Our General Data Protection Regulation Policy

DATA PRIVACY NOTICE

We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

Charles Hamer French Tax Services Ltd collects, uses and is responsible for certain personal data about you. When we do so we are required to comply with data protection regulation and we are responsible as a data controller of that personal data for the purposes of those laws.

When we mention "Charles Hamer”, “CHFTS”, "we", "us" or "our" we are referring to Charles Hamer French Tax Services Ltd

Charles Hamer French Tax Services is a UK Limited Company whose registered office is at 4 Flint Street, Haddenham, Buckinghamshire, HP17 8AL.

We provide you with French and UK tax administration and consultation services as well as French residency planning services.

The personal data we collect and use

In the course of providing our service to you we may collect the following personal data when you provide it to us:

contact information
identity information
financial information
employment status
lifestyle information
health information
data about criminal convictions or offences
details of any vulnerability
details of your dependents and/or beneficiaries under a policy (If you are providing information about another person we expect you to ensure that they know you are doing so and are content with their information being provided to us. You might find it helpful to show them this privacy notice and if they have any concerns please contact us in one of the ways described below.)
Investment, savings, liabilities, property ownership details
Information about the intentions for devolution of your estate

Information collected from other sources

We also obtain personal data from other sources in the course of providing our intermediary services. Where we obtain this information from another party it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing information with us.

The personal data we obtain from other sources may include the following:

From lenders and/or product providers:
- product details
From identification and verification checking agencies:
- identity information
- sanction check information
From Credit Reference Agencies
- Payment default event information

How we use your personal data

This privacy policy tells you what to expect when Wellers collects personal information. It applies to information we collect in connection with/relating to:

Client services

Visitors to our website

Marketing

Business contacts

Suppliers

Our employees

Job applicants

Client services

The data we hold

The data that is processed is dependent on the service that is being provided and on the recipient of the service.

Services to businesses and other organisations
We process the personal data of our clients and individuals connected with our clients. Personal data may include any relevant financial or non-financial information necessary for us to provide our services. The data we hold may include contact details, payroll data, employee information, details of shareholders, customers and suppliers along with other relevant data.
Services to individuals and trusts
Personal data may include contact details, tax resident status, domicile, civil status, number of people in household, Unique tax reference, NI number, information relating to business activities, investments, other financial interests, employment status and other income, and other relevant data.

Why the data is processed

Where data is collected for client services, it is used in a number of ways. Data is processed in accordance with a letter of engagement between us and our client. We provide a range of professional services to our clients, which include:

Professional services
We provide a wide range of services, including audit, tax, advisory and outsourcing services. We may have to process personal data in order to perform our services and/or to advise our clients.
Administration
In order to manage and administer our business and services, we may collect and process personal data.
Regulatory
CHFTS is subject to various legal, regulatory and professional obligations that may require us to collect and process personal data. This may include (but is not limited to) the verification of identity of individuals.

Third party recipients linked to our Client Services.

The data collected for clients services may, depending on the nature of the activity for which we have been engaged, may be shared with one or more third party, notably including:

HMRC

One or more offices of the French tax administration

Tribunaux Administratifs

The Greffe du Tribunal de Commerce

The Régistre de Commerce et des Sociétés

The Registre des Métiers

Insée

URSSAF and other collectors of French National Insurance contributions and managers of French national Insurance benefits

CPAM (Caisse Primaire d’Assurance Medicale)

Les Journaux Officiels

UK accountant, solicitor or financial adviser

French accountant, notaire, avocat or financial adviser

Currency brokers

Private medical insurance brokers

Fund Platforms,

Life Assurance Companies,

OEIC administrators,

Unit Trust company administrators,

Investment Trust Companies,

SICAVS

FCPs

Deposit takers

Pension providers

How long the data is retained for

We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected or as required by applicable law or regulation (typically 7 years). We may keep data for longer in order to establish, exercise or defend our legal rights and the legal rights of our clients or because retention of the data is necessary to enable us to carry out future services, notably in matters of tax administration.

Personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.

Whether information has to be provided by you, and if so why

We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases you must provide your personal data in order for us to provide you with the service for which you engaged us.

Special category data

Certain types of personal data are considered more sensitive and so are subject to additional levels of protection under data protection legislation. These are known as ‘special categories of data’ and include data concerning your health, racial or ethnic origin, genetic data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.

We may process:

[criminal] conviction or offence information when providing administrative services connected to the registration of a business in France or in the application for a carte de séjour.
health (including persistent medical conditions and family medical history) and lifestyle ( alcohol consumption, health, retirement age and exercise habits) information when introducing you to a French private medical insurance broker in the course of preparation of an application for a carte de séjour

In addition to the lawful basis for processing this information, we will be processing it for the establishment, exercise or defence of legal claims.

In the course of our activities relating to the prevention, detection and investigation of financial crime, we may process criminal conviction or offence information. Where we do so, in addition to the lawful basis for processing this information set out in the above table, we will be processing it for the purpose of compliance with regulatory requirements relating to unlawful acts and dishonesty.

Marketing

We may use personal data we hold about you to help us identify, tailor and provide you with details of products and services from us that may be of interest to you. We will only do so where we have obtained your consent to do this and will do so in accordance with any marketing preferences you have provided to us.

In addition, where you provided your consent, we may provide you with details of products and services of third parties where they may be of interest to you.

You can opt out of receiving marketing at any time. If you wish to amend your marketing preferences please contact us:

By phone: 01844 218956

By email: info@charleshamer.co.uk

By Post: Attn Alice Dimier, Charles Hamer, 87 Park Street, Thame, Oxfordshire, OX9 3HX

In addition, you can opt out of receiving marketing at any time by clicking the 'unsubscribe' link at the bottom of every email.

Visitors to our website

The data we hold

The data that we hold depends on what data was entered and for what purpose. Personal data entered so as to engage with the functionality of our website, may include:

Name.
Organisation name.
Address.
E-mail address and phone number.
A personal description of the individual and/or their business.
The individual’s photograph.
Information publicly available on the internet such as from LinkedIn, Twitter, Facebook and Google.

In instances where data is collected automatically, for example information about your computer and visits to the website, this may include technical information such as:

The Internet protocol (IP) address used to connect an individual’s computer to the internet.
Geographical location.
Login information.
Browser type and version.
Browser plug-in types and versions.
Time zone settings.
Operating system and platform.

Other data collected about an individual’s visit will include:

The full Uniform Resource Locators (URL) through to and from our website (which will incorporate the date and time).
The pages searched for and viewed.
Page response times.
Download errors.
The duration of visits to certain pages.
Page interaction information (such as scrolling, clicks, and mouse-overs).
Methods used to browse away from the page.
Any phone number used to call our switchboard.

This website is not intended for or targeted at minors. We do not knowingly collect information about children under this age. If you believe we have collected information about a minor then please contact us using the contact details stated in this policy so that we may delete this information.

Business contacts

The data we hold

The data we hold relating to business contacts includes such items as: name, employer, business address, phone numbers, email address and other business contact information.

Why the data is processed

Where personal data on business contacts is held, it is used for a number of purposes, such as:

To manage, administer and develop our business.
Relationship management.
To promote and develop our services.
Communication of technical updates.
Hosting and facilitating events.

How long the data is retained

We retain the personal data processed by us for as long as is considered necessary for the purposes for which it was collected.

Suppliers

The data we hold

We collect personal data including names, address, contact details and bank details in relation to our suppliers.

Why the data is processed

Personal data relating to suppliers is used to manage the contract between us and the supplier.

How long the data is retained

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights.

Our employees (past and present)

We collect personal data from our employees as part of the administration and management of our business.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Data may be held for longer periods where required by law or regulation and in order to establish, exercise or defend our legal rights.

Job applicants

The data we hold

The data we hold relating to job applicants includes data provided in CVs, on application forms and in references provided by third parties.

Why the data is processed

All of the information obtained relating to applicants during the application process is only used for the purpose of progressing the application, or to fulfil legal or regulatory requirements as necessary.

How long the data is retained

Personal data collected in relation to applicants is held for as long as necessary in order to fulfil the purposes for which it was collected, or for a maximum of two years where those purposes are no longer necessary.

Transfer of your information out of the EEA

We will not transfer your personal data outside of the European Economic Area or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Your rights

You have legal rights under data protection regulation in relation to your personal data. These are set out under the below headings:

To access personal data
To correct / erase personal data
To restrict how we use personal data
To object to how we use personal data
To ask us to transfer personal data to another organisation
To object to automated decisions
To find out more about how we use personal data

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change your details where we know we are dealing with the right individual.

We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

To access personal data

You can ask us to confirm whether or not we have and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.

To rectify / erase personal data

You can ask that we rectify any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first.

You can ask that we erase your personal data if you think we no longer need to use it for the purpose we collected it from you.

You can also ask that we erase your personal data if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal data.

We may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.

To restrict our use of personal data

You can ask that we restrict our use of your personal data in certain circumstances, for example

where you think the information is inaccurate and we need to verify it;
where our use of your personal data is not lawful but you do not want us to erase it;
where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
where you have objected to our use of your personal data but we still need to verify if we have overriding grounds to use it.

We can continue to use your personal data following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

To object to use of personal data

You can object to any use of your personal data which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal data if we can demonstrate that we have compelling legitimate interests to use the information.

To request a transfer of personal data

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).

You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.

To contest decisions based on automatic decision making

If we made a decision about you based solely by automated means (i.e. with no human intervention), and the decision made by us produces a legal effect concerning you, or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision making processes to protect your rights and freedoms.

You can contact us for more information

If you are not satisfied with the level of information provided in this privacy notice, you can ask us about what personal data we have about you, what we use your information for, who we disclose your information to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any automated decision making using your personal data.

If you would like to exercise any of the above rights, please:

email or write to our Data Protection Officer at at info@charleshamer.co.uk or Charles Hamer French Tax Services Ltd Services, 87 Park Street, Thame, Oxfordshire, OX9 3HX;
let us have enough information to identify you, e.g. name, address, date of birth;
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
let us know the information to which your request relates.

Keeping your personal data secure

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Our supervisory authority

If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the Information Commissioners Office. It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk).

We ask that you please attempt to resolve any issues with us before the ICO.

How to contact us

Please contact our Data Protection Officer if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact our Data Protection Officer, please send an email to info@charleshamer.co.uk or write to Charles Hamer French Tax Services Ltd, 87 Park Street, Thame, Oxfordshire, OX9 3HX.