Privacy Policy for Clients and Business Contacts

  1. Introduction and Privacy Notice
    1. This Privacy Policy is provided for the benefit of clients and business contacts (“you”) of Zeamos Consulting Ltd (“We “or “us”). Separate privacy policies are applicable to website users, and for our staff, respectively.
    2. We are committed to protecting and respecting your personal information and privacy. This privacy policy relates to our use of any personal information we collect from you during the course of our business or our dealings with you, for which we are the “Data Controller”.
    3. We are required to only handle your personal information in line with data protection law; including the General Data Protection Regulation (GDPR) and the Data Protection Act.
    4. One such requirement is that we are required to provide you with a “privacy notice”, which is what this Privacy Policy is intended to do. The terms “privacy notice” and “privacy policy” may be used interchangeably within this document.
  2. Information about us and how to contact us
    1. Zeamos Consulting Ltd, company number 13504936; registered office at Westcott House, Westleigh, Tiverton, EX16 7EW.
    2. Our ICO data protection registration number is ZB230526.
    3. You can contact us via the following options:
      • For the attention of: The Business Manager, Zeamos  Consulting Ltd, Westcott House, Westleigh, Tiverton EX16 7EW.
      • Email: enquiries@zeamos.com
      • Telephone: 01884 829064
  3. Responsibility for data protection
    1. Responsibility for data protection lies with our Directors.
  4. Data Protection Principles
    1. We will comply with data protection law, which means that the personal information we hold about you must be:
      • Used lawfully, fairly and in a transparent way.
      • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
      • Relevant to the purposes we have told you about and limited only to those purposes.
      • Accurate and kept up to date.
      • Kept only as long as necessary for the purposes we have told you about.
      • Kept securely.
  5. Entitlement to process Personal Information
    1. We are entitled to process your personal information if:
      • We have a “justification” for doing so; or
      • We have your consent.
    2. We do not need your consent in circumstances where we already have a justification for the processing of your personal information. This document sets out the basis upon which we do have justification for processing your personal information.
  6. Your rightsIn addition to your right to be provided with a privacy notice and receive the information provided to you within this document, you have the following rights under the GDPR:
    1. Right of Access
      • You may request access to your personal information, which we hold or process, by making a “data subject access request”.
      • Your request should be made in writing to our Business Manager.
      • If you request access to a large amount of information, we may ask you to more clearly specify the information to which your request relates.
      • We shall provide you with access to the requested information unless your request is manifestly unfounded or excessive, or if it adversely affects the rights of someone else.
    2. Right to Correction
      • You may require us to correct any inaccurate personal information, or complete any incomplete personal information, that we hold about you.
      • You should request any such correction in writing to our Business Manager.
    3. Right to Erasure
      • Also known as the right to be forgotten – You have the right to request the erasure of personal information if: a) it is no longer necessary for us to hold it for the purpose it is or was intended; or b) if you withdraw previously given consent; and (in both cases) we do not have any other legal justification for holding that information.
      • You should request any such erasure in writing to our Business Manager.
    4. Right to Object
      • You have the right to object to our processing of your personal information based on legitimate interests; or the performance of a task in the public interest; or for the purposes of statistics.
      • You also have the right to object to the processing of your personal information for direct marketing purposes, if relevant.
      • Your objection must be made on grounds relating to your particular situation.
      • Your objection must be made in writing to our Business Manager.
      • If these conditions are met, we shall stop processing that personal information, unless we have compelling legitimate grounds for the processing, which justify its continued processing; or unless the processing is necessary for the establishment, exercise or defence of legal claims.
    5. Right to Restrict Processing
      • You have the right, in some circumstances and subject to exemptions, to restrict the processing by us of your personal data.
      • Where processing has been restricted, we shall only process your personal data (excluding storing them):
        1. with your consent;
        2. for the establishment, exercise or defence of legal claims;
        3. for the protection of the rights of another person; or
        4. for reasons of important public interest.
      • Prior to lifting the restriction, we shall inform you of the lifting of the restriction.
      • You should request any such restriction in writing to our Business Manager.
    6. Right to Data Portability
      • You have the right, in certain circumstances, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format that you can then provide to another company.
      • We shall provide you with the requested data unless your request is manifestly unfounded or excessive, or if it adversely affects the rights of someone else.
      • Your request should be made in writing to our Business Manager.
    7. Right not to be subject to Automated Decision Making
      • We do not currently use any automatic decision-making processes.
    8. Right to make a complaint
      • If you believe that we have breached your data protection rights, we encourage you to raise a formal complaint made to our Business Manager.
      • If you are still unhappy with our personal information rights practices, you may complain or report a concern to the Information Commissioner’s Office. Details can be found at: https://ico.org.uk/concerns/
  7. Personal information collected by us
    1. We process both Personal and Sensitive (Special) categories of data. Personal data we process may include name, address and email address. Due to the nature of our business we also process Sensitive (Special) categories of data, such as health data, racial or ethnical origin and biometric data (passports for identification and verification purposes as required by law).
    2. We may receive your personal information via the following methods:
      • Through correspondence with you.
      • Through telephone and face to face communications with you.
      • Via Courts, tribunals, regulatory authorities.
      • Via third party referrals, and other parties connected with any matter we are assisting you with.
      • Through engagement of service providers, such as identity checks, and publicly available sources.
    3. Personal Information we collect and hold may include:
      • Contact details including email address, landline and mobile numbers.
      • Name, address, gender and date of birth.
      • Marital status, dependents and family.
      • Photographic identification documents including drivers licences, passports amongst others.
      • Bank account details, payroll records & tax status information.
      • Payments records, via bank transfer, debit card, cheques or otherwise.
      • Financial records including tax, pensions, income, and other personal financial information.
      • Details of property and assets.
      • Sensitive data – a special category of personal information including amongst others: medical, police and accident records and information containing racial or ethnical origin and/or biometric data eg passport.
      • Any other personal information necessary for regulatory reasons or for the conduct of your matter.
    4. We only collect the above information because we need it. We do not, therefore, collect all of this information in every case.
    5. These items of personal information may be collected, held and processed where and to the extent that this is necessary, for the performance of our obligations to you as your professional advisers and pursuant to our contract of services with you. This may also be necessary to enable us to comply with our legal and regulatory obligations.
  8. How personal information is used
    1. We have justification for processing your personal information in the following ways:
      • To carry out our duties relating to any contracts entered into between you and us.
      • To adequately and appropriately advise you in relation to any matter we are assisting you with, or in relation to any matters that we are aware could impact upon you legally or financially.
      • To provide you with information, products or services that you request from us or which we feel may interest you, where you have either consented to be contacted for such purposes or because we have a “legitimate interest” in doing so.
      • To comply with any legal or regulatory requirement that we are subject to.
      • To carry out necessary maintenance to our IT or accounts systems.
  9. Sharing personal information with others
    1. Subject to the circumstances outlined below, we shall not share your personal information with anyone unless it is required or permitted by law or it is necessary in the course of the matter we are assisting you with (specific to your circumstances), such as communications with the other side in disputes or on a transaction we are assisting with; registration organisations such as Companies House or regulatory bodies on your behalf.
    2. We do use third party service providers (data processors) to supply and support our services to you, with whom some of your personal may be shared.
    3. The list below lists our regular data processors’ services.
      • Accountants and Accounts Software suppliers
      • Practice and Document Management Software suppliers
      • Secure data sharing services providers (if relevant to your matter)
      • IT Consultants
      • Confidential printing and copying services
      • Secure IT hardware disposal 
    4. We have contracts in place with our data processors, requiring them not to do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
  10. How long we keep Personal Data
    1. Our Data Retention Periods are set out in our Data Retention Periods policy which is available on our website.
  11. Changes
    1. We keep our privacy notice under regular review and changes may be made to it from time to time. The current version of our privacy notice will be posted on our website so that you are aware of its contents.