We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is 17 Clarendon Road, Belfast, BT1 3BG, our registration number is Z6960767, and our Data Protection Officer (DPO) is Michael Branniff. Our Data Protection Officer can be contacted at 17 Clarendon Road, Belfast, BT1 3BG or by telephone on 02890 323466.
Personal data is any information that can be used to identify an individual, and it can range from the most basic of details such as contact information through to more complex data.
Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by both the UK – General Data Protection Regulation (the GDPR) and the Data Protection Act 2018.
However, not all personal data is considered equal. There are two different categories: ‘personal data’ and ‘special categories of personal data’.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
• Personal and family information, including names, dates of birth, and personal contact details;
• National Insurance details;
• Driving licence details;
• Financial details such as financial status and bank details;
• Records of goods and services relevant to the business;
• Records of education, training and employment;
• Vehicle Tracking Data;
• Covid-19 Test and Trace Data.
Sensitive and special data including:
• Information used for equal opportunities monitoring about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
• Information about your health, including any medical condition, health and sickness records;
• Right to work in the UK and relevant UK VISA;
• Information about criminal convictions and offences obtained through Access NI Checks, Police/Garda Checks, DVLA and Credit Checks.
As stated above, the vast majority of the personally identifiable information that we hold about you is provided by yourself when you seek to use our services or when you make an employment application.
In addition, we may also collect information about you as a result of your relationship with one or more of our clients, employees or other service providers as well as where you have completed forms on various sections of our website or where you have requested information from us or subscribed to our services.
We may also automatically collect certain non-personally identifiable information when you visit our website which is explained further below.
By using any of our services, including our website, and by providing us with personal information you are indicating that you consent to the use of your personal information as set out in this policy.
We currently use the services of Veriphy Ltd to assist us with performing identification checks on our clients for the purposes of compliance with the Money Laundering Regulations. Any personal information received from Veriphy Ltd will be processed only to confirm your ID to us for the purposes of preventing money laundering or terrorist financing.
How Do We Collect Information?
We collect data about you in a variety of ways and such as when we undertake a recruitment exercise, throughout the course of your employment, when we are appointed to an office by applicable legislation, when you request a quote, request a services guide or engage us for our services. We also collect information when you voluntarily complete customer surveys and provide feedback. Website usage information is collected using cookies. We may also obtain information from third parties such as governmental bodies and employment referees.
We comply with our obligations under the GDPR:
• by collecting and retaining only data necessary to pursue our legitimate business interests;
• by ensuring that appropriate technical measures are in place to protect personal data;
• by keeping personal data up to date;
• by storing and destroying data securely.
We use your information to:
• Deliver services and meet legal responsibilities;
• Verify identity where this is required;
• Process financial transactions;
• Maintain the safety, security and integrity of our services and records;
• Direct your enquiries to the appropriate department and staff;
• Investigate and understand needs and how they may be met;
• Communicate by post, email or telephone;
• Provide you with news about products, services, promotions, studies, surveys, updates and events;
• Investigate or address legal proceedings relating to your use of our services, or as otherwise allowed by applicable law;
• Make statutory returns as required by the relevant legislation;
• Review applications for employment and maintain employment records;
• Prevent and detect crime, fraud or corruption;
• Perform duties as contained within relevant legislation;
• Process information necessary for the provision of employment;
• Provide goods, services, deliveries, quotations, and information, for example newsletters;
• Process or support payments for goods and services;
• Complying with health and safety obligations;
• Equal opportunities monitoring;
• Respond to requests for references;
• Or as otherwise required or permitted by law.
We do not use automated decision-making in the processing of your personal data.
Our lawful basis for processing your information
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The lawful bases identified in the GDPR, to which we adhere, are:
• Consent of the data subject;
• Performance of a contract with the data subject or to take steps to enter into a contract;
• Compliance with a legal obligation;
• To protect the vital interests of a data subject or another person;
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
• The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
• Where the data subject is a client or in the service of the controller;
• Transmission within a group of undertakings for internal administrative purposes;
• Processing necessary to ensure network and information security, including preventing unauthorised access;
• Processing for direct marketing purposes, or to prevent fraud; and
• Reporting possible criminal acts or threats to public security.
We take the security of all of the data we hold very seriously and have policies, procedures and training in place to cover data protection, confidentiality and security.
Our Lawful Bases include:
We are required to process information to comply with various legal obligations including record keeping, administration and regulatory activities. As an employer we also have additional employment related legal obligations.
We are required to process personal information to enter into and fulfil various obligations for contracted services or relating to employment contracts.
The processing is necessary to prevent or detect unlawful acts where it is in the substantial public interest and it must be carried out without consent so as not to prejudice those purposes. In addition, it may be necessary to process relevant Covid-19 Test and Trace information.
We will rely on the legitimate interest of our firm when processing information for the purposes set out above to include the management, administration and operation of our organisation, for all business development and marketing purposes, to conduct all employment functions and obligations, to comply with all regulatory functions required by professional regulators.
On occasion we may rely upon your consent. At all times you retain the right to withdraw your consent. Where we have relied upon your consent and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.
Special category processing
If we are processing special categories of data, such as medical records pertaining to our employees, we are entitled by law to do so where it is necessary for the purposes of employment law and to support individuals with a particular disability or medical condition. We may also obtain your consent to process this type of data.
Criminal data processing
On occasion, we may process data relating to criminal offences where it is necessary for the purpose of your employment. We may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. We may also request your specific consent to process this type of data.
Information that we share
We are a member of a global network of firms, and as with other professional service providers, we may have to share your information with other third parties who assist us in running our business or delivering our services.
We may share your data with:
• Other member firms within the Baker Tilly International network;
• Third party organisations that provide data processing and IT services to us;
• Third party organisations that otherwise assist us in delivering services or information;
• Auditors and other professional advisors;
• Our legal advisors in the event of a dispute or other legal matter;
• Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
• In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company;
• Any other party where we ask you and you consent to the sharing.
We will only share data with others when we are legally permitted to do so and when sharing data we put mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We have to record approved IVAs on the Individual Voluntary Arrangement Register, a database maintained by the Insolvency Service (Department for the Economy). Credit reference agencies may use that information and it is available for public inspection. A copy of The Insolvency Service’s privacy notice can be found here.
Transfers to third countries and international organisations
In order to deliver our services, we may transfer personal data to third countries or international organisations.
We have satisfied ourselves that such transferred data is fully protected and safeguarded as required by the UK – General Data Protection Regulation and the EU-General Data Protection Regulation.
Information collected through the use of our website
• Validate users;
• Remember user preferences and settings;
• Determine frequency of accessing our content;
• Measure the effectiveness of advertising campaigns;
• Improve your online experience; and
• Analyse site visits and trends.
Retaining your data
Baker Tilly Mooney Moore, and the data we collect, are subject to various regulatory and legislative requirements. We will endeavour not to keep your personal information for longer than required for us to fulfil our obligations. Where it is not possible to delete your data, we will ensure that appropriate security organisational measures are in place to protect the use of your data.
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details. Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website here and this is the organisation that you can complain to if you are unhappy with how we deal with you.
Accessing and Correcting Your Information
You may request access to, correction of, or a copy of your information by contacting us at Baker Tilly Mooney Moore, 17 Clarendon Road, Belfast, BT1 3BG.
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
See how we can help you
You are welcome to make full use of the free online services on this site. You will find hundreds of pages of up-to-date information and advice to help you with your business development, personal finances