We are registered with the Isle of Man Information Commissioner under registration numbers N002926 (UHY Crossleys LLC) and N002925 (Crossleys Audit LLC).
Contents of this privacy notice
- Who controls your personal data?
- What personal data will we obtain from you, and how and when will we request it?
- Why do we obtain your personal data?
- Who will we share your personal data with?
- How do we ensure the security of your personal data?
- Access to, and amending, your personal data
- Amendments to this policy
- Comments and questions
1. Who controls your data?
Crossleys is the “data controller” as defined in the Data Protection Act 2002. This means that Crossleys will obtain and process your personal data.
2. What personal data will we obtain from you, and how and when will we obtain it?
This will depend upon the nature of the services being provided but may include the following:
- Your full name;
- your date of birth;
- your gender;
- your passport number or national identity card number;
- your place of birth;
- your nationality;
- your residential and mailing addresses including postcodes;
- your tax identification number;
- you country of tax residence; and
- your contact details (email address and telephone number).
You must provide all of the above information if you wish us to engage us to provide accounting, audit, taxation or other services.
In order to meet our legal requirements, we may also collect and process the following additional personal data about you:
- an internationally recognised photo ID (passport, identity card, driving licence), a utility bill, proof of identity, residence and/or age, and/or a bank or credit card statement relating to your payment details that are registered with us;
- if you contact us, we may keep a record of that correspondence;
- We reserve the right to conduct credit checks with third party credit and financial institutions in order to confirm any information that you have provided to us.
3. Why do we obtain your personal information?
We will obtain and process your personal data in order to:
- comply with our regulatory and legal obligations, including our ‘know your customer’ (KYC), due diligence, FATCA and Common Reporting Standard reporting and beneficial ownership requirements;
- provide customer support services;
- reporting of crime or suspected crime, including money laundering or fraud.
4. What will we do with your personal data?
Disclosure to third parties
4.1 We will not disclose any personal information that you provide to us to third parties unless: (i) we have your consent; (ii) it is required or permitted by law, (iii) your agreement with us permits such disclosure; or (iv) it is in our legitimate interests to do so. This is explained more fully in clause 4.2 below.
- third parties, for the purposes of verifying information that you provide to us (e.g. provision of information to banks for verifying credit card payments);
- to any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries;
- with other UHY International member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from UHY International member firms in different territories;
- third party organisations that provide applications/functionality, data processing or IT services to us (e.g. providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services);
- third party organisations that otherwise assist us in providing goods, services or information;
- auditors and other professional advisers;
- to any prospective seller or buyer of Crossleys, or our business or assets (or part of them) in respect of the sale;
- to a third party, if we are under a duty to disclose or share your personal data with them in order to comply with any legal obligation, or in order to enforce or apply our terms of business and other agreements, or to protect the rights, property, reputation, security or safety of Crossleys, our clients or others; this includes (but is not limited to) exchanging information with or providing information to third parties for the purposes of fraud protection and credit risk reduction;
- to any law enforcement or revenue authorities (when requested by them to do so) and only to the extent necessary to adequately deal with the requests made;
- to your bank or card scheme operator in order to verify the card information or bank information that you provide to us and/or to recover payments made to you in error, in accordance with our terms of business;
- to any payment collection agency that we may decide to use in order to recover monies you owe to us; or
- to any industry body or regulator to whom we have a duty to disclose such information.
4.3 We may also use your email address or your postal address to send you updates or news regarding Crossleys or the services we provide, but you can choose to stop receiving emails or post of this nature at any time by contacting the Data Protection Officer using the details in clause 6.2 below.
4.4 We do not sell or trade any of your personal information to third parties.
What happens if you agree to receive promotions from third parties
4.5 If you tell us (either when you register as a client with us or at any later time) that you are happy to receive information or promotions from selected third parties about goods and services which may be of interest to you, you consent to us sending your information to those third parties so that they may provide you with such offers or information. You may opt out of receiving such offers or you may change your preferences at any time by notifying the Data Protection Officer using the details in clause 6.2 below.
Transferring your personal data to other countries
4.6 In order to provide our services effectively, we may need to transfer data, including personal information, to other companies outside the Isle of Man or outside the European Economic Area (EEA).
4.7 If we determine that it is necessary to transfer personal data in accordance with clause 4.6, we will only make such a transfer if we are satisfied that the recipient companies offer an adequate level of protection for personal data.
5. How do we ensure the security of your personal data?
5.2 We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
5.3 When we share data with others we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
6. Access to, and amending, your personal data
6.1 At any time, you can make a written request to us to have access to all the personal information that we hold about you.
6.2 You may inform us of any changes in your personal data and in accordance with our obligations to you by contacting us at the Data Protection Officer, UHY Crossleys LLC, PO Box 1, Portland House, Station Road, Ballasalla, Isle of Man, IM99 6AB. It is your responsibility to tell us when information that you have provided to us is out of date or needs to be amended, but we confirm that will update or delete your personal data accordingly.
6.3 We will aim to respond to any requests for access in accordance with applicable law.
6.4 We will aim to respond to any requests for information promptly and in any event within the legally required time limits.
8. Comments and questions