Keeping your data safe and sound
BHP are committed to protecting the privacy of our clients.
BHP LLP’s Privacy Promise.
We promise to collect, process, store and share your data safely and securely, by ensuring:
- You’re always in control: Your privacy will be respected at all times and we will put you in control of your privacy with easy-to-use tools and clear choices.
- We work transparently: We will be transparent about the data we collect and how we use that data so that you can make fully informed choices and decisions.
- We operate securely: We will protect the data that you entrust to us via appropriate security measures and controls. We’ll also ensure that other businesses we work with are just as careful with your data.
- For your benefit: When we do process your data, we will use it to benefit you, to make your experience better and to improve our products and services.
1. Who we are and how you can contact us.
BHP LLP, Chartered Accountants works in conjunction with a number of associated businesses under common ownership as listed below and together they are referred to in this policy as “BHP Group”, “we”, “us” or “our”:
BHP LLP 2 Rutland Park, Sheffield, S10 2PD. Registered Company Number: OC416373. ICO Registration Number: Z5466171.
BHP Financial Planning Ltd 2 Rutland Park, Sheffield, S10 2PD. Registered Company Number: 03833962. ICO Registration Number: Z7696751.
BHP Prosper Ltd 2 Rutland Park, Sheffield, S10 2PD. Registered Company Number: 07471060. ICO Registration Number: Z2562570.
BHP Debt Advisory LLP New Chartford House, Centurion Way, Cleckheaton, BD19 3QB. Registered Company Number: OC372362. ICO Registration Number: Z3127494.
BHP Corporate Solutions LLP New Chartford House, Centurion Way, Cleckheaton. BD19 3QB. Registered Company Number: OC337035. ICO Registration Number: ZA160464.
We have appointed a Group Data Protection Officer (DPO), who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Email: firstname.lastname@example.org Mail: Data Protection Officer BHP LLP, 2 Rutland Park, Sheffield, S10 2PD.
2. Where we collect your personal data from.
We may collect personal data about you in the following ways:
- When you request a proposal from us in respect of the services we provide; When you or your employer engages us to provide our services;
- When you, talk to us on the phone or at any of our offices; When you use our website;
- When you apply to work for us;
- When you send emails or letters to us; When you contact us via social media;
- When you sign up to our newsletters or marketing; When you give us feedback;
- From third parties or publicly available sources (for example your employer or Companies House).
3. Data we collect about you.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data – name, title, date of birth.
- Contact data – location, full address, postcode, email address or telephone numbers.
- Transaction data – details of the services you have purchased from us, including date and time of your instructions or our delivery and spend in relation to that transaction.
- Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile data – purchases or orders made by you, your interests, preferences, feedback and survey responses, preferences about the use of the services (including whether you are interested in certain events that we offer)
- Usage data – information about how you use our website and services.
- Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
- CV Data – Previous employment history, education, awards and references.
- Financial data – details of earnings and benefits, assets, taxes, dependents or other matters related to employment.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
4. How we use your personal data.
We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
|What we use your personal data for||What personal data we collect||Our legal grounds for processing||Our legitimate interests (if applicable)|
|To register you as a new or prospective client|
|To process and deliver our engagement|
|To manage payments or collect and recover money owed to us||To recover any debts owed to us|
|To manage our relationship with you, including notifying you about changes to our terms or privacy notices||To keep our records up to date|
|To enable you to partake in a marketing, or to complete a survey||To study how clients and contacts use our services and to grow our business|
|To administer and protect our business and our website||Running our business, provision of administration and IT services, network security|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||To define types of clients and contacts for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy|
|To use data analytics to improve our website, products / services, marketing, customer relationships and experiences||To define types of clients and contacts for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy|
|To make suggestions and recommendations to you about the services that may be of interest to you||To develop our services and grow our business|
5. Who we share your personal data with.
In order to provide you with our services and meet our legal obligations, we only share your data with BHP Group companies and 3rd parties, in the following circumstances:
- To fulfil the services we have been engaged to perform; To verify your identity;
- To authorise debit/credit card payments and any other transactions authorised by the client;
- To manage and maintain the accuracy of your records; To handle complaints and improve customer service; To administer marketing on behalf of BHP;
- To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations; and
- If BHP is acquired by a third party, in which case personal data held by it relating to its clients, will be one of the transferred assets.
We’ll never make your personal data available to anyone outside BHP for them to use for their own marketing purposes without your prior consent.
6. Third party links.
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
7. Transferring your personal data outside the EEA.
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside the EEA we have to tell you.
We do not transfer your data outside of the EEA.
8. Data security.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
9. How long do we keep your personal data?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the services provided; Any statutory or legal obligations;
- The purposes for which we originally collected the personal data; The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
After such time, we will securely delete or destroy your personal data.
We may use your personal data to tell you about relevant services and any upcoming events.
We can only use your personal data to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links on any marketing message sent to you.
Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our services or any other transaction between you and us.
You have certain rights which are set out in the law relating to your personal data. The most important rights are set out below.
Getting a copy of the information we hold
You can ask us for a copy of the personal data which we hold about you, by writing to the Data Protection Officer (in Section 1). This is known as a data subject access request.
You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.
We will try to respond to all legitimate requests within one month.
Telling us if information we hold is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact the Data Protection Officer if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.
Telling us if you want us to stop using your personal data
You have the right to:
- Object to our use of your personal data (known as the right to object); or
- Ask us to delete the personal data (known as the right to erasure); or
- Request the restriction of processing.
There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.
You can withdraw your consent to us using your personal data at any time. Please contact the Data Protection Officer if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with our services.
Request a transfer of data
You may ask us to transfer your personal data to a third party. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Making a complaint:
Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Officer (details can be found in section 1).
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.