Who we are
Henderson Loggie is a professional firm of Chartered Accountants, regulated by the Institute of Chartered Accountants of Scotland (ICAS). This Privacy Notice applies to the Henderson Loggie group of companies comprising Henderson Loggie LLP and Henderson Loggie Financial Planning Limited, collectively known as Henderson Loggie within this notice. We have offices in Aberdeen, Dundee, Edinburgh and Glasgow with our head office at the Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom.
This notice explains Henderson Loggie’s approach to the personal information we handle in carrying out our duties as a professional firm of Chartered Accountants.
Henderson Loggie is fully committed to handling personal information in accordance with data protection legislation and best data protection practices. This means that your personal information will be:
- Processed lawfully, fairly, and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Only collected so far as required for our lawful purposes.
- As accurate and up to date as possible.
- Retained for a reasonable period of time, in accordance with retention policies.
- Processed in a manner which ensures an appropriate level of security.
Whether through this notice or otherwise, we hope to ensure that everyone has a good understanding of why Henderson Loggie processes personal information and, where we do, the rights they may have.
Why do we need to process personal information?
As explained in this notice, there are various ways in which we must process personal data to allow us to fulfil our role as a professional firm of Chartered Accountants.
How do we collect personal information?
Like most organisations that handle personal information, there are various ways in which we collect information from the people we deal with:
- Email and written correspondence.
- Telephone discussions.
- Visitors to our website.
- Social media.
- Application forms and other information requests.
- Direct personal contact at our offices and elsewhere.
In nearly all instances, it should be obvious to you that Henderson Loggie is collecting your personal data.
What personal information do we collect?
We collect personal information to fulfil our role as a professional firm of Chartered Accountants. As there are many different aspects to this role, the information requested and collected will vary from person to person.
The personal information most commonly collected from our clients is as follows:
- Contact details (including home and business addresses, email address, telephone number).
- Date of birth.
- Employment details (including current and previous employers).
- Regulatory information (including applications for licenses and regulatory monitoring).
- Information regarding investigation and disciplinary processes.
- Records of enquiries, meetings and other direct engagement.
- Copies of physical and electronic correspondence.
- Financial information.
What is the lawful basis for Henderson Loggie’s processing activities?
We will only process personal information where we believe we have a lawful basis to do so. The basis for processing will vary from activity to activity. In some instances, processing may have more than one lawful basis.
The information below summarises the basis on which we process personal information.
|Lawful Basis||Examples of processing activities|
|Processing is necessary for us to meet our legitimate interests as a professional firm of Chartered Accountants, including:|
• The maintenance of our client database, the promotion and monitoring of professional standards, and delivery of services we provide to various parties.
|• General administration for maintaining our client database. |
• Corresponding with clients in respect of the delivery of services within the terms of our specific engagement.
• Regulatory activity (e.g. complying with membership requirements of ICAS, and fulfilling our responsibilities with regards applicable legislation).
• Providing clients and other parties with relevant technical / sector updates and other information.
|• Processing carried out in the public interest||• Regulatory activity (e.g. complying with membership requirements of ICAS, and fulfilling our responsibilities with regards applicable legislation).|
|• Processing necessary for us to comply with our legal obligations.||• Providing information to oversight regulators (including OSCR, ICAS, the FCA, the FRC and the Insolvency Service). Providing information to statutory bodies (e.g. HMRC). Providing information to law enforcement agencies.|
|• Consent||• Providing clients and other parties with relevant technical / sector updates, marketing and other information. Use of financial and other information relevant to the delivery of professional services provided to our clients.|
|• Contract||• Corresponding with clients in respect of the delivery of services within the terms of our specific engagement|
Do we share personal data with third parties?
Some of the processing activities set out above require us to share personal information with third parties. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party.
In connection with one or more of the purposes outlined above, we may disclose details about you to: other members of the Henderson Loggie Group for legitimate business-related purposes; third parties that provide services to us and/or other members of the Henderson Loggie Group; as part of a corporate transaction (such as a sale, reorganisation, merger or acquisition); competent authorities (including courts and authorities regulating us or another member of the Henderson Loggie Group) and other third parties that reasonably require access to Personal Information relating to you for one or more of the purposes outlined in the sections above.
We may also need to disclose your Personal Information if required to do so by law, by a regulator or during legal proceedings.
Please note that some of the recipients of your Personal Information referenced above may be based in countries without data protection laws similar to those in the UK. In such cases, we will ensure that you consented to the transfer or that there are adequate safeguards in place to protect your Personal Information that comply with our legal obligations. For example, the adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the UK Information Commissioner’s Office (ICO) for transfers of Personal Information to third countries.
Further details of the transfers described above, and the adequate safeguards used by us in respect of such transfers, are available from us. For such information, please contact us by using the contact information below.
How long do we retain personal information?
The periods for which we retain personal information depends on the purpose for which the information was obtained but, in general terms, we will retain personal data for so long as required by law, or as may be required for record keeping and legal claims purposes.
Where do we store personal information?
Personal information is mostly processed by our staff at our offices in the UK. To allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK, but in the majority of cases this will remain within the European Economic Area (EEA).
Henderson Loggie is a gold partner for Xero cloud based accounting software which is used by a number of our clients. Xero holds users personal information on servers located in New Zealand and the United States of America (the U.S.). New Zealand is recognised by the EU as an ‘adequate’ country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. To ensure that our client’s data is protected Xero use top tier, third party data hosting providers’ (Rackspace, AWS, and Microsoft Azure) to host its Services on servers located in the U.S. For EU residents, this means that your personal information will be transferred to New Zealand or the U.S. Xero has in place transfer mechanisms with all its third-party data hosting providers that satisfy the requirements relating to Xero’s transfer of data from the European Union to the U.S.
By entering personal information into the Services, you consent to that personal information being hosted on servers located in New Zealand or the U.S. While your personal information will be stored on servers located in New Zealand or the U.S., it will remain within Xero’s effective control at all times. Each data hosting provider’s role is limited to providing a hosting and storage service to Xero, and Xero have taken steps to ensure that its data hosting providers do not have access to, and use the necessary level of protection for, your personal information. They do not control, and are not permitted to access or use your personal information, except for the limited purpose of storing the information.
If you do not want your personal information to be transferred to a server located outside of the European Economic Area (EEA) you should not provide Xero with your personal information or use the Service.
Given that we have clients located in several countries around the world, there may sometimes be occasions when we need to transfer information outside the EEA. Where this happens, we will take all reasonable steps to ensure that your personal information is properly protected.
We may collect information about the computer or device which is used to access our corporate website. We use this information to improve the user experience, and to help us better understand the ways in which our website is used. This may include information about:
- The computer or device type.
- IP address.
- Operating system.
- Browser type and version.
- Time zone setting and browser plug-in types and versions.
This is statistical data about our users’ browsing actions and patterns. It is collected on an anonymous, aggregated basis, and does not identify individual users.
Our website makes use of cookie files to distinguish you from other users of our site, to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.
We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will contain the domain name hlca.co.uk within the file name.
You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.
Our website and emails may contain links to other websites. We are not responsible for the content or practices of these other sites and we recommend that you check their own privacy policies.
Your rights where we are processing your information
The law in the UK gives certain rights to individuals whose information is being processed by a third party. The following is a short summary of these rights:
- Access to your information – you have the right to request a copy of the personal information about you that we hold.
- Correcting your information – we want to make sure that your personal information is accurate, complete, and up to date, and so you may ask us to correct any personal information about you that you believe does not meet these standards.
- Deletion of your information – you have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained
- We are using that information with your consent and you have withdrawn your consent – see ‘withdrawing consent to using your information’ below.
- You have validly objected to our use of your personal information – see ‘objecting to how we may use your information’ below.
- Our use of your personal information is contrary to law or our other legal obligations.
- Objecting to how we may use your information – you have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest, or in exercising official authority vested in us then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
- Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold, or assessing the validity of any objection you have made to our use of your information. The right might also apply if we no longer have a basis for using your personal information but you don’t want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims, or where there are other public interest grounds to do so.
- Withdrawing consent using your information – where we use your personal information with your consent, you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the ‘contact information and further advice’ section if you wish to exercise any of these rights.
Changes to our privacy notice
We keep this notice under regular review and will place any updates on this website. Paper copies of the privacy notice may also be obtained by emailing our Data Protection Officer at firstname.lastname@example.org or in writing to our office at Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom
This privacy notice was updated in April 2019.
Contact information and further advice
If you have any questions which are not covered in this notice, we suggest that you email us at DPO@hlca.co.uk. If you would prefer to submit your questions in writing, please write to our office at Vision Building, 20 Greenmarket, Dundee DD1 4QB, United Kingdom addressing your letter to the Data Protection Officer.
While we seek to directly resolve all complaints about how we handle personal information, you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
The Information Commissioner’s Office – Scotland
Queen Elizabeth House
Telephone: 0303 123 1115
Email – Scotland@ico.org.uk
Website – https://ico.org.uk/make-a-complaint/