Your information, how we use it & your rights.
AAB People is committed to protecting your personal information.
How the law protects you
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside of AAB People. The reasons we collect and use your data are:
- To fulfil our contract to provide services to you or the data controller.
- When you consent to it – when you agree for us to contact you to advise you of events, or products and services from us or other organisations.
- When we have a legal duty – to obey laws and regulations that apply to us.
- When it’s in the legitimate interest of the firm or of a third party – to run our business in an efficient and proper way.
What information do we collect about you?
We collect personal data as is required to fulfil our contract with you when you sign an engagement letter or request advice, products or services and, if you agree consent, to email you about other products and services we think may be of interest to you.
Information we may collect includes:
- Contact details – names, addresses, phone numbers, email addresses
- Financial details – employment details, bank details
- Data classified as ‘sensitive’ personal information e.g. relating to your health, marital or civil partnership status. This information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations
- Open data and public records
- Documentary data – passport, drivers licence
- Information on children e.g. where a child is named as a beneficiary for Inheritance Tax planning or on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender)
- Information that is automatically collected e.g. via cookies when you visit one of our websites
- If you visit one of our offices e.g. visual images collected via closed circuit television (CCTV)
We also collect personal data as is required if you have completed an application to join one of AAB Group entities.
Information we may collect include, information from above section as well as:
- Your name, address, contact details, including email address and telephone number, date of birth and gender / preferred title
- Details of your qualifications, skill, professional memberships, experience and employment history
- Information about your remuneration.
How do we collect information from you?
Information may be obtained from you face to face, through e-mail or telephone calls, from data controllers, from public information sources such as Companies House, or completion of online documentation. As the information is required to enable us to provide our services if you opt not to provide it we may not be able to continue to provide services to you.
We also collect information when you voluntarily complete customer surveys or provide feedback.
How do we look after your information?
We limit the amount of personal data collected to what is required to fulfil our obligations to you.
We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction: whether physical or electronic.
We will keep your personal information while you are a client or as long as required to meet our legal or regulatory obligations. We may keep it longer if we cannot delete it for legal, regulatory or technical reasons.
With your assistance we try to maintain the accuracy of your personal data.
How will we use the information about you?
We will collect and use your information only where:
- It’s necessary to provide the service or product you have requested i.e. to fulfil the Terms of our Engagement with you
- We have obtained permission from yourself (consent) e.g. when you agree for us to contact you to advise you of events, or general communication including blogs and industry insights, or to pass on your personal information to our group of companies so that they may offer you their products and services or from the data controller for meeting our contracted requirement with them e.g., payroll services, HR services and whistleblowing services.
- It’s necessary for us to meet our legal or regulatory obligations – to obey laws and regulations that apply to us.
There may be situations where the information we require is a special category of personal data under the legislation. In this case we will explain why we need it and obtain your consent to obtain the data. This situation most commonly occurs where we are arranging life assurance products and need to obtain medical information from you.
We may share your data with these organisations but only for the reasons outlined in “How the law protects you”:
- Companies we, or you, have chosen to support us in the delivery of products and services we offer
- Our Regulators and Supervisory Authorities
- Law enforcement for the prevention and detection of crime
We periodically check that these third parties have appropriate safeguards in place to protect your data and that they are compliant with Data Protection Regulations.
Keeping you involved & informed
We would like to send you information about our events or general communication including blogs and industry insights, which may be of interest to you. If you have consented to receive these communications, you may opt out any time by clicking the unsubscribe link at the bottom of any email.
You have a right at any time to stop us from contacting you for these purposes or giving your information to other affiliated entities.
Website Visits - how we use this data
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
Access to your information & correction
The accuracy of your information is important to us and we will update the information as appropriate. If you change your contact information please notify us and we will update our records.
You have a number of specific rights, these are summarised below:
- Access – You may ask for a copy of the information we hold about you and we will provide this within one month of receipt free of charge (we may charge a fee for subsequent or duplicate requests).
- Rectification – You may ask us to correct any information that we hold that is inaccurate or incomplete.
- Erasure – You may ask us to delete or cease processing data in certain situations. Please note that we will have regulatory obligations to retain information for certain time periods and we will retain such information as we believe is necessary to fulfil these obligations.
- Restrict processing – You may ask us to cease processing information. This means that we will be able to retain it but no longer act upon it. In the event that you no longer need our services and terminate them we will automatically cease processing information.
- Portability – You may have the right to have your data transferred to another service provider in an appropriate electronic format. Please note that we will have regulatory obligations to retain copies of the information as outlined previously.
- Objection – You may have the right to object to us processing information or using it for marketing purposes.
This is a brief summary of your rights and there may be restrictions on some of them. If you wish to explore any of these rights at any time please contact us on the addresses below and we will be pleased to assist you.
Transferring your information outside of the United Kingdom
The majority of your information is processed in the UK. However, as part of the services offered to you, some of your information may be transferred to countries outside the UK.
Where your information is being processed outside of the UK we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. We will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
If you use our services while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.
How to contact us
Prime Four Business Park
Alternatively you can email email@example.com
You also have the right to complain to the Information Commissioners Office. You can do this:
- via their website https://ico.org.uk/concerns
- In writing to
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
AAB is a trading style of Anderson Anderson & Brown LLP.
The Registered Office of Anderson Anderson & Brown LLP is:
Prime Four Business Park
We are registered in Scotland, No: SO301668
Our VAT Registration No is: 552 9487 08
Anderson Anderson & Brown LLP is registered with the Institute of Chartered Accountants of Scotland (ICAS) – Firm No. 1464
Audit Registration – our audit service is provided by Anderson Anderson & Brown Audit LLP (SO306316), a firm registered with ICAS – Firm No. 4272
Details about our audit registration can be viewed at www.auditregister.org.uk