Last updated: 18 July 2022
Tango November Bravo Ltd (“tNb”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights in accordance with the EU General Data Protection Regulation (“GDPR”) and the UK Data Protection Act of 2018 (“DPA2018”). We ensure that information collected is handled responsibly and safeguarded using appropriate technical, administrative and physical security measures.
The privacy notice below explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.
1. Information About Us
Tango November Bravo Ltd
Registered in England and Wales No. 14112760
Registered office: 71-75 Shelton Street, Covent Garden,
London, WC2H 9JQ, United Kingdom
Email address: privacy@tnb-solutions.com
We are a member of the International Association of Bookkeepers (“IAB”).
2. What Does This Notice Cover?
This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What is Personal Data?
Personal data is defined by the GDPR and the DPA2018 as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. In simpler terms, personal data is any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 6, below.
4. Your Rights
Under the GDPR and UKDP2018, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data;
(This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.) - The right to access the personal data we hold about you;
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete;
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of.
5. How We Collect or Obtain Personal Data
We may automatically collect certain data from you as you use our website by using cookies and similar technologies.
We may collect data about you by you providing the data directly to us (for example by filling in forms on our website, corresponding with us by telephone, mail, email, social media or otherwise, by you posting details and documents to us, or by you granting us access to shared online/electronic resources such as accounting software or online storage).
We may receive data from third parties such as analytics providers such as Google based outside the UK and/or the EU, advertising networks such as Facebook based outside the UK and/or the EU, such as search information providers such as Google based outside the UK and/or the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also collect data relating to your tax affairs (for example PAYE coding notices, tax calculation statements, and other correspondence) by it being sent to us by post or in electronic format by HMRC in cases where you have authorised HMRC to liaise directly with us as your tax agent.
To comply with legal obligations to which we are subject, to obtain evidence of your identity and address, we may receive data from third party agencies which may include residency and identity checks and ‘risk’ factors such as politically exposed persons and those on sactions lists, and from publicly available sources such as Companies House and the Electoral Register based inside or outside the UK and/or EU.
6. What Personal Data We Collect
We may collect some or all of the following personal data (this may vary according to your relationship with us):
- Full names, previous or other names, current and previous addresses, marital status, gender, telephone numbers, email addresses, date of birth, business name, job title, profession, payment information, national insurance number, passport number, tax reference number and financial details;
- Information relevant to preparing and/or analysing your financial accounts, corporation tax, payroll, VAT and other services you require from us.
7. Howe We Use Your Personal Data
Under the GDPR and UKDP2018, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it or to comply with any legal requirements. Your personal data may be used for the following purposes:
- Supplying our services to you as our client as your personal details are required in order to enter into a contract with us;
- To provide, maintain and improve our bookkeeping services;
- To fulfil our obligations under relevant laws in force (for example the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”);
- To comply with professional obligations to which we are subject as a member of IAB;
- To use in the investigation and/or defence of potential complaints, disciplinary proceedings, and legal proceedings;
- To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen;
- To communicate with you, which may including responding to emails, calls or texts from you;
- To contact you about other services we provide which may be of interest to you if you have consented to us doing so.
8. How Long We Keep Your Personal Data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- To provide you with the services you have requested;
- To comply with other law, including for the period demanded by HMRC;
- To support a defence of claim in court;
- Where we act as a data processor we will delete or return all personal data to the data controller as agreed with the controller.
9. How and Where We Store or Transfer Your Personal Data
We shall only transfer any Personal Data we hold to a country outside the European Economic Area (“EEA”) if one of the following conditions applies:
- The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms;
- You have given consent that your Personal Data is transferred;
- The transfer is necessary for one of the reasons set out in the GDPR or DPA2017, including the performance of a contract between you and us, or to protect your vital interests;
- The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims;
- The transfer is authorised by the ICO and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.
The security of your Personal Data is essential to us and to protect your data we take a number of important measures, including but not limited to the following:
- Data is protected by strong passwords that are changed regularly;
- Data is backed up frequently;
- Software is kept up-to-date with the latest security patches;
- Computers are protected by security software and firewalls;
- Files are kept in locked drawers or filing cabinets
- Paper documents are shredded and disposed of securely when no longer required;
- Data users shall be appropriately trained and supervised in accordance with this notice which includes requirements that data users log off from or lock their computers/electronic device when it is left unattended. We shall take security measures against unlawful and/or unauthorised processing of personal data and against the accidental loss of or damage to your personal data.
10. Sharing Your Personal Data
There may be situations in which it is necessary for us to disclose your Personal Data to third parties, which include but are not limited to the following:
- HMRC, our professional body IAB and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to the requirements of MLR 2017 (or any similar legislation), professional indemnity insurers, and an alternate appointed by us in the event of incapacity or death
- In providing you with our services we use secure online storage and software providers to process electronic data, including personal data. These providers are GDPR compliant or apply equivalent/adequate safeguards (a full list of these providers can be provided on request);
- In some limited circumstances we may be legally required to share certain Personal Data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- If any of your Personal Data is required by a third party, as described above, we will take steps to ensure that your Personal Data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
- If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your Personal Data is treated just as safely and securely as it would be within the UK and under the GDPR 2017.
- We may use Youtube videos embedded on our website, Youtube has its own cookie and privacy policy over which we have no control (view Youtube policy here).
11. How You Can Access Your Personal Data
If you want to know what Personal Data we have about you, you can ask us for details of that personal data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email address shown in Part 12. In order to respond to your request, we may request additional information from you to confirm your identity. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you have repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data, within that time. In some cases, however, particularly if you request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
12. How To Contact Us
To contact us any about anything to do with your Personal Data and data protection, including to make a subject access request, please use the following details:
Email address: privacy@tnb-solutions.com
Telephone number: +44 (0)771 682 3879
13. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.