Privacy Statement

Who we are
This is the privacy statement of Shenward. Shenward is a trading name of Shenward LLP, a Limited Liability Partnership registered in England & Wales, registration number OC421076. A list of members’ names is available for inspection at 19 Bolling Road, Bradford, West Yorkshire, BD4 7BG, United Kingdom, the firm’s principal place of business and its registered office.


Purpose
This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person.  Shenward processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.  To find out more about our specific processing activities, please go to the relevant sections of this statement.


Our commitment
Shenward is fully committed to handling personal information in accordance with data protection legislation and best data protection practices. This means that your personal information will be:

– Processed lawfully, fairly, and in a transparent manner;

– Collected for specified, explicit and legitimate purposes;

– Only collected so far as required for our lawful purposes;

– As accurate and up to date as possible;

– Retained for a reasonable period of time, in accordance with retention policies; and

– Processed in a manner which ensures an appropriate level of security.

Whether through this notice or otherwise, we hope to ensure that everyone has a good understanding of why Shenward processes personal information and, where we do, the rights they may have.


What personal information we collect
Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes.

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to other data subjects concerned, such as family members, regarding its use.

Given the diversity of the services we provide to personal clients, we process many categories of personal data, including as appropriate for the services we are providing:

– Contact details;

– Business activities;

– Family information;

– Income, taxation and other financial-related details; and

– Investments and other financial interests.

For certain services or activities, and when required by law or with an individual’s consent, we may also collect special categories of personal data. Examples of special categories include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records.

Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client.


Where we collect personal information from
Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client.


How we use your personal information
We use personal data for the following purposes:


Providing professional services
Some of our services require us to process personal data to provide advice and deliverables. For example, we need to use personal data to provide tax advice.


Administering, managing and developing our businesses and services
We process personal data to run our business, including:

– managing our relationship with clients;

– developing our businesses and services;

– maintaining and using IT systems;

– hosting or facilitating the hosting of events; and

– administering and managing our website and applications.

Security, quality and risk management activities

We have measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.

We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements.  We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file.

We collect and hold personal data as part of our client engagement and acceptance procedures.  As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client.


Providing our clients with information about us and our range of services
With consent or otherwise in accordance with applicable law, we use client contact details to provide information that we think will be of interest about us and our services.


Complying with any requirement of law, regulation or a professional body of which we are a member
As a provider of professional services, we are subject to legal, regulatory and professional obligations. We keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.


Who we share your personal information with
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.


How long we retain your personal information for
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 6 years.


Our Suppliers
We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.


Visitors to our offices
We have security measures in place at our offices, including CCTV and building access controls.

There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident).  CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).


Visitors to our website
Visitors to our websites are in control of the personal data shared with us. We may capture limited personal data automatically via the use of cookies on our website.  Please see the section on Cookies below for more information.

Visitors can also choose to subscribe to updates from us. We receive personal data, such as name, title, company address, email address, and telephone and fax numbers, from website visitors.

Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message. We request visitors not to provide sensitive information and if you choose to do so, the act of providing this information constitutes your explicit consent for us to collect this information.


Cookies
Our website makes use of cookie files to distinguish you from other users of our site, to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.

Shenward also uses analytical cookie files which allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.

If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies. Our cookies will contain the domain name shenward.com within the file name.

You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.


Children
Our website is not intended for use by children. We understand the importance of protecting children’s information, especially in an online environment, and we do not knowingly collect or maintain information about children.


Your rights and how to exercise these


Access to your information
You have the right to request a copy of the personal information about you that we hold.


Correcting your information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.


Deletion of your information
You have the right to ask us to delete personal information about you where:

– You consider that we no longer require the information for the purposes for which it was obtained.

– We are using that information with your consent and you have withdrawn your consent – see

Withdrawing consent to using your information below.

– You have validly objected to our use of your personal information – see Objecting to how we may use your information below.

– Our use of your personal information is contrary to law or our other legal obligations.


Objecting to how we may use your information
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.


Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data.  Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.


Automated processing
If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.


Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.


Unsubscribe
Shenward gives you choices regarding the collection and usage of your personal information. If you have registered for any updates and do not wish to receive future e-mails, please email us at hello@shenward.com.


Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website.

This privacy statement was last updated on 3 April 2018.


Contact information and further advice
If you have any questions which are not covered in this notice, please send an email to hello@shenward.com.


Complaints
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshiree
SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns