The data protection clauses in our engagement with you have been amended to state (with any consequential changes to the numbering of clauses):
- When acting for you, we are a data controller in respect of any personal data you provide to us or to which we have access. This is because accountants and similar providers of professional services work under a range of professional obligations which oblige them to take responsibility for the personal data they process. For example, if we detect malpractice whilst performing our services we may, depending on its nature, be required under our regulatory obligations to report to relevant authorities. In doing so we would not be acting on your instructions but in accordance with our own professional obligations and therefore as a data controller in our own right.
- Where we and you are deemed in accordance with the data protection laws to be joint data controllers, you shall be liable for the personal data you process, and we shall only be liable for the personal data we process.
- You confirm that you have the right to supply personal data to us and you will not breach applicable data protection laws. Where you are providing personal data to us about a third party, for example a family member, a partner, a director (including a non-executive director), and/or any other type of member, business associate or third party, you confirm that you have their authority and express permission to provide us with their personal data.
- Neither of us will by our act or omission put the other in breach of the applicable data protection laws.
- Where we and you are joint data controllers, you should provide all relevant information to data subjects relating to the processing of their personal data (including the processing carried out by us) and to the exercise of their rights in relation to the processing of their personal data as required by the data protection laws in a written notice (“Fair Processing Notice”) and you will act as the contact point for the data subject.
- To enable us to discharge the services agreed under our engagement, and for other related purposes including updating and enhancing client records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance, we may obtain, use, process and disclose personal data about you or your entity, its officers and employees, as applicable. We confirm when processing data on your behalf we will comply with the relevant provisions of the applicable data protection laws.
Where we act as a data processor in relation to your personal data, we will:
- Process personal data:
- for the purpose of performing our services and obligations to you; and
- for such other purposes as may be instructed by or agreed with you as otherwise notified in writing from time to time; and
- in accordance with the applicable data protection laws;
- We will tell you if, in our opinion, your instructions may breach the applicable data protection laws.