Audit privacy policy
Data Protection Audit Privacy Notice
At PKF Francis Clark, we are committed to protecting the privacy and security of your personal data. This privacy notice outlines how we collect, use, and protect your data in connection with our audit services. In most circumstances when providing our services in Audit we will be acting as a Data Controller.
About us
As regulated auditors we are under a statutory obligation and a legal responsibility to perform our work in accordance with current law and regulations and to maintain the required professional and ethical standards when providing our services.
Information we collect
We collect personal data necessary to conduct our audit work. This may include, but is not limited to:
- Contact details such as name, address, email and phone number
- Financial information such as bank details, transaction records and financial statements
- Employment details including job title, salary and employment history
- Any other relevant information required for the audit process
How we use your information
The personal data we collect is used solely for the purposes of conducting our audit services. This includes:
- Performing audit and assurance services including sharing data with the group auditor where applicable
- Complying with legal and regulatory obligations
- Communicating with you about our services and responding to your inquiries
Please note that we may collect and/or process other personal data from time to time.
Lawful basis for processing
We only process your data (which may include providing it to a third party) where we have identified a valid lawful basis to do so. These are as follows:
Contractual obligation – means processing that is necessary to comply with our obligations arising out of a contract, for example, where you have bought services from us we will use the personal data you provide to fulfil our contractual obligations.
Legitimate interest – means in the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. Where we rely on legitimate interests, we will make a record of our decision making. When we rely on legitimate interest for the processing of your personal data, it will not, in our opinion, affect your rights or freedoms and is proportionate to our interests e.g. keeping you up to date with our latest services or obtaining your feedback on our service.
Consent – We will seek to obtain your consent to process:
- your data outside our contractual obligations (see above) unless we have identified a Legitimate Interest (see above); and
- any special category data.
Legal obligation – We may process your data where we it is necessary for us to do so to comply with the law.
Third parties and sharing information
Please see below the list which sets out categories of recipients of personal data.
| Examples of types of service providers who may receive your personal data |
| IT support services |
| Email provider |
| Cloud accounting and payroll providers |
| Website provider |
| Secure document disposal service |
| Banks |
| HMRC |
| Online payment providers |
| Regulators, for example: The Institute of Chartered Accountants in England and Wales |
| Accountants |
| Group auditors (when applicable) |
| Insurers |
| Solicitors |
| Software Providers |
| Feedback aggregators and collectors |
| Couriers |
| Marketing and Research Agencies |
Data protection and security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or damage. Our staff are trained on data protection principles and are committed to maintaining confidentiality and integrity of your data.
Data retention
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the data is no longer needed, we will securely delete or anonymise it.
Your rights
You have the right to request access to your personal data, as well as to request correction, deletion, or restriction of processing of your data. If you have any concerns about how we handle your personal data, please contact us and we will address your concerns promptly.
Contact us
If you have any questions or concerns about this privacy notice or our data protection practices, please contact:
- Email: [email protected]
- Phone: 01803 320100 and ask to speak to the Privacy Officer
- Address: Head of Privacy, Francis Clark LLP, Sigma House, Oak View Close, Edginswell, Torquay TQ2 7FF, United Kingdom
We are committed to safeguarding your personal data and ensuring transparency in how we handle it. Thank you for trusting PKF Francis Clark with your audit needs.
If you are in the EU, we have appointed DataRep as our EU Representative in accordance with Article 27 GDPR to act on our behalf if and when we undertake data processing activities to which article 3(2) applies.
If you are in the EU and have an inquiry for Francis Clark LLP regarding your personal data you may contact us through DataRep by:
- Sending an emal to DataRep at [email protected] quoting <Francis Clark LLP> in the subject line; or
- Contact via the online webform at datarep.com/data-request or
Mailing your inquiry to DataRep at the most convenient of the addresses found here.
You have the right to complain about the processing of your personal data. In the first instance please contact us using the details provided above. You also have the right to complain to the Information Commissioners Office (ico.org.uk).