Copsey Murray respects your personal information and undertakes to comply with all applicable data protection legislation currently in place. This privacy notice is designed to inform you about the way your personal information is collected and used, in line with EU regulations and Irish legislation, through appropriate organisation and technical security measures/processes. It also outlines your rights in relation to that data.
How Copsey Murray collects and uses personal data
We obtain, use, process and disclose personal data about you in order that we may discharge the services agreed under the terms of our engagement letter, and for other related purposes including updating and enhancing client records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance.
We may pass your information onto other associated organisations for the purpose of providing services to you. We will only disclose personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. We do not engage in direct marketing.
Categories of data we hold
Examples of the type of personal information we may hold on you:
- Name, address, telephone number, e-mail
- Proof of identity (passport/ driver’s license)
- Proof of address (utility bill)
- PPSN, P60, Bank account details
- Employment details
Legal grounds for processing personal data
The legal grounds on which we collect personal data are as follows:
- We have your explicit agreement to use data provided by you to carry out specific duties
- In order to discharge the services agreed under the terms of our engagement letter
- Compliance with legal obligations
- Requirement to retain records
- To prevent fraud
Protecting your data
We will put in place and maintain adequate physical, procedural and electronic safeguards to maintain the integrity and confidentiality of the data stored by us and will take reasonable steps to ensure that safeguards of an adequate standard are put in place by any third party engaged by us to store this data.
Retention of data
We are required by legislation to retain all books and records for a period of seven years once we have ceased to act for you. After that time all documents, papers and records may be destroyed without reference to you, unless you request the information be returned to you.
Information may be held for longer if there is a legal obligation to do so.
Under the current legislation you have the following rights in relation to the data we hold on you:
- Right to access your personal data
- Right to amend or remove your details
- Right to know what data is being held
- Right to object to the processing of your data
- Right to receive information regarding entities to whom we disclose information
- Right to lodge a complaint with the Data Protection Commissioner
Please see below for contact details should you wish to access any of the rights set out above.
Data Transfers outside the EU/ EEA
Under GDPR data may be transferred to countries outside the European Economic Area (EEA) where an ‘adequate’ level of protection for personal data is deemed to exist. The European Commission is the only body that can decide which countries are considered ‘adequate’. A transfer to an adequate country does not require prior approval from a supervisory authority.
If the European Commission deem a country to be ‘inadequate’, international data transfers may only take place where organizations have taken appropriate safeguards for the protection of personal data. This is to ensure that the level of protection offered by the GDPR is not undermined. Should Copsey Murray transfer data to such a country, it will comply with all relevant safeguards.
If you have any questions regarding this statement or you wish to discuss your data, you can contact Copsey Murray’s Data Protection Representative at firstname.lastname@example.org or by writing to:
Tim O’Keeffe, Copsey Murray, Chartered Accountants, 5 Pembroke Row, Dublin
Irish Data Protection Commissioner
Further information on your data privacy rights is available on the website of the Irish data protection commissioner (www.dataprivacy.ie).