Business Optics Solutions Ltd (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. Personal data is any data relating to an identified or identifiable living person.
This privacy statement governs why and how we collect and use personal data in the course of our business. This privacy statement also provides information about individuals’ rights. It applies to personal data provided to us, by individuals themselves and by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. We process personal data for various purposes. The means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out below.
Personal data is provided directly by the individual concerned, by a third party, or obtained from publicly available sources. Where we receive personal data that relates to an individual from a third party, we request that the third party informs the individual of the necessary information regarding the use of their data. Our clients may refer data subjects to this privacy statement.
Security
We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review our measures with the objective of ensuring their continuing effectiveness.
All information you provide to us is stored on our secure servers. Where you have a password which enables you to access our portal, you are responsible for keeping this password confidential. Please do not reveal the password to anyone.
The transmission of information over the internet is not necessarily secure. We will do our best to protect your personal data, however, we cannot guarantee the security of data that you send to our website or which you email to us; any data that you send is at your own risk. Once we receive information from you, we will use strict procedures and security features designed to prevent unauthorised access to your data.
How we use your data
This privacy policy tells you what to expect when Business Optics Solutions Ltd collects personal information. It applies to information we collect in connection with/relating to:
Client services
The data we hold
The data that is processed is dependent on the service that is being provided and on the recipient of the service.
Services to businesses and other organisations
We process the personal data of our clients and individuals connected with our clients. Personal data may include any relevant financial or non-financial information necessary for us to provide our services. The data we hold may include contact details, payroll data, employee information, details of shareholders, customers and suppliers along with other relevant data.
Services to individuals and trusts
Personal data may include contact details, Unique tax reference, NI number, information relating to business activities, investments, other financial interests, employment and other income, and other relevant data.
Why the data is processed
Where data is collected for client services, it is used in a number of ways. Data is processed in accordance with a letter of engagement between us and our client. We provide a range of professional services to our clients, which include:
Professional services
We provide a wide range of services, including audit, tax, advisory and outsourcing services. We may have to process personal data in order to perform our services and/or to advise our clients.
Administration
In order to manage and administer our business and services, we may collect and process personal data.
Regulatory
As a regulated firm, Business Optics Solutions Ltd is subject to various legal, regulatory and professional obligations that may require us to collect and process personal data. This may include (but is not limited to) the verification of identity of individuals.
How long the data is retained for
We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected or as required by applicable law or regulation (typically 6 years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our clients.
Personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
Business contacts
The data we hold
The data we hold relating to business contacts includes such items as: name, employer, business address, phone numbers, email address and other business contact information.
Why the data is processed
Where personal data on business contacts is held, it is used for a number of purposes, such as:
- To manage, administer and develop our business.
- Relationship management.
- To promote and develop our services.
- Communication of technical updates.
- Hosting and facilitating events.
How long the data is retained
We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected.
Suppliers
The data we hold
We collect personal data including names, address, contact details and bank details in relation to our suppliers.
Why the data is processed
Personal data relating to suppliers is used to manage the contract between us and the supplier.
How long the data is retained
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights.
Our employees (past and present)
We collect personal data from our employees as part of the administration and management of our business.
Our staff handbook explains what data we hold, how we process it and our data retention policy.
Job applicants
The data we hold
The data we hold relating to job applicants includes data provided in CVs, on application forms and in references provided by third parties.
Why the data is processed
All of the information obtained relating to applicants during the application process is only used for the purpose of progressing the application, or to fulfil legal or regulatory requirements as necessary.
How long the data is retained
Personal data collected in relation to applicants is held for as long as necessary in order to fulfil the purposes for which it was collected, or for a maximum of two years where those purposes are no longer necessary.
Visitors to our website
The data we hold
The data that we hold depends on what data was entered and for what purpose. Personal data entered so as to engage with the functionality of our website, may include:
- Name.
- Organisation name.
- Address.
- E-mail address and phone number.
- A personal description of the individual and/or their business.
- The individual’s photograph.
- Information publicly available on the internet such as from LinkedIn, Twitter, Facebook and Google.
In instances where data is collected automatically, for example information about your computer and visits to the website, this may include technical information such as:
- The Internet protocol (IP) address used to connect an individual’s computer to the internet.
- Geographical location.
- Login information.
- Browser type and version.
- Browser plug-in types and versions.
- Time zone settings.
- Operating system and platform.
Other data collected about an individual’s visit will include:
- The full Uniform Resource Locators (URL) through to and from our website (which will incorporate the date and time).
- The pages searched for and viewed.
- Page response times.
- Download errors.
- The duration of visits to certain pages.
- Page interaction information (such as scrolling, clicks, and mouse-overs).
- Methods used to browse away from the page.
- Any phone number used to call our switchboard.
This website is not intended for or targeted at children under the age of 13. We do not knowingly collect information about children under this age. If you believe we have collected information about a child under 13 then please contact us using the contact details stated in this policy so that we may delete this information.
Our website uses cookies to distinguish individuals from one another. This helps us to provide a more personal experience when individuals browse our website and also allows us to improve our website. For information on why we use cookies and for what purpose, please refer to our cookie policy.
Why the data is processed
There are a number of reasons why we will process the personal data that an individual may provide to us when visiting our website. Examples of these include:
Administration
To improve internal operations of the website for surveys, analysis of data, testing, troubleshooting and research. This data is to ensure the website is presented in a personalised manner where possible for individuals.
Functionality
To allow individuals to access some of the functionality of the website such as access to guides, certain personal data has to be entered for these features to work and documents to be accessed as intended.
Promote and develop offers
Some personal data may be used to measure and/or understand the effectiveness of advertising and communications we serve or send to individuals. This is to ensure that only relevant advertising and communications are presented to you.
Security
To ensure the website remains safe and secure, we may sometimes collect personal data, for instance login information and other data that can be used to vouch an individual’s identity.
Client testimonials and comments
We post client testimonials and comments on the website and this may contain personal information. We obtain each client’s consent via email prior to posting their name and testimonial quote.
How long the data is retained
We retain the personal data processed by us in a live environment for as long as is considered necessary in accordance with the purpose(s) for which it was collected. Typically this could be for up to 6 years in keeping with the relevant law and regulation.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards put in place should there be a need to continue to retain it.
Sharing personal data
We do not sell data to any third parties. We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties.
Personal data is only shared with third parties when we are legally permitted to do so.
We may provide personal data to (or share data with):
- Government and regulatory bodies to meet our legal, regulatory and professional obligations.
- Professional advisers to confirm our practices comply with industry regulations.
- Third party organisations that assist in the maintenance of our IT systems, analysing data and the provision of marketing assistance.
Where we share your data with such agents, we require explicitly that they acknowledge and adhere to our privacy policy and data handling policies.
Locations of processing
The personal data we collect is processed in the UK and European Economic Area (EEA) and is, therefore, protected by the UK an EEA data privacy laws. Should information be stored or processed outside of the EEA, we would put agreements in place with our third party suppliers to ensure the data is protected to an equivalent standard as would be required in the UK and EEA.
Your rights
Under the GDPR you have rights in relation to any of your personal data held by us as a data controller. Specifically these are:
- The right to be informed about the collection and use of your personal data.
- The right to access your personal data held by us as a data controller.
- The right to have inaccurate personal data rectified, or completed if it is incomplete.
- The right to request the restriction of processing your personal data.
- The right to data portability.
- The right to object to the processing of your personal data in certain circumstances.
- The right to request human intervention in any automated decision making.
- If you wish to exercise any of these rights, please email help@businessoptics.co.uk.
Where legally permitted we will notify clients if we receive a request from a data subject to exercise their rights under the General Data Protection Regulation (“GDPR”).
Complaints
Business Optics Solutions Ltd tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. If you want to make a complaint about the way we have processed your personal information, you can contact us by email or post at the addresses detailed below. We will look into and respond to this accordingly.
You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to ICO, please refer to the ICO website https://ico.org.uk/
Data Controller and contact information
Business Optics Solutions Ltd is registered as a data controller under registration number A8491430.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Business Optics Solutions Ltd
49 South Avenue
Abingdon
OX14 1QR
Email: help@businessoptics.co.uk
Phone: 079 213 58 317