You can find our privacy policy below

Privacy Notice

 Complete Office Support Bookkeeping Ltd  T/A COS Bookkeeping

This Privacy Statement sets out the data processing practices carried out by COS Bookkeeping. We retain and use personal data (information that relates to and identifies living people) to help us carry out our role and this Notice outlines the data protection policies and procedures we have adopted and to which we abide to ensure we are UK GDPR compliant.  The purpose of this Notice and any other documents referred to in it, is to clearly list and identify the legal requirements, procedures and rights which must be established when we obtain, process, transfer and/or store your personal data. This Notice will assist you in understanding the obligations, responsibilities and rights which arise from the Data Protection Laws.

Our Contact Details

COS Bookkeeping

Suite 3, 

Stanley House, 

19 – 23 Crofts Bank Road, 

Urmston, 

Manchester 

M41 0TZ.

Phone Number: 0161 850 3355

E-mail:karen@cosbookkeeping.co.uk

We are registered with the ICO.  Our registration number is ZA082087.

Types of Information we collect

We may collect and process the following information:

  • Personal details, contact details and preferences, family details, date of birth.
  • Images captured at events.
  • Details of any support received.
  • Records of discussions with members of staff.
  • Location Data, Email Address, Cookies arising from use of our website.
  • Character Traits, Educational/Biographical Information, Welfare, NI Number , Tax Information, Disclosure and Barring Service checks, declarations of interests and Photographs (for staff and customers). 
  • Files, messages, documents that our staff produce.
  • Records of staff use of our IT systems.

COS Bookkeeping also process the following special categories of data:

  • Racial/Ethnicity, Sexual Orientation, Health, Criminal records (if disclosed)). 
  • Staff Sickness. 
You can find out more about our use of Cookies here.

How we get your personal information and why we have it

We will only collect and process your Personal Data as required to fulfil the specific purpose/s of our contract and agreements with you in our role as your Bookkeeper or.  Most of the personal information that we process is provided to us directly by you for one of the following reasons:

  • We receive directly from you (for example, by you completing forms, sending us papers or from you corresponding with us by mail, phone, email or otherwise) in order that we can carry out our Bookkeeping role.
  • We receive it from another source such as your accountant or employer. 
  • You have visited our website.
  • You are a member of our staff or applied to work for us

We also receive personal information indirectly from the following sources:

  • Family Members.
  • Our IT and HR providers.
  • HMRC

Should we deem it necessary to process your Personal Data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first, to inform you of those purposes and our intent and may also apply for your consent.

We use the information that you have given us in accordance with your instructions and as is reasonably necessary:

  • to fulfil our contractual obligations and responsibilities to you;
  • to provide, maintain and improve our bookkeeping services;
  • to respond to your requests, queries and problems; 
  • to inform you about any changes to our services and related notices, such as security and fraud notices.

If we intend to use your personal data for the advertising and marketing of our services and/or the services of our affiliates, we shall seek your separate express consent and you are entitled to opt out of these services at any time.

Sharing your information 

In the course of us fulfilling our role as your bookkeeper it will be necessary for us to disclose your Personal Data in certain situations: 

  • In our role as your bookkeeper we may need to share your Personal Data with certain bodies to fulfil our contract with you such as your suppliers, contractors and subcontractors, HMRC, ICB and other governmental, regulatory bodies.
  • We use the following various software providers to process electronic data, including personal data for example Xero, Quickbooks Online, Sage Business Cloud, Sage 50, Zoho Books, Chaser, Dext, Fluidly, Futrli, ApprovalMax. These providers state that it is UK GDPR compliant and/or applies equivalent/adequate safeguards. Their privacy notices can be found on their respective websites.  
  • We use secure external servers to process/store our electronic records, including your Personal Data which are maintained by Google.
  • There may also be situations in which it is necessary for us to disclose your Personal Data to other third parties, which include but are not limited to: HMRC, your appointed accountant, National Crime Agency, the Institute of Certified Bookkeepers.
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, lawful requests, court orders and legal process.
  • To enforce or apply any contract or other agreement with you.
  • To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption.  We have appropriate physical, electronic, and managerial procedures in place to safeguard and secure the information you provide to us.  Only authorised employees and contractors under strict controls will have access to your personal information on our IT systems and to physical copies of personal data that we hold.  Where appropriate we ensure that a Data Processing Agreement is in place.

Our Lawful Basis

Under the UK General Data Protection Regulation(UK GDPR), the lawful bases we rely on for processing this information are:

  • We have a contractual obligation.
  • We have a legal obligation.
  • We have a vital interest.
  • We have a legitimate interest.
  • We have your consent.  You are able to withdraw your consent at any time by contacting karen@cosbookkeeping.co.uk or calling 0161 850 3355.

How we store your information

Your information is securely stored in our office location and in our cloud storage.  Our security procedures which include, but are not limited to:

  • Secure lockable desks and cupboards. 
  • Paper documents containing Personal Data are shredded and digital storage devices shall be physically destroyed when they are no longer required.
  • Data Users are appropriately trained and supervised in accordance with this Notice which include requirements that computer monitors do not show confidential information to passers-by and that Data Users log off from or lock their PC/electronic device when it is left unattended.
  • Our computers have appropriate password security, boundary firewalls and effective anti-malware defences.  
  • We routinely back-up electronic information to assist in restoring information in the event of disaster and our software is kept up-to-date with the latest security patches.
  • One or all of the following measures shall be applied to the personal data held; separating the personal data and/or pseudonymisation and/or the encoding of the data.

We shall take appropriate security measures against unlawful and/or unauthorised processing of personal data, and against the accidental loss of, or damage to, your Personal Data.

Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your Personal Data from the point of collection to the point of destruction. 

Personal data is deleted or securely destroyed at the end of its retention period.  You can ask our Privacy Manager or Karen Garrattley for a copy of our retention and disposal schedule.

Your rights

Under data protection law, you have the following rights:

  • Your right of access – You have the right to ask us for copies of your personal information. 
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. 
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Contact Us

If you wish to make a request please contact us at:

Suite 3, 

Stanley House, 

19 – 23 Crofts Bank Road, 

Urmston, 

Manchester 

M41 0TZ

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us please contact Karen Garrattley (karen@cosbookkeeping.co.uk).

If, at the conclusion of our complaints procedure you do not feel that we have adequately dealt with your complaint you can also complain to the ICO if you are unhappy with how we have used your data.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Transferring the Personal Data out of the EEA (for non-uk client only)

We shall only transfer any Personal Data we hold to a country outside the European Economic Area (“EEA”), if one of the following conditions applies:

  • The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms.
  • You have given your consent that your Personal Data is transferred. 
  • The transfer is necessary for one of the reasons set out in the Enactments, including the performance of a contract between you and us, or to protect your vital interests.
  • The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
  • The transfer is authorised by the ICO and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.

The Personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those Data Users may be engaged in, among other things, the fulfilment of contracts with you, such as the processing of payment details and/or the provision of support services.