Baker Tilly Mooney Moore: Privacy Statement

Baker Tilly Mooney Moore (“we”, “us” or “our”) is committed to protecting personal data and we want you to know that when you use our firm, you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Statement describes the information we collect about you, how it is used and shared, and your rights regarding it.

Data collection

The vast majority of the information that we hold about you is provided to us by  yourself when you seek to use our services. We will tell you why we need the information and how we will use it. This Privacy Statement applies to all personal data provided to us whether by you or any other party. 

Our lawful basis for processing your information

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The lawful bases identified in the GDPR, to which we adhere, are:

  • Consent of the data subject;
  • Performance of a contract with the data subject or to take steps to enter into a contract;
  • Compliance with a legal obligation;
  • To protect the vital interests of a data subject or another person;
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
  • The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

  • Where the data subject is a client or in the service of the controller;
  • Transmission within a group of undertakings for internal administrative purposes;
  • Processing necessary to ensure network and information security, including preventing unauthorised access;
  • Processing for direct marketing purposes, or to prevent fraud; and
  • Reporting possible criminal acts or threats to public security.

We take the security of all of the data we hold very seriously and have policies, procedures and training in place to cover data protection, confidentiality and security.

We use your information to:

  • Deliver services and meet legal responsibilities;
  • Verify identity where this is required;
  • Process financial transactions;
  • Maintain the safety, security and integrity of our services and records;
  • Direct your enquiries to the appropriate department and staff;
  • Investigate and understand needs and how they may be met;
  • Communicate by post, email or telephone;
  • Provide you with news about products, services, promotions, studies, surveys, updates and events;
  • Investigate or address legal proceedings relating to your use of our services, or as otherwise allowed by applicable law;
  • Make statutory returns as required by the relevant legislation;
  • Review applications for employment and maintain employment records;
  • Prevent and detect crime, fraud or corruption;
  • Perform duties as contained within relevant legislation.

We do not use automated decision-making in the processing of your personal data.

Information that we collect

As stated above, the vast majority of the personally identifiable information that we hold about you is provided by yourself when you seek to use our services or when you make an employment application.

In addition, we may also collect information about you as a result of your relationship with one or more of our clients, employees or other service providers as well as where you have completed forms on various sections of our website or where you have requested information from us or subscribed for our services.

Personally identifiable information may include your name, address, telephone number and email address, family details including your ethnic origin, financial information, medical details and details of your education and employment history.

We may also automatically collect certain non-personally identifiable information when you visit our website which is explained further below.

By using any of our services, including our website, and by providing us with personal information you are indicating that you consent to the use of your personal information as set out in this policy.

Information that we share

We are a member of a global network of firms, and as with other professional service providers, we may have to share your information with other third parties who assist us in running our business or delivering our services.

We may share your data with:

  • Other member firms within the Baker Tilly network;
  • Third party organisations that provide data processing and IT services to us;
  • Third party organisations that otherwise assist us in delivering services or information;
  • Auditors and other professional advisors;
  • Our legal advisors in the event of a dispute or other legal matter;
  • Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company;
  • Any other party where we ask you and you consent to the sharing.

We will only share data with others when we are legally permitted to do so and when sharing data we put mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Transfers to third countries and international organisations

In order to deliver our services, the information you provide us may be transferred to countries outside the European Economic Area (EEA). These countries may not have similar data protection laws to the UK however when transferring data outside of the EEA we make enquiries to ensure that any party with access to your data has implemented the necessary security and privacy measures to comply with this policy. In addition, we ensure that all personal data is provided with adequate protection and that all transfers of personal data outside of the EEA are lawful and secure as required by the General Data Protection Regulation.

Information collected through the use of our website

We collect information through the use of Cookies which are small text files stored on your browser or device by websites, apps, online media, and advertisements.  Our website provider (PracticeWEB) uses cookies to personalise your experience of the website. 

We use cookies to:

  • Validate users;
  • Remember user preferences and settings;
  • Determine frequency of accessing our content;
  • Measure the effectiveness of advertising campaigns;
  • Improve your online experience; and
  • Analyse site visits and trends.

We may use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy

Retaining your data

Baker Tilly Mooney Moore, and the data we collect are subject to various regulatory and legislative requirements. We will endeavour not to keep your personal information for longer than required for us to fulfil our obligations. Where it is not possible to delete your data, we will ensure that appropriate security organisational measures are in place to protect the use of your data.

Your Rights

The General Data Protection Regulation provides individuals specific rights around your personal data. Baker Tilly Mooney Moore as a data controller is responsible for providing further information on those rights and how individuals can exercise them, as outlined below.

Access to your information

You have the right to request a copy of the personal information about you that we hold. 

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information

You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the information for the purposes for which it was obtained.
  • We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
  • You have validly objected to our use of your personal information – see Objecting to how we may use your information below.
  • Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to require us to stop using your personal information for direct marketing purposes.  In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information

In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data.  Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent using your information

Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.

Changes to our privacy statement

We review our privacy statement and policies regularly and will place any updates on our website and in relevant communications.

Who to contact

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is 17 Clarendon Road, Belfast, BT1 3BG, our registration number is Z6960767, and our Data Protection Officer (DPO) is Anne Fitzpatrick. Our Data Protection Officer can be contacted at 17 Clarendon Road, Belfast, BT1 3BG or by telephone on 02890 323466.

Complaints

We work hard to ensure that your personal information is treated safely and securely. Whilst we hope that you won’t ever need to, if you have a complaint about our use of your personal data, please provide details of your complaint to our Data Protection Officer at the address above. We will investigate and reply to all complaints received.

In addition, you also have the right to complain to the Information Commissioner’s Office (ICO). For further information please refer to the ICO website.