ND Audit & Advisory Limited is committed to respecting and protecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of ND Audit & Advisory Limited in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- ND Audit & Advisory Limited
- Contact details of ND Audit & Advisory Limited whose business address is 42 Grattan Street, Portlaoise, Co. Laois
- Tel: +353 57 866 6075
- When we refer to ‘we’ it is ND Audit & Advisory Limited
Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
We are a limited company registered in Ireland (CRO number 689682) and operating since 2021. We offer a full range of accountancy practice services, including Audit, Taxation and Advisory services for our clients.
Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:
- Noel Delaney, Managing Director, ND Audit & Advisory Limited
- +353 57 866 6075
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
This version was last updated on 22nd May 2018. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Purpose for processing your data
- When using our contact form(s) you will be asked to enter information such as your name and contact details. We use these details to assess your request and may use these to contact you for further information or answer your request. When using our contact form the information you submit is stored in our website database (encrypted) as a back-up for a period of 15 days after which it is deleted automatically. The original enquiry is sent to our offices by email and falls under our emails retention policy.
- Should you request a quote, your details will be added and stored in our CRM. It will be deleted after a retention period of 6 months once we receive an answer from you.
- Client’s details will be stored in our CRM for the purpose of liaising with you and will be stored for as long as you are a client with us. If you leave us your details will be deleted within 6 months of being notified by you that you no longer wish to use our services. By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being clients for tax purposes.
- We have taken extra steps to insure the data you provide us with is dealt with in a safe manner:
- Our site is hosted on SSL (secure socket layer) which means communications between the site and server are fully encrypted (for instance when you submit a contact form)
- Emails sent to us by our site are sent via TLS (Transport Layer Security)
- Statistics: we use statistics on the website which provide us with essential information such as the most visited pages, where users are coming from (search engines, links etc.). These are set up to NOT track your full IP address and therefore do not collect personal information.
Please note that:
Our website is hosted in Ireland
Our CRM is hosted in Ireland
Our emails are hosted by Microsoft Office 365 within Ireland
Why are we processing your data? Our legal basis
In order for us to provide you with quotations for the purposes of general enquiries, ND Audit & Advisory Limited We will only use your personal data when the law allows us to. Most commonly, we will use your data:
- where it is necessary for our legitimate interests (or those of a third party) and where your interests and fundamental rights do not override those interests,
- where we need to comply with a legal or regulatory obligation,
- where it is necessary for the purpose of entering into a contract with you.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. Where you have given your consent to receiving marketing communications you have the right to withdraw consent to receiving them at any time by unsubscribing or contacting us (here) link to contact us form or email
In any event, ND Audit & Advisory Limited are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will ND Audit & Advisory Limited use the personal data it collects about me?
ND Audit & Advisory Limited will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
- We may use your Technical Data to administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. Such use would be necessary for our legitimate interests (for running our business, provision of administration and IT services, to prevent fraud and in the context of a business reorganisation exercise), and to comply with a legal obligation.
- We may use your Usage Data and Technical Data to deliver relevant website content to you and measure or understand the effectiveness of the content. Such use would be necessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform market strategy).
- We may use your Usage Data and Technical Data to use data analytics to improve our website, services, marketing, client relationships and experiences. Such use would be necessary for our legitimate interests (to define types of clients for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
- We use the information you have provided in our contact form to communicate with you in relation to our services. Such use is necessary for our legitimate interests or necessary for the purpose of entering into a contract with you.
- Where you have given consent, we use the information you have provided in our contact form to send to you direct marketing materials, which provide information about our services and offers.
We do not share your personal data with any third-party company for their marketing purposes. We may send your data to third-party processors who assist us with our own marketing. If you have given us your consent to send to you direct marketing materials, you can ask us to stop sending them to you at any time by using the unsubscribe link on the marketing message or by contacting us or email firstname.lastname@example.org
Special categories of personal data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Who are we sharing your data with?
We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above:
- External Third Parties as set out below.
- Third Parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may pass your personal data on to third-party service providers contracted toND Audit & Advisory Limited in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with ND Audit & Advisory Limited procedures.
If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.
The third parties that we pass your personal data to are:
- Service providers acting as processors based in the ROI and/or UK who provide IT and system administration services.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in the ROI and/or UK who provide consultancy, banking, legal, insurance and accounting services.
- Tax, regulators and other authorities acting as processors based in the ROI and/or UK who require reporting of processing activities in certain circumstances.
We have issued all our third party processors with a Data Processor checklist asking them GDPR specific questions
If we transfer personal data to a third party or outside the EU we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
Data subject rights:
ND Audit & Advisory Limited facilitates you, our clients, rights in line with our data protection policy and the subject access request procedure. This is available on request.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply to have a right to restrict the processing.
- Right of portability: you have the right to have the data we hold about you transferred to another organisation.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that ND Audit & Advisory Limited refuses your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded should there be a third party involved as we have indicated in the processing of your personal data.
Additional information we are providing you with to ensure we are transparent and fair with our processing
Retention of your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being clients for tax purposes.
In the event that you wish to make a complaint about how your personal data is being processed by ND Audit & Advisory Limited or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and ND Audit & Advisory Limited data protection representatives Data Protection Officer / GDPR Owner
Failure to provide further information
If we are collecting your data for a contract and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data.
If we have received your personal data from another source we will endeavour to share with you:
- one month of obtaining the personal data, in accordance with the specific circumstances of the processing;
- at the first instance of communicating in circumstances where the personal data is used to communicate with the data subject;
- when personal data is first disclosed in circumstances where the personal data is disclosed to another recipient.
Your privacy is important to us. If you have any queries, questions or comments regarding this Statement, please do not hesitate to contact us.