken steps to ensure that its data hosting providers do not have access to, and use the necessary level of protection for, your personal information. They do not control, and are not permitted to access or use your personal information, except for the limited purpose of storing the information.
If you do not want your personal information to be transferred to a server located outside of the European Economic Area (EEA) you should not provide Xero with your personal information or use the Service.
Given that we have clients located in several countries around the world, there may sometimes be occasions when we need to transfer information outside the EEA. Where this happens, we will take all reasonable steps to ensure that your personal information is properly protected.
We may collect information about the computer or device which is used to access our corporate website. We use this information to improve the user experience, and to help us better understand the ways in which our website is used. This may include information about:
- The computer or device type.
- IP address.
- Operating system.
- Browser type and version.
- Time zone setting and browser plug-in types and versions.
This is statistical data about our users’ browsing actions and patterns. It is collected on an anonymous, aggregated basis, and does not identify individual users.
Our website makes use of cookie files to distinguish you from other users of our site, to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.
We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will contain the domain name hlca.co.uk within the file name.
You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.
Our website and emails may contain links to other websites. We are not responsible for the content or practices of these other sites and we recommend that you check their own privacy policies.
Your rights where we are processing your information
The law in the UK gives certain rights to individuals whose information is being processed by a third party. The following is a short summary of these rights:
- Access to your information – you have the right to request a copy of the personal information about you that we hold.
- Correcting your information – we want to make sure that your personal information is accurate, complete, and up to date, and so you may ask us to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information – you have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained
- We are using that information with your consent and you have withdrawn your consent – see ‘withdrawing consent to using your information’ below.
- You have validly objected to our use of your personal information – see ‘objecting to how we may use your information’ below.
- Our use of your personal information is contrary to law or our other legal obligations.
- Objecting to how we may use your information – you have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest, or in exercising official authority vested in us then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
- Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold, or assessing the validity of any objection you have made to our use of your information. The right might also apply if we no longer have a basis for using your personal information but you don’t want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims, or where there are other public interest grounds to do so.
- Withdrawing consent using your information – where we use your personal information with your consent, you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the ‘contact information and further advice’ section if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this notice under regular review and will place any updates on this website. Paper copies of the privacy notice may also be obtained by emailing our Data Protection Officer at DPO@hlca.co.uk or in writing to our office at Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom
This privacy notice was updated in May 2018.
Contact information and further advice
If you have any questions which are not covered in this notice, we suggest that you email us at DPO@hlca.co.uk. If you would prefer to submit your questions in writing, please write to our office at Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom addressing your letter to the Data Protection Officer.
While we seek to directly resolve all complaints about how we handle personal information, you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
The Information Commissioner’s Office – Scotland
45 Melville Street
Telephone: 0303 123 1115
Email – Scotland@ico.org.uk
Website – https://ico.org.uk/concerns